Among the trail of PHI data breach incidents through hacked email accounts, two more incidents also occured in the previous week. However, in both cases, the sources were not related to hacked email accounts. Rather a laptop theft and accessible server that left patients data exposed to intruders.
HIV Patients Data Exposed By Nashville Metro Public Health Due To Open Server
Reported by Tennessean.com on July 11, 2018, Nashville Metro Public Health exposed confidential details of HIV patients on a leaky server. Any of the department’s employees could easily download the file from the server.
Metro Health officials discovered the breach around two months ago. They noticed the server containing these sensitive details was easily accessible. The data included extensive details of HIV and AIDS patients in Middle Tennessee. These details include names, addresses, dates of birth, social security numbers, as well as the private details of their lives.
The intention was only have three government scientists who should have access to the server. However, it remained open to the entire agency, consisting of around 500 employees.
This is certainly a serious data breach since the database includes patients details from 1983.
Metro Health believes no unauthorized access occurred. The file was maintained in SAS format, which was available to only eight employees. Moreover, the data file shows no change in the date of modification from the date it was kept on the server. Explaining about how the incident occurred, Brian Todd, Metro Health spokesperson, said,
“To our knowledge, only the employee who moved the file to the public folder inappropriately accessed the file, simply by moving it. Her intent was to provide access to an epidemiologist within the department to analyze the data, but that epidemiologist never opened the file. So the personal information in the database was, to our knowledge, never inappropriately accessed.”
This incident appears somewhat similar to the MedEvolve Data Breach that left 200,000 records exposed on a server.
RMCHS Suffered Medical Data Breach Due To Laptop Theft
On July 13, 2018, Rocky Mountain Health Care Services (RMHCS) disclosed a data breach that left patients data exposed to criminals. In their media release, RMHCS identified laptop theft as the reason for the breach.
“On May 15, 2018, RMHCS discovered that a laptop belonging to an employee, which may have contained limited protected health information, was stolen…. RMHCS has reported the theft to law enforcement and are cooperating with their investigation.”
After noticing the matter, RMHCS began sending emails to the affectees regarding the breach. Though they did not provide any precise count of affectees, HealthIT Security states that there would have been 1,087 affected individuals.