Sunshine Behavioral Health Group Discovers PHI Exposed Over Internet

By February 11, 2020Whats HIPAA Today

Portland, OR-based Sunshine Behavioral Health Group, a provider of business services to healthcare providers, has discovered a cloud-based system used to store patient health records was accidentally misconfigured. The misconfiguration allowed patient information to be accessed over the internet.

The error was identified on September 4, 2019 and access controls were immediately implemented to prevent the records from being accessed by unauthorized individuals. Further actions were taken on November 14, 2019 to remove the records from general internet access.

On December 23, 2019, Sunshine Behavioral Health Group determined a folder in the cloud-based system contained information such as names, addresses, credit/debit card numbers, expiry dates, security codes, and electronic/digital signatures of individuals who had paid for healthcare services.

The exposed data related to payors for medical services received at Monarch Shores, Chapters Capistrano, Willow Springs Recovery, and Mountain Springs addition treatment and rehabilitation centers.

All individuals whose information was exposed have been offered complimentary membership to MyIDCare protection services for 24 months.

The incident has yet to appear on the HHS’ Office for Civil Rights breach portal so it is currently unclear how many individuals have been affected.

Thieves Stole Patient Information in Lake County Behavioral Health Burglary

Lake County Behavioral Health in Clearlake, CA, has announced it experienced a burglary on December 5, 2019 and thieves stole a locked filing cabinet containing client health information.

The stolen paperwork contained information such as patient names, contact telephone numbers, case numbers, medications, appointment dates and times, payments, and amounts due. One file contained a patient’s date of birth, Social Security number, medical history, disability status, substance use history, income verification information, and Medi-Cal ID number.

All patients whose information was stolen have been notified by mail and advised to register a fraud alert in case their information is misused. All remaining files have been relocated to a locked room in the heart of the facility, an alarm system has been fitted along with video surveillance with 24-hour monitoring. The break-in is being investigated by the Clearlake Police Department but no arrests have been made.

Jefferson Center for Mental Health Announces Potential Breach of PHI

Jefferson Center for Mental Health, a nonprofit provider of community-focused mental health care and substance use services in Colorado, experienced a burglary at its Independence Corner facility in Wheat Ridge on November 29, 2019.

The burglary was discovered on December 2, 2019 and the break-in was reported to law enforcement. No paperwork containing patient information was taken by the perpetrators, but it is possible that the personal and treatment information of 1,319 patients was viewed by the thieves.

Unauthorized data access is not suspected, but patients have been advised to monitor their accounts as a precaution. Jefferson Center for Mental Health is now taking steps to improve physical security at its offices.

The post Sunshine Behavioral Health Group Discovers PHI Exposed Over Internet appeared first on HIPAA Journal.

Refer Here for Original Post and Source https://www.hipaajournal.com/sunshine-behavioral-health-group-discovers-phi-exposed-over-internet/

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland