Deaconess Health System based in Indiana and Blue Earth County based in Minnesota have informed individuals who had their sensitive personal data has accessed by unauthorized employees.
Deaconess Health System Informs Female Patients About Unauthorized Medical Record Access by a Doctor
A doctor previously working at Deaconess Health System in Evansville, IN, was found to have viewed the health records of female patients with no permission.
On January 26, 2022, Deaconess Health System discovered unauthorized medical record access while doing a regular review of access logs. As per the law agency Ladendorf Law of Indianapolis, which chatted with six ladies who received notifications regarding the privacy breach from Deaconess Health System, the unauthorized at first happened not after June 2020.
Attorney Taylor Ivy said that all six women claimed the initial communication happened inside bars on the West Side of Indiana. The doctor had contacted them and began speaking with them and acquired details about them in the encounter. It seems that the doctor researched the women from the medical record system following the first encounter.
The law agency stated Deaconess Health System notified one woman that her health records were viewed by the doctor on eight instances from June 2020 to December 2021 for reasons that are non-work-related. The files included personal data, contact details, and her medical background. Deaconess Health System apologized with regard to the data breach and provided free online identity theft protection for A year. One of the women mentioned the doctor went to her workplace and gave her a written message.
Deaconess Health System stated that at the time of discovery of the breach, the doctor was already terminated. The occurrence is not yet reported on the HHS’ breach website at this time. Considering that the breach notification letter dated February 23, 2022 was published on Facebook by the law practice, it indicates the unauthorized access affected less than 500 files. The law practice is asking any individual who received a notification letter regarding the breach to get in touch with them because claims might be pursued.
Insider Breach Discovered at Blue Earth County Human Services Department
It was discovered that a worker of the Blue Earth County Human Services Department has accessed the private data of people without consent from June 5, 2020 to May 24, 2021. Upon discovery of the unauthorized access, the person was put on administrative leave awaiting the results of the investigation. The analysis of access records confirmed that the worker had viewed the personal data of 222 persons without permission. The accessed database included names, addresses, Social Security numbers, and medical backgrounds. After the investigation ended, the worker resigned from work.
Officers at Blue Earth County stated there was no proof that indicates the copying of any data from its systems or selling to third parties. It just seems to be a case of a worker snooping on the information.