Health and Wellness Informatics News

Former employee accused of patient’s health record snooping

Recently, a ransomware attack wiped out 1.4M patients’ vital information from the Georgia health system.

Ransomware attack endangered 1.4M information of patients on Georgia health system. St. Joseph’s/Candler have discovered a ransomware attack during early summer this year. The attack has led to the loss of records of about 1.4m patients.

A Georgia-based health system, The Savannah, has published about the happening in a notice recently. And because of this, its network was offline for several days.

The organization said that through an investigation by SJ/C’s, the incident led an unauthorized party to have access to the IT network of SJ/C between 18th December 2020 and 17th June 2021. The unauthorized party has performed a ransomware attack that made all the files inaccessible.

Based on a breach report made towards the U.S. Department of Health and Human Services’ Office of Civil Rights, the hack affected records of 1.4 million people.

The hack removed patients’ names along with their address, DOB, social security number, driver’s license number, billing account number, account number, health insurance plan member ID, financial information, medical record number, provider names, date of service, and information received from SJ/C.

For preventing this from taking place again, they have implemented safety measures. They are also continuing to adopt technical security and advanced safeguards to further protect and monitor their systems.

Meanwhile, in New York, in Queens, Long Island Jewish Forest Hills Hospital claimed that an unauthorized EHR access by their former employee made all the patient information public. However, this incident has affected 10,222 patients.

In 2020, the hospital said that a subpoena issued to them asked for documents for investigating a “no-fault” motor vehicle accident insurance scheme. Later, the hospital realized that a former worker referenced in the subpoena accessed EHRs improperly.

Accord to the hospital, “Finally, the Compliance Department conducts audits of medical record access to minimize the risk of such incidents occurring in the future”.