Mercy Health Love County Hospital Breach Potentially Impacts 13,000 Patients’ PHI

Mercy Health Love County Hospital in Oklahoma had a data breach potentially impacting over 13,000 patients. On June 23, 2017, the hospital found out that an employee stole both laptop computer and paper documents from a hospital’s storage unit. As stated in the breach notice, the health records of 10 patients were obtained from the storage unit together with the laptop.

The Love County Sheriff’s Office first investigated the theft of PHI. It was reported that the previous employee utilized the stolen data to fraudulently get credit cards using the names of the patients. Another person also helped the thief do his fraudulent act.

Although Mercy Health had around 60 days to alert patients regarding breach following the HIPAA Rules, all ten patients had been informed right away. Mercy Health is working together with the Love County Sherriff’s Office, the U.S. Secret Service and the United States Postal Services in investigating the breach.

Mercy Health mentioned in its press release that no report had been received that suggest unauthorized persons viewed or acquired the information of the ten patients, Nevertheless  Mercy Health is updating the public regarding the incident. In addition, all patients affected by the breach were provided 12 months of credit monitoring and identity theft repair services for free.

Richard Barker, Mercy Health Love County Hospital and Clinic Administrator said that they were taking steps to safeguard all patient data to prevent similar incidents from occurring.”

Though it would seem that only the information of 10 patients were obtained, the report handed over to the Department of Health and Human Services’ Office for Civil Rights reveals that a total of 13,004 paper and film records were affected by the breach.

It is presently not clear whether the storage unit did have the PHI of 13,004 patients, but only 10 patients’ records were taken by the unauthorized person, or if there was another incident. Further information will be posted regarding this incident as soon as something becomes available.