Bon Secours St. Francis Health System is informing patients that some of their protected health information (PHI) was potentially viewed or copied by unauthorized persons who attacked Milestone Family Medicine in Greenville, South Carolina.
Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019. On January 4, 2019, SFPS was made aware of a security breach at the Milestone Family Medicine and took action to protect its systems and prevent further unauthorized data access. SFPS investigated the incident with the help of a third-party computer forensics company and confirmed that the hackers accessed a server that contained the PHI of patients. Internet connections to Milestone Family Medicine systems which are not actively used have now been shut down.
The patient information that was possibly compromised included the following: Names, addresses, birth dates, medical insurance details, Social Security numbers, and data associated with the medical services received by patients. The breach only impacted patients who received healthcare services at Milestone Family Medicine in the past. SFPS is currently sending breach notification letters to affected persons and has offered them free credit monitoring and identity theft protection services. Although there’s a possibility of data theft, no reports have been received to suggest misuse of any patients’ PHI.
According to SFPS, enhancement of technology management and data security risk monitoring has taken place to avoid any further breaches of PHI. SFPS said that the termination of the affiliation with Milestone Family Medicine had nothing to do with the breach.
The Department of Health and Human Services’ Office for Civil Rights has not yet published a summary of the incident on its website, thus the exact number of affected Milestone Family Medicine patients is not yet known.
Patient Records Potentially Accessed During Rocky Boy Health Center Break-in
Thieves broke into the offices of Rocky Boy Health Center located in Box Elder, MT, and potentially accessed patients health records. The health center learned about the incident on January 16, 2019. The thieves entered the offices by forcing the padlock and door lock on January 14.
X-Ray images and dental files dating back to the 1990’s were stored in the office. PHI like names, Social Security numbers and diagnosis codes were detailed in the records. The health center has reported the break in to law enforcement and all patient records have now been removed from the offices. They have been scanned and added to electronic medical records and all physical documents have now been shredded. A total of 971 patients were affected by the breach and have been sent breach notification letters.