Upstate University Hospital Breach Impacts PHI of 1,216 Patients

Upstate University Hospital in Syracuse, NY, has informed 1,216 of its patients that a former hospital worker has impermissibly accessed some of their protected health information (PHI). The hospital discovered the breach on September 12, 2018.

An investigation was launched into the security breach which revealed the former hospital employee began accessing patients’ medical records without a valid work reason for doing so on November 3, 2016. The employee continued to access patients’ medical records up until October 23, 2017.

The investigators didn’t uncover any evidence that suggests the former employee printed out, copied, or transmitted any patient data outside the organization. It is unclear why the employee accessed patients medical records. No details of the employee’s motives have been disclosed.

According to Upstate University Hospital, highly sensitive information such as financial information, Social Security numbers, and medical insurance details remained secure and the types of information that were accessed are not those required by identity thieves. The breached data was limited to patients’ names, ages, contact information, medical record numbers, types of services received, service appointments, diagnoses, treatment information, and prescribed drugs.

Hospital staff with PHI access had been provided with comprehensive training related to the protection of the confidentiality and integrity of patient information. Following the breach, staff members have been reminded of their responsibilities with regards to HIPAA and Upstate University Hospital has now reviewed and strengthened its security controls for keeping patient data private and confidential.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: