Valley Hope Association Alerts Patients About Email-Related Breach

Valley Hope Association has discovered that an unauthorized individual has gained access to an employee’s email account and has potentially viewed patients’ protected health information.

Valley Hope Association noticed the potential email account breach on October 10, 2018, after detecting strange account activity. The association took immediate action to block third-party access to the account and hired a computer forensics company to investigate the nature and extent of the breach.

According to the investigation, an unauthorized person accessed one email account remotely from October 9 to 10, 2018 and may have viewed emails and email attachments that contained the protected health information of patients. After thoroughly reviewing all email messages and attachments, the forensics company confirmed PHI access was a possibility.

The types of data that the emails contained varied from one patient to another. One or more of the following data elements could have been accessed: Name, date of birth, address, Social Security number, medical record number, medication and prescription details, claims and billing data, medical insurance details, and physicianโ€™s name. The emails did not contain any diagnosis or treatment details.

After confirming the exposed information, Valley Hope Association has been collating the current contact details of all affected people and will notify them regarding their exact information that may have been compromised. Although there’s a possibility of data access/theft, no reports have been received to indicate misuse of any patient information.

As a preventative measure against identity theft and fraud, Valley Hope Association offered the patients affected by the breach one year free identity theft monitoring services via Kroll.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

Valley Hope Association is assessing its policies and procedures and will take steps to increase the security of data and its systems.

Valley Hope has reported the breach to law enforcement, credit monitoring bureaus, state regulators and the Department of Health and Human Services Officeโ€™ for Civil Rights.
The OCR breach portal has yet to publish the details of the breach, so it is presently unknown how many people were affected by the breach.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/