Breaches at Quantum Imaging and Therapeutic Associates, Delaware Department of Health and Social Services and US HealthCenter

The radiology practice Quantum Imaging and Therapeutic Associates located in Pennsylvania made an announcement that they received reports concerning a non-physician worker who purportedly disclosed to a Facebook group an x-ray image of a male patient’s genitalia.

The disclosure of health-related photos on social communities, with no patient authorization, is a violation of HIPAA and patient privacy. Quantum gave an announcement on Facebook verifying the reports gotten concerning a privacy breach and explained that Quantum is dedicated to keeping its patients’ privacy and is really saddened by the reports. No other details were issued regarding the breach while the investigation is not yet complete. The Fairview Township police were notified regarding the incident and started an investigation, nevertheless, there are no apprehensions yet at this point. Some persons have left a comment on the Facebook posting saying the photo may be seen by ‘thousands’ of individuals.

Delaware Department of Health and Social Services Uncovered Impermissible Disclosure of PHI

The Delaware Department of Health and Social Services found a spreadsheet comprising PHI was disclose to four students by accident.

Four senior students at the University of Delaware asked for the information intended for a project to determine service gaps within the community and received a spreadsheet. The data requested by the senior students included the age groups of persons and their disability state. The identifying data were not deleted before giving the spreadsheet. The senior students had seen the complete names, dates of birth, diagnoses, and county data of 350 persons.

The students presented their report through Zoom on May 8, displaying the listed patients’ PHI also. The Delaware Department of Health and Social Services at once stopped the report upon knowing that PHI was listed. The students were told to remove the information while the person who gave the spreadsheet was put under discipline.

US HealthCenter Uncovered an Email Account Security Breach

The US HealthCenter, a health risk management firm, found out that an unauthorized individual got access to an email account and could have seen or acquired the private and protected health information (PHI) of the Cost Plus World Market’s (Cost Plus) Wellness Program members.

The compromised email inbox was utilized to obtain the members’ accomplished Annual Preventive Screening affidavits. Inquiries from Wellness Program members regarding the program were at the same time forwarded to the email account. US HealthCenter learned about the unapproved access on April 13, 2020 because the hacker employed the email account to transmit phishing emails to participants of the Cost Plus wellness program. At the time the email account was accessed, the unauthorized person could see and send email messages.

The analysis of email messages in the account confirmed they comprised participants’ names, birth dates, employee numbers, doctor signatures, dates of exams, and some medical details.

US HealthCenter protected the account promptly and presently hosted the account on a new Microsoft Office 365 system, which offers better security defenses having multi-factor authentication. There is no proof identified that indicate the improper use of personal data.