PHI Likely Exposed Because of Prisma Health Website Breach and Seattle Cancer Care Alliance Email Error

Because a data breach on the Palmetto Health site occurred, Prisma Health Midlands is informing about 19,000 patients and 3,000 employees.

Prisma Health – earlier known as Palmetto Health – found out on August 29, 2019 that a suspicious person acquired the login details of a Prisma Health staff. The attacker used the stolen information to gain access to the Palmetto Health webpage, which keeps volunteer registration data and patient pre-registration forms that were filled-up online.

The forms correspond to 6 Midlands hospitals and the data comprised names, birth dates, addresses, limited health information and, Social Security number for a number of persons. There was no health data or financial details exposed. Prisma Health was unable to identify how much time the attacker used a staff credentials to access the site.

After uncovering the incident, Prisma Health altered the employee’s password to stop continuing unauthorized access and updated its policies and procedures to avert the same breaches from happening again. Affected persons received notification letters via mail and persons whose Social Security number was compromised got offers of one-year free credit monitoring and identity theft protection services.

This year, Prisma Health has encountered a number of privacy breaches. In April, Prisma Health stated that a phishing attack led to unauthorized access of the email accounts of some employees. The sensitive information of 23,811 persons was compromised because of the attack. In July, one more privacy breach was reported when it was found out that a notebook that contains the sensitive information of OB/GYN patients from a Richland Campus in Columbia was taken from a doctor’s automobile. The notebook recorded the data of approximately 2,770 people.

Email Error of Seattle Cancer Care Alliance

The email addresses of 944 patients of Seattle Cancer Care Alliance (SCCA) were exposed to other patients because of a mistake made by a member of employees when emailing an invitation on August 27, 2019.

Instead of inputting email addresses on the blind carbon copy (BCC) field to hide the email addresses of the recipients’ from one another, the email addresses were inputted on the CC fields thus all people getting the invitation could see everyone’s email addresses. None other data was compromised.

SCCA is presently reviewing its policies and procedures and will implement essential safety measures to avert the same breaches from transpiring once more. Impacted patients were mailed notification letters on October 16, 2019.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA