PHI of Veterans with PTSD Possibly Exposed in OSU Data Breach

According to a new NBC4 Investigates Report, a breach of the Ohio State University’s (OSU) pilot program that assists veterans to recuperate from Post Traumatic Stress Disorder (PTSD) and other psychological health problems led ot the compromise of the personal data of patients.

The (OSU) Veterans Neuromodulation Operation Wellness (NOW) pilot program was closed once and for all on June 15, 2021, however, before the shutdown, a data breach happened. OSU mentioned in its breach notification letters to impacted people that the breach was discovered on April 24, 2021, and happened from January 25, 2021 to March 4, 2021.

NBC4 Investigates talked with a veteran who obtained a notification letter on June 14, 2021 from the Office of Compliance and Integrity telling him about the compromise of his name, address, medical history and Social Security number. It is presently not clear how many people were impacted by the incident.

The Veterans Now Program was put on hold in March 2021 for one week, with the program’s head physician put on vacation. The program was subsequently re-initiated without the head physician however was closed once and for all on June 15, 2021. An OSU representative mentioned the closure was because of non-compliance problems. It is uncertain if those non-compliance problems were associated with the security breach.

Potential PHI Breach at Physicians Dialysis

Physicians Dialysis is notifying a number of patients regarding the potential compromise of some of their protected health information (PHI) due to a security breach.

The provider detected strange activity in its programs on March 21, 2021 and third-party cybersecurity professionals came to help with the investigation to find out the nature and extent of the data breach. That investigation confirmed the unauthorized database access which impacted the PHI of present and past patients, such as names, birth dates, addresses, medical data, Social Security numbers, medical insurance data, and claims details.

Physicians Dialysis was able to finish identifying the impacted persons and validating contact data only on June 22, 2021. Then, breach notification letters were sent to impacted people on June 25, 2021.

People who had their Social Security numbers compromised were provided free credit monitoring services with IDX. Since the discovery of the breach, Physicians Dialysis has put in place more security procedures to avoid the same breaches later on.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA