Premier Patient Health Care based in Carrollton, TX has found out that an unauthorized individual had obtained the protected health information (PHI) of 37,636 patients in an insider data breach incident.
Premier Patient Health Care is an Accountable Care Organization (ACO) that works with doctors to enhance clinical outcomes under the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are managed by Premier Management Company, a business associate to a lot of primary care medical professionals who are covered entities by HIPAA.
On April 30, 2020, Wiseman Innovations, a technology seller used by Premier Management Company, learned that a former Premier Patient Health Care executive got access to its computer system in July 2020 following the employment termination and viewed and took a file that contains patient data.
An analysis of the file affirmed it included the protected health information of patients of primary care doctors, such as full names, age, date of birth, race, county, state of residence, and ZIP code together with Medicare beneficiary data like Medicare eligibility period, spend details, and hierarchical condition category risk score.
The breach investigation is ongoing, however, it’s not possible thus far to know what the ex-executive did with the document, though no evidence was identified to suggest any attempt or actual patient information misuse.
As a safety measure, all affected patients were cautioned to be cautious and keep track of their accounts for signs of fake activity. Premier stated policies and procedures are being evaluated and will be updated to help avoid similar attacks later on.
Oregon Eye Specialists Reports Email Account Breach
The optometry group Oregon Eye Specialists located in Portland, OR encountered an email account breach resulting in the exposure of the PHI of some patients.
The provider discovered suspicious activity in an email account on August 10, 2021. This prompted a password reset and investigation. The investigation showed that an unauthorized person had acquired access to selected employee email accounts from June 29, 2021 to August 30, 2021. An evaluation of those email accounts revealed they kept PHI like names, dates of birth, dates of service, medical record numbers, financial data, and health insurance details, which include provider name and policy number.
No proof was found of any actual or attempted patient information misuse at this point nevertheless affected people were instructed to keep track of suspicious activity in their account and explanation of benefits statements. Oregon Eye Specialists offered credit monitoring and identity protection services to the impacted persons.
The number of people affected by the breach is presently unclear. Information will be provided when available.