The PHI of 63,500 Middletown Medical Patients Impacted by Data Breach

April 16, 2018 James Keogh HIPAA News

The protected health information (PHI) of tens of thousands of Middletown Medical patients was exposed due to a misconfiguration in the security setting of a radiology interface. Middletown Medical, a multi-specialty physician’s group that is located in Middleton, New York, found out about the misconfigured security setting on January 29, 2018.

Middletown Medical immediately secured the interface the following day so that unauthorized persons cannot access patient information. It is not known how long the system was left unsecure allowing patient data to be accessible. But Middletown Medical stated that the number of patients’ PHI potentially accessed by unauthorized persons is limited.

There was no highly sensitive information like Social Security numbers, insurance data or financial information exposed. Breached information was limited to the patients’ names, birth dates, client identification numbers, confirmation of receipt of radiology services by patients, and date of the service provided. Some of the patients also had exposed their diagnosis codes, radiology reports and radiology images.

When Middletown Medical discovered the error, it prompted the review of the HIPAA-covered entity’s policies and procedures. Additional safeguards were implemented to guarantee the confidentiality of documents with PHI. The personnel were provided additional HIPAA compliance training to secure information systems. Interfaces were also modified to make sure all information is kept secure.

Though Middletown Medical did not receive any report of misuse, as a precaution, all patients whose information was compromised were offered free identity theft protection services for 12 months. They were also requested to check and monitor their account statements and Explanation of Benefits statements to guard against fraudulent activities.

Middletown Medical submitted the data breach report to the Department of Health and Human Services’ Office for Civil Rights. There were 63,551 patients whose PHI was exposed. So far, it is one of the largest healthcare data breaches that happened this year.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn