"Harris Health is notifying more than 5,000 patients that an employee - who was fired and referred to law enforcement when their wrongdoing was discovered - was accessing patient records without legitimate purpose and sharing the information outside of the health system. The wrongdoing went on from January 4, 2011 - March 8, 2021. A media report on the case from CW39 notes that disclosure was delayed due to a law enforcement hold on disclosure so as not to interfere with the criminal investigation."
"The Texas health system has posted a substitute notice on its website. The notice states that the breach was discovered on February 10, 2021, but it does not explain how they discovered it. Harris disclosed the incident and began notifying patients as soon as law enforcement cleared them to do so. Harris Health was reportedly unable to determine exactly which patients had their protected health information exposed outside of the organization, but the types of information included:"
"demographic information (name, date of birth, address, email address, telephone number, medical record number); clinical information (diagnoses, medical history, medications, immunizations, provider name, dates of service); and insurance information, which for a limited number of patients may have contained their Social Security number. The employee was not named in the notice, nor was there any indication as to what has happened with any criminal case against them."
Harris Health is notifying more than 5,000 patients after an employee accessed patient records without legitimate purpose and shared information outside the health system. The employee was fired and referred to law enforcement when the wrongdoing was discovered. Unauthorized access occurred from January 4, 2011 through March 8, 2021, and the breach was discovered on February 10, 2021. Disclosure to patients was delayed due to a law enforcement hold to avoid interfering with the criminal investigation. Harris Health posted a substitute notice but could not determine exactly which patients had protected health information exposed. Exposed data types included demographic, clinical, and insurance information, and a limited number of records may have contained Social Security numbers. The employee was not named and there is no public indication of the criminal case outcome.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]