11,000 Patients Affected in 2 Breaches

Incidents Involve Exposed Server, Stolen Computer
11,000 Patients Affected in 2 Breaches

Diatherix which provides clinical laboratory testing services, is notifying 7,000 patients that their protected health information may have been accessible via the Internet for nearly three years because of a breach at a business associate.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

And in another newly reported healthcare breach incident, Temple University in Philadelphia says an unencrypted desktop computer containing information about nearly 4,000 patients was stolen from an office at Temple University Physicians' surgery department.

Server Exposed

Diatherix reports that on July 10, it discovered that Diamond Computing Company, a contractor providing it with billing-related services, had a security lapse that made one of its servers accessible via the Internet.

The server became exposed on Sept. 24, 2011, Diatherix says. It was first accessed without authorization on Oct. 16, 2011, though no PHI was viewed at that time. Diatherix's investigation indicates that documents containing PHI were first inappropriately viewed on March 7, 2014. Diamond Computing Company terminated access to the server on July 10.

Information stored on the server included billing-related documents, such as health insurance claim forms and billing and payment-related letters, Diatherix says. Exposed information included patient name, account number, address, date of test, insurance information and guarantor/insured information. Some of the documents also included Social Security numbers, dates of birth, diagnosis codes and the type of test ordered for the patient.

Diatherix has hired a data security firm to assist with an investigation of the incident. The company is offering affected individuals one year of free identity theft protection services.

Computer Theft

In the Temple University breach incident, the stolen computer contained information, including full name, age, procedure type and billing code, for 3,780 patients. In some cases, the name of the referring physician and/or medical record number were also included, Temple University says in a statement provided to Information Security Media Group.

Once the theft was discovered, Temple notified local law enforcement authorities, conducted an investigation and notified all affected patients.

Temple is offering impacted patients free identity theft services for one year. As a result of the incident, Temple has taken measures that include developing a mechanism to increase physical surveillance and adding additional security measures for desktop computers.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.