MOHC notifies patients about the data breach of June 2018

MOHC (Medical Oncology Hematology Consultants), a cancer treatment center in Newark city of Delaware, recently started notifying some patients that a few of their PHI (Protected Health Information) has been exposed due to the email security breach that takes place almost a year ago.

As per substitute breach notice on the website of MOHC, an email account got compromised on Jun. 7 or Jun. 8, 2018. The notification has not explained when the MOHC first learned about this breach, however its 'extensive investigation' finished on Mar. 14, 2019.

MOHC has also joined the increasing number of the healthcare organizations, who in recent months failed to report the security incident on time. Under HIPAA, the providers must report about their breaches inside 60 days of discovery and not after finishing the investigation.

Medical Oncology Hematology Consultants started the investigation immediately, after breach has been discovered, with assistance from the third-party forensics team as well as their third-party email vendor. They determined that the compromised account contain patient data that varies patient by patient, and includes patient names, Social Security numbers, medical data, financial account information, government ID numbers, dates of birth, and health information.

Data access as well as theft cannot be ruled out, even though reports have not been received that will suggest any type of patient information was misused.

As this breach is yet to be listed under breach reporting tool of Department of Health and Human Services, so it is still not clear about the number of patients who were impacted in this incident. However, all the patients affected by this breach were notified and have been offered 1 year of free membership to the credit monitoring as well as associated services.

"The practice treats all sensitive information in a confidential manner and is proactive in the careful handling of such information," said the officials in a statement. "We sincerely apologize for this situation and any inconvenience it may cause you".

Since this incident, the officials said that they've taken more steps in order to bolster the patient data security, which includes implementation of new email portal so as to ensure the secure email delivery from the outside sources, added the malware-blocking tools, facilitated the suspicious email reporting, as well as created alerts for the users when they try to send the unencrypted sensitive data. The MOHC also started encrypting all the outgoing emails as well as provided additional training of data security to its staff.

» SPAMfighter News - 5/30/2019