Bloodworks Northwest notifies the patients about PHI Exposure

On Mar. 13, 2019, Bloodworks Northwest discovered a list having the patients' names, medical diagnoses, and dates of birth were missing from one employee's desk. However, the good news is particularly sensitive information like financial information or Social Security numbers was not there in that document. Bloodworks Northwest is the Seattle, Washington-based blood bank as well as medical research institute. It serves more than 90 hospitals throughout the region.

Although this incident seemingly involved a physical document containing some PHI (Protected Health Information) of the patients going missing, the Bloodworks website's Notice of Data Privacy Event says "while we are unaware of any misuse of the personal information in the impacted email account, we encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity".

So, it is still not clear whether this was an incident of only stealing a physical document or whether an email account has also been compromised as well. It might be possible that Bloodworks website's Notice of Data Privacy Event message is the 'standard message' that has been prepared earlier for a data breach incident, and has not been changed for this incident as the report on the breach that was submitted to HHS office for Civil Rights said that the breach was only in terms of losing a physical document containing some Protected Health Information.

1,893 patients were notified by Bloodworks Northwest that some Protected Health Information of them has been exposed when a document containing this information goes missing.

Further, Bloodworks website's Notice of Data Privacy Event also says, "Bloodworks takes information privacy and security matters extremely seriously and will remain vigilant in its efforts to safeguard and protect patient information, while taking any additional steps that may be necessary to mitigate and remediate this incident".

Bloodworks Northwest has set up a toll-free number, so that the affected patients know more about this data breach. In addition to it, Bloodworks has also suggested on their website recommendations of best practices for the individuals so that they can understand how to mitigate risk of fraud or identity theft.

» SPAMfighter News - 6/10/2019