The violation, discovered on December 10th 2019, occurred over a span of two-and-a-half years, beginning in February 2017. Hospital officials say the breach occurred through a former employee at the Dearborn location, who has since been fired, who shared extensive health information of patients injured in auto accidents with someone associated with a personal injury attorney.
Beaumont Health has since notified the Michigan Health & Hospital Association, and notified impacted patients “with best practices to protect their information and have been reminded to remain vigilant in reviewing financial account statements for any fraudulent activity.” The health system is also working closely with law enforcement personnel investigating the breach.
Data breaches have been an increasing threat for the healthcare industry. According to a report from HIPPA Journal, there were 38 data breaches impacting 500 or more records reported in December 2019 to the Department Of Health And Human Services. This was increase of 8.57 percent over the number of cases reported in November. While the number of cases increased, there were 35 percent fewer records impacted.
Last year was the second worst year reported for data breaches when considering the number of patient records that were violated. A total of 41,232,527 patient records were improperly exposed, an increase of 195.61 percent over the previous year. In fact, more records were subjected to data breaches in 2019 than the three previous years combined.
According to the HIPPA Journal report, the largest patient data breach reported in December occurred at Truman Medical Center in Kansas City, Missouri when a company laptop was stolen from the car of an employee. A total of 114,466 patient records were impacted in that breach. While the laptop was password protected, it was not encrypted.
IT-related hacking was the largest cause of data breaches in December, accounting for 21 reports. This included phishing attempts, malware, and coding errors. Unauthorized access due to internal errors and improper actions by employees accounted for 11 reports.