BreachExchange mailing list archives
Legacy Health email breach exposes 38, 000 patients' information
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 20 Aug 2018 23:34:51 -0500
https://www.oregonlive.com/business/index.ssf/2018/08/legacy_health_email_breach_mig.html About 38,000 Legacy Health patients' personal, medical or billing information might have been accessed in a May email breach, the health system said Monday. The Portland-based nonprofit health system said someone accessed multiple employees' email accounts, some of which contained patient information. The breach was not discovered until June 21 and not publicly disclosed until Monday, as the health moved to establish a hotline and contact affected patients. "We've been moving at as fast a pace as we can to be thorough and clear," said Kelly Love, a Legacy spokeswoman. The information potentially exposed includes patients' names, dates of birth, health insurance information, billing information, medical information regarding care they received at Legacy, social security numbers and driver's license information. Legacy, which operates six hospitals and 70 clinics in Oregon and southwest Washington, said it has hired a firm to investigate the breach and will send notification letters to patients whose information might have been disclosed. Not all of the system's patients are affected by the breach. The health system said found no indication the information had been misused, but it is offering free credit monitoring to patients whose social security numbers were exposed. It also said it's implementing new policies to prevent future breaches, but did not elaborate. Patients with questions can call 888-277-6762 between 6 a.m. and 5 p.m. Monday through Friday. Federal officials have closely scrutinized previous breaches of patient privacy, which could violate federal laws restricting release of medical information. Oregon Health & Science University in 2016 agreed to pay federal authorities $2.7 million and enact a corrective action plan for a pair of 2013 data breaches that exposed information about than 7,000 patients. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Legacy Health email breach exposes 38, 000 patients' information Destry Winant (Aug 21)