Goodman Campbell Brain and Spine

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

ProMedica, a healthcare system based in Toledo, Ohio, has experienced multiple data breaches over the years, affecting the privacy and security of patient information.

2022 Data Breach

In May 2022, ProMedica reported a data breach involving the accidental sending of emails containing protected health information (PHI) to an incorrect email address. This incident, discovered on May 27, 2022, affected 1,178 patients. The emails included sensitive information such as patient names, dates and locations of services, dates of birth, medical record numbers, names of physicians, and descriptions of services. ProMedica stated that there was no evidence to suggest that the recipient of the emails viewed or misused the information. In response, the healthcare system offered affected patients a free year of credit protection monitoring and emphasized its commitment to safeguarding patient information by implementing enhanced security measures and re-training staff[1][4][10][11][12].

2014 Data Breach

Another significant breach occurred in 2014 at ProMedica Bay Park Hospital, where 594 patients’ personal and health information was inappropriately accessed by a now-former employee over a period from April 2013 to April 2014. The employee accessed patient records without a legitimate work-related reason. Following the discovery, ProMedica took immediate action by deactivating the employee’s access to patient information and terminating their employment. The hospital also reported the breach to the Health and Human Services (HHS) and took steps to prevent future breaches, including additional employee training[2][3][6][8][9].

Criminal Prosecution

The 2014 incident led to criminal prosecution, highlighting the seriousness of HIPAA violations and the potential legal consequences for individuals involved. Jamie Knapp, the employee responsible for the 2014 breach, faced criminal charges for accessing patient records without authorization. This case underscores the increasing focus on prosecuting HIPAA violations and the importance of healthcare providers maintaining strict access controls and monitoring to protect patient information[6][9].

Conclusion

These incidents at ProMedica underscore the challenges healthcare organizations face in protecting patient information against unauthorized access and human error. They also highlight the importance of robust security measures, employee training, and swift action in response to breaches to mitigate potential harm to patients and comply with regulatory requirements.

Citations:

  1. https://www.13abc.com/2022/07/19/more-than-1000-promedica-patients-affected-by-data-breach/
  2. https://www.beckershospitalreview.com/healthcare-information-technology/promedica-hospital-suffers-data-breach.html
  3. https://healthitsecurity.com/news/promedica-bay-park-hospital-announces-data-breach
  4. https://www.wtol.com/article/news/health/over-1100-promedica-patients-data-breach/512-471966c3-f26e-46e8-8159-c495dee149fd
  5. https://archive.ada.gov/promedica_health_systems_sa.html
  6. https://www.swiftsystems.com/guides-tips/hipaa-violation-results-in-criminal-prosecution/
  7. https://www.13abc.com/2023/12/05/promedica-not-connected-medical-transcription-service-data-breach-company-says/
  8. https://www.wtol.com/article/news/promedica-gives-impacted-patients-identity-theft-protection-service-after-security-breach/512-a2ecbb52-63ed-4f02-9ce8-2abdf42e71bf
  9. https://www.proofpoint.com/us/blog/insider-threat-management/was-hospital-employee-acting-maliciously
  10. https://nbc24.com/news/local/promedica-confirms-nearly-1200-patients-information-was-sent-to-wrong-email-addresses
  11. https://www.toledoblade.com/news/medical/2022/07/19/promedica-reports-may-data-breach-affecting-1-200-patients/stories/20220719108
  12. https://www.beckershospitalreview.com/cybersecurity/email-accident-exposes-info-of-1-178-promedica-patients.html
  13. https://www.myinjuryattorney.com/data-breach-alert-paramount-health-care/
  14. https://www.jdsupra.com/legalnews/paramount-health-care-confirms-patient-8989911/
Breach Submission Date Jul 19, 2022
Converted Entity Name Goodman Campbell Brain and Spine
Converted Entity Type Healthcare Provider
State IN
Individuals Affected 362,833
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes