On June 13, 2018, Black River Medical Center submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Located in Poplar Bluff, Missouri, Black River Medical Center's email breach affected 13,443 individuals’ protected health information. Black River Medical Center is classified as a Healthcare Provider.
According to Black River Medical Center's statement: Black River Medical Center has become aware of a potential data security incident that may have resulted in the inadvertent exposure of some patients’ personal information. Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication that anyone’s information was actually misused, we have taken steps to notify any patients who may have been affected by this incident. This includes sending letters to anyone whose information might have been exposed. On April 23, 2018, we discovered that an employee’s email account was compromised as the result of a phishing attack. Our IT department immediately commenced an investigation to determine whether sensitive information in the account was at risk. The investigation determined that an unknown, unauthorized third party gained access to the employee’s email account and could have viewed or accessed the information contained therein, which included patients’ names, addresses and phone numbers, and in certain instances, limited treatment information. Fortunately, Social Security numbers or financial / billing information were not involved in this incident. At this time, there is no evidence that the unauthorized party actually accessed or viewed any patient information in the email account, and Black River is not aware of any misuse of patient information.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.