On November 30, 2018, CCRM Dallas-Fort Worth submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Dallas Fort Worth, Texas, the email breach affected 1,117 individuals’ protected health information.
CTCA is classified as a Healthcare Provider.
According to a statement on CCRM Dallas-Fort Worth website:
CCRM Dallas-Fort Worth has become aware of a potential data security incident that may have resulted in
the inadvertent exposure of patients’ personal and health information. Although at this time there is no
indication that an unauthorized party actually accessed or viewed patient information or evidence of patient
information being misused, we have taken steps to notify anyone who may have been affected by this
On October 4, 2018, we discovered that a former nurse’s email account had been accessed by an unknown,
unauthorized third party. Upon learning that some patients had received spam email messages from the
nurse’s account, the practice immediately contacted its IT vendor to deactivate the account and determine
what information may have been impacted. The investigation determined that an intruder could have
viewed or accessed patients’ names, addresses, email addresses, health information, insurance information
and medical history within the account, and for a limited number of patients, Social Security numbers and
driver’s license numbers.
Although there is no evidence that an unauthorized third party actually viewed or accessed patient health
information and we are not aware of anyone’s information being misused, we take your privacy and security
very seriously and have taken steps to prevent a similar event from occurring in the future. Notification
letters mailed on December 3, 2018 include additional information about what happened and a toll-free
number where patients can learn more about the incident. The call center is available Monday through
Friday between 10 AM to 10 PM Central at 1-800-939-4170.
The privacy and security of patient information is a top priority for CCRM, which deeply regrets any
inconvenience or concern this incident may cause.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.