On February 4, 2019, United Hospital District submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Blue Earth, MN, the email breach potentially affected 2,143 individuals’ protected health information.
United Hospital District is classified as a Healthcare Provider.
According to a notice on United Hospital District’s website:
On December 12, 2018, after devoting considerable time and resources to determine what information was contained in the affected employee’s email account, United Hospital District discovered that the email account, compromised between June 10, 2018 and June 27, 2018, contained certain patient information, including names, addresses, health insurance information, and/or internal patient identifiers. A limited number of patients had medical treatment information, medical diagnostic information, or Social Security numbers impacted.
United Hospital District is not aware of any reports of identity fraud or improper use of information as a direct result of this incident. United Hospital District has mailed letters to individuals whose sensitive personal and health information was contained in the affected email account.
For the few individuals whose Social Security numbers were contained in the account, United Hospital District is offering a credit monitoring and identity theft restoration service, which is being offered at no cost. Those individuals have also been provided with best practices to protect their information, including steps to obtain a free credit report, placing a fraud alert and/or placing a security freeze on their credit files. Those individuals have also been reminded to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity. It is also recommended that affected patients review the statements that they receive from their health insurance providers and follow up on any items not recognized.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.