A hospital in Florida is notifying more patients that they were affected by a previously disclosed privacy breach by an employee. At that time, February 2015, 686 patients were affected by a breach involving unauthorized access/disclosure of personal health information (PHI).
It is little comfort to breach victims that the hospital is "able to affirm that none of your personal information was printed by the responsible individual" since if the insider had a smartphone photos of screens of PHI could have been taken, especially since the hospital "cannot be certain whether your social security number was viewed by this individual."
"[the hospital] identified that additional individuals may have also been affected beginning as early as January 1, 2012 through October 2013." - Hospital press releaseIt is unclear why the breaches were allowed to occur from January 2012-October 2013. Healthcare organizations seeking to proactively detect privacy data breaches and identity theft, even if a smartphone is used to breach data, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) http://www.databreaches.net/fl-aventura-hospital-and-medical-center-notifies-more-patients-of-insider-breach/FL: Aventura Hospital and Medical Center notifies more patients of insider breach - www.DataBreaches.net, 03/20/2015