On November 30, 2018, CCRM Dallas-Fort Worth submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Located in Dallas Fort Worth , Texas, the email breach affected 1,117 individuals’ protected health information. CTCA is classified as a Healthcare Provider. According to a statement on CCRM Dallas-Fort Worth website:
CCRM Dallas-Fort Worth has become aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information. Although at this time there is no indication that an unauthorized party actually accessed or viewed patient information or evidence of patient information being misused, we have taken steps to notify anyone who may have been affected by this incident. On October 4, 2018, we discovered that a former nurse’s email account had been accessed by an unknown, unauthorized third party. Upon learning that some patients had received spam email messages from the nurse’s account, the practice immediately contacted its IT vendor to deactivate the account and determine what information may have been impacted. The investigation determined that an intruder could have viewed or accessed patients’ names, addresses, email addresses, health information, insurance information and medical history within the account, and for a limited number of patients, Social Security numbers and driver’s license numbers. Although there is no evidence that an unauthorized third party actually viewed or accessed patient health information and we are not aware of anyone’s information being misused, we take your privacy and security very seriously and have taken steps to prevent a similar event from occurring in the future. Notification letters mailed on December 3, 2018 include additional information about what happened and a toll-free number where patients can learn more about the incident. The call center is available Monday through Friday between 10 AM to 10 PM Central at 1-800-939-4170. The privacy and security of patient information is a top priority for CCRM, which deeply regrets any inconvenience or concern this incident may cause.
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.