Fraser Child and Family Center, a Minnesota-based provider of autism, mental/behavioral health, and disability services, recently identified unauthorized access to its computer network, potentially impacting the personal information of up to 67,000 patients.
On June 2, 2024, Fraser Child and Family Center detected suspicious activity within its IT network. Immediate actions were taken to secure the system and prevent further unauthorized access. A third-party forensic investigation revealed that an unauthorized third party accessed or copied files within Fraser's network between May 30, 2024, and June 2, 2024.
Although no evidence of information misuse has been found, the breach potentially exposed patients’ protected health information, including names, addresses, dates of birth, Social Security numbers, and medical information.
Fraser’s notice of data event on their website states, "Fraser recently became aware of an incident that may have impacted the privacy of information related to certain individuals."
Although the notice states, "Fraser is currently unaware of any attempted or actual misuse of information in relation to the incident," Fraser encouraged affected patients “to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring credit reports for any unauthorized or suspicious activity."
Protected health information (PHI) refers to any information in a medical record that can be used to identify an individual, created, used, or disclosed while providing healthcare services. PHI can include names, addresses, birth dates, Social Security numbers, medical records, lab results, and insurance details.
Moreover, the Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare providers, insurers, and their business associates implement safeguards to protect PHI from unauthorized access, use, or disclosure.
The potential exposure of Social Security numbers, medical information, and other personal data at Fraser could have far-reaching implications for those affected. So, healthcare organizations must protect PHI and mitigate the risk of identity theft, fraud, and other legal consequences.
Related: HIPAA Compliant Email: The Definitive Guide
Healthcare organizations, like Fraser Child and Family Center, must continuously enhance their cybersecurity measures to protect patient data from unauthorized access.
Furthermore, affected patients must use identity theft protection services and credit monitoring to track their information.
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.