On August 17, 2018, Acadiana Computer Systems, Inc. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Lafayette, LA, Acadiana Computer Systems’ email breach affected 31,151 individuals’ protected health information.
Acadiana Computer Systems is classified as a Business Associate.
According to this report about Acadiana Computer Systems’ breach:
On July 6, 2018, ACS discovered that an employee’s email account had been accessed by an unauthorized individual. Upon learning of this incident, ACS immediately disabled access to the account, began an investigation, and engaged an independent, third-party cybersecurity expert to assist. The investigation indicated that emails within the impacted email account may have been accessed without authorization, and some of those emails may have contained personal information belonging to patients of several of ACS’s clients. The ACS clients whose patient information may have been impacted include: Radiology and Interventional Associates of Metairie; LSU Healthcare Network; LSU Health Sciences Center Shreveport; Poly Ryon (Oakbend) Medical Group; Oceans Acquisition, Inc.; South Louisiana Medical Associates; Southern Surgical; Truman Medical Centers; University Hospital and Clinics; University of South Alabama; Willis-Knighton Medical Center. The involved information may have included names, addresses, and treatment billing information belonging to those individuals. In addition, a small number of patients’ Social Security numbers were potentially impacted.
ACS takes the security of information belonging its clients and their patients very seriously and has taken steps to prevent a similar event from occurring in the future. These steps include increasing email account security, updating relevant policies and procedures, and retraining staff.
Notification letters are in the process of being sent to the potentially impacted individuals.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.