Over 5,000 Patients’ PHI Exposed in Texas and Pennsylvania Data Breaches

by | Dec 18, 2017

Two serious breaches of patients’ protected health information have been discoveredd in Texas and Pennsylvania.

Email Account Compromised at Midland Memorial Hospital

Midland Memorial Hospital has suffered a breach of a a number of patients’ protected health information. Over 1,000 patients are thought to have been affected.

Midland Memorial Hospital found that an unauthorized person gained access to the email account of a staff member at the hospital, in what seems to be an attempted Business Email Compromise (BEC) campaign. The focus of the attacker seemed to be to trick employees into making bank account transactions to an inappropriate bank account.

The violation was identified on October 13, 2017, with access to the email account thought to have been gained around October 10. Upon discovery of the security breach, access the email account was switched off and a full investigation was completed. The email account was found to contain some protected health information including first and last names, medical record details, account numbers, and information regarding radiology procedures that had been completed at the hospital in the time between August and September 2017. No financial data, driver’s license numbers, or Social Security numbers were accessed, and no proof has been uncovered to suggest any patient data has been used inappropriately.

Midland Memorial Hospital has taken measures to stop further incidents of this nature from happening, including reviewing policies and procedures and retraining employees.

Hard Drive Missing from Washington Health System Greene

Washington Health System Greene is warning 4,145 patients that some of their protected health information has been left open for access after a hard drive was found to be missing.

A portable external hard drive used with a bone densitometry machine in the Radiology department was found to be missing on October 11, 2017. While the hard drive may have been simply misplaced, a search of the hospital did not locate the device and its loss has been reported to the Pennsylvania State Police Department as a possible theft.

The device stored information on patients who attended the hospital for bone density scans between 2007 and October 11, 2017. The information stored on the device was restricted to names, height, weight, race, and gender, while some patients also had records of health issues, the identity of their prescribing physician, and medical record numbers saved on the device. No financial data, Social Security numbers, insurance details, or other highly sensitive information was open to be accessed.

Patients have been notified of the breach in line with HIPAA requirements. Due to the restricted nature of data exposed, even if the device has been illegally taken, Washington Health Greene does not feel patients are in danger of identity theft or fraud.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy