Mercy Health Love County Hospital Breach: Private Data of Almost 13k People Under Threat After

by Ryan Coyne | Oct 2, 2017

A HIPAA violation at Mercy Health Love County Hospital may have exposed the private information of in excess pf 13,000 patients in Oklahoma.

On June 23, 2017, the health centre found that a member of staff employee had stolen a laptop computer and paper records from a storage unit used by the facility. The breach notice issued by Mercy Health said that the records of 10 patients were taken from the storage unit along with the laptop.

The Love County Sheriff’s Office investigated the theft of PHI and revealed that the former employee had used the stolen data to fraudulently obtain credit cards in the patients’ names. A second person is also understood to have been involved in the scam.

Mercy Health contacted the ten affected patients immediately, despite the fact that they had up to 60 days to do so under HIPAA Rules, all ten patients were notified immediately. Mercy Health is working with the Love County Sherriff’s Office, the United States Postal Services, and the U.S. Secret Service which are all examining the attack.

In the official breach notice Mercy Health commented, “Although there is no evidence that files belonging to patients aside from the ten patients originally identified were accessed or acquired without authorization, Mercy is nonetheless informing the public of the incident.” All affected individuals have been offered 12 free months of credit monitoring and identity theft repair services.

Richard Barker, Mercy Health Love County Hospital and Clinic Administrator, remarked “We are taking steps to secure all patient information to prevent anything similar from happening.”

A report filed to the Department of Health and Human Services’ Office for Civil Rights says a breach has been experienced involving 13,004 paper/film records, even though it appears that the private records of only 10 patients were stolen,

It is still has not been shown if the storage unit contained the records of 13,004 patients, but only 10 patients’ files were obtained, or if this is a separate attack. HIPAA Journal made contact with Mercy Health for further clarification but has yet to receive an official response.

This article will be updated with additional information as it becomes available.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter