Lawsuit Over Healthcare Breach in Kansas City
Author: David Johnson
At least 60,000 people fell victim to a recent IT breach at Children’s Mercy Hospital last January. At the beginning of July, multiple employee email accounts received an email from a seemingly credible entity. This email indicated that the employees should log into another website with their login information. Unauthorized individuals used this information to log into the Children’s Mercy network. The Kansas City Star reports that:
“The compromised data may have included patient names and information, medical record numbers, dates of hospital stays and procedures, diagnoses and conditions and other clinical information, according to a letter sent from Children’s Mercy to those affected.”
According to the article, this is the fourth protected health information lawsuit directed at Children’s Mercy by the same firm. In 2017, Children’s mercy also found a website with the protected health information for over 5,000 patients. What’s more, a former physician created this website. The hospital stated that website access lacked adequate security as well as authorization from administrative officials.
Despite receiving complaints regarding a phishing email early December for the latest attack, Children’s Mercy still had 4 separate employees enter login information into the nefarious link. Health IT Security reports that a Missouri law firm, McShane and Brady, claims Children’s mercy has failed to protect patient information once again. Accordingly, McShane and Brady filed a class action lawsuit against Children’s Mercy at the beginning of July. Children’s Mercy has since offered free credit monitoring for patients involved in the breach, but has declined to comment on the recent allegations by McShane and Brady.
In February of 2018, the U.S. Department of Health and Human Services released a newsletter highlighting the dangers of email phishing. Aside from protected health information release, phishing also allows outside entities to gain access to a network through software designated ransomware. Among their newsletter tips, the primary indicators of phishing may be strange links, websites, or requests for login information. If any emails are suspect, let your IT department know immediately and report the fraudulent activity to the United States Computer Emergency Readiness Team.
At American Medical Compliance, we offer many courses on privacy such as data security, cyber security risks and social media, email management and ethics, and more. Feel free to check out our course offerings.
