It has been revealed that Valley Family Medicine (VFM) in Staunton, Virginia suffered a data breach after two employees misused the health information of more than 8,400 patients. The incident occurred in mid-July but was only discovered on September 15.
The compromised information included patient names and email addresses that were printed out to be used as a mailing list. The information was used to invite specific patients to a new practice. No medical or financial information was included in the breach, and the only printed copy of the mailing list was recovered.
Upon discovery of the incident VFM investigated fully. Those affected by the breach have been informed, as has the US Department of Health and Human Services. The incident was a “direct violation of written agreements from both employees.” The pair are no longer employed by VFM and so do not have access to its medical systems or any information that they contain. VFM has informed other employees of the breach in a bid to prevent similar incidents.
Although this breach is an example of a deliberate misuse and not human error, it shows the importance of training staff effectively to ensure that they know how to treat confidential information. The healthcare industry is no stranger to data breaches as 41% of healthcare data breaches reported so far this year were caused by insiders.
Educate your staff
Information security is critical within the business environment. Enroll your staff on our Information Security Staff Awareness E-Learning Course so that they gain a better understanding of what is expected of them. The course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses, and providing basic knowledge of information security best practise to reduce preventable mistakes.