HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Michigan medical practice exposes patient data in email breach

Written by Kirsten Peremore | Nov 30, 2024 12:55:53 AM

East Paris Internal Medicine Associates, PC, recently experienced a data breach affecting thousands of individuals through an email-related attack. 

 

What happened 

On November 22, 2024, East Paris Internal Medicine Associates, PC, a healthcare provider located in Michigan, reported a data breach addicting 5,239 individuals. The breach, classified as “Unauthorized Access/Disclosure” occurred due to email-related issues, although specific details regarding the unauthorized access were not disclosed. East Paris has reported the breach to the Department of Health and Human Services (HHS) of the breach. 

 

What was said 

According to East Paris’s Notice of Privacy Practices, they had the following provision for the Privacy Rule, “You have the right to receive a privacy breach notice - You have the right to receive written notification if the practice discovers a breach of your unsecured PHI, and determines through a risk assessment that notification is required.”

It can, therefore, be presumed that those affected have received a notice of data breach or can expect to receive it in the coming days and weeks ahead. 

 

Why it matters 

Email-related data breaches are especially impactful to healthcare organizations due to the wealth of information they expose to unauthorized persons. The breach, in this case, could result in a trickle-down effect where the information used can be leveraged for ransom against the organization as well as being used against patients affected by identity theft or financial fraud.   

Related: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a data breach? 

A breach happens when sensitive information like personal health data is accessed, stolen, or exposed without permission.

 

What is cybersecurity? 

Cybersecurity refers to the practices and technologies used to protect computer systems, networks, and data from digital attacks. 

 

What is the Security Rule?

A part of HIPAA that sets the rules for the safeguarding of electronic protected health information.