SPRINGFIELD — Burrell Behavioral Health recently sent letters to clients informing them that access to client information was possibly granted to unauthorized individuals. 

A business associate’s Internet-facing portal, which contained electronic images of Burrell’s protected health information (ePHI) was improperly secured and potentially permitted access to unauthorized individuals. 

The ePHI was loaded on the server in August, 2018 and contained medical record information for up to 67,493 individuals, which could include one or more of the following: name, address, telephone number, date of birth, gender, date of service, type of services, insurance information, driver’s license number, and social security number.

Upon discovery, Burrell immediately contacted its business associate to shut off portal access and launched an investigation. 

Computer forensics experts determined that there was a very low probability that any information was actually accessed; there was no evidence that any unauthorized individuals or automated website crawlers or scanners had accessed the ePHI and the ePHI was formatted in a manner that did not allow access through general internet searches or casual internet browsing.

Identity monitoring and protection services will be offered free of charge, as appropriate, for individuals whose social security number has been compromised by this incident. 

Affected individuals, or those who want to know whether or not they were affected, may call 1-(855) 571-5874, Monday through Friday, 8 a.m. to 5 p.m. CDT beginning Wednesday, April 3, 2019.

“We value the privacy and security of patient protected information and we are committed to protecting the confidentiality and privacy of our patients,” said Darren Johnson, Vice President, Information Technology for Burrell. “It is our priority to support those who have been affected.”

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Johnson said. “We have an effective security program, but we are continuing to evaluate and implement additional administrative, technical and physical safeguards to protect ePHI. We are working with all of our business associates to ensure all ePHI is appropriately secured, and that additional technical and administrative safeguards are implemented to permit the secure transition of paper medical records to electronic form.”

(Excerpt) Read more Here | 2019-03-29 22:22:00
Image credit: source


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.