56K patient records compromised during separate data breaches at specialty clinics in Kentucky and North Carolina

Two separate data breach incidents at specialty practices in Kentucky and North Carolina have led to nearly 60,000 compromised patient records.

On Friday, the University of North Carolina Health Care’s Dermatology and Skin Cancer Center reported a data breach involving a laptop stolen during an Oct. 8 break-in. In a release, UNC Healthcare said the laptop contained information on patients seen at dermatology clinic called Burlington Dermatology, acquired by the health system in 2015.

The information was on a password protected-database that included identifying personal information like social security numbers and birthdates, but the provider does not believe the database included any treatment or diagnostic information.

“UNC Health Care is committed to providing patients with superior health care services and takes its obligation to protect the privacy of patients’ medical information very seriously,” David Behinfar, Chief Privacy Officer, UNC Health Care said in the release. “We have ensured that all remaining computers acquired from, or kept for use by Burlington Dermatology have been properly secured. UNC Health Care has also implemented process improvements to ensure that future acquisitions of physician practices include a process to properly secure legacy computers and electronic patient information.”

RELATED: Health systems' IT priorities for 2018—Cybersecurity technologies, patient-generated data

Meanwhile, a pulmonary specialty practice in Louisville, Kentucky, sent out a notification indicating an unauthorized third-party accessed its EHR system on Sept. 26. Pulmonary Specialists of Louisville, PSC filed a report with the Department of Health and Human Services late last month indicating the hacking incident potentially compromised 32,000 patient records.

A letter from an attorney representing the practice posted by the New Hampshire Department of Justice stated the unauthorized user could have viewed or access patient information, adding that the provider has taken steps to secure patient information, “including reviewing and revising its information security policies and procedures and updating the security systems on its EHR.”

Healthcare data breaches are on pace to exceed 2016 figures both in the number of breach incidents and the number of affected records. A larger portion of those threats are linked to insiders despite an uptick in hacking incidents.

Last week, Henry Ford Health System notified 18,000 patients that a third party may have accessed their personal information after learning that someone had gained access or stolen email credentials from some employees.