106,000 patient records potentially breached by 3rd-party vendor
Just over 106,000 patients of are being notified by Mid-Michigan Physicians Imaging Center of a potential data breach of their personal health information.
The records of both past and current patients may have been accessed after the McLaren Medical Group -- which manages Mid-Michigan -- discovered a breach of its Radiology Center computer system in March.
The system contained house-scanned documents with physician authorizations, orders, scheduling information and other documents. Included in the data were patient names, Social Security number, dates of birth, addresses, phone numbers, medical record numbers and diagnoses.
After an investigation, the provider confirmed that the records of seven patients were definitely accessed. However, while the investigation did not confirm if the other records were accessed, it couldn’t be excluded.
The organization rebuilt its computer system with additional security measures and McLaren Medical Group is providing all impact patients with identity theft and protection. Notifications to impacted patients were sent on Thursday.
McLaren Medical Group spokesperson Dave Jones told Lansing State Journal the 5-month delay in reporting the breach was due to ensuring the completion of the extensive investigation.
Timely reporting is crucial to HIPAA compliance. The U.S. Department of Health and Human Services’ Office of Civil Rights slapped Illinois-based Presence Health with a $475,000 fine in January for failure to report in a timely manner.
Calls to Mid-Michigan Physicians Imaging Center were not immediately returned.