Third party gained unauthorized access to patient records at Wyoming Medical Center

(Casper, Wyo.) - Today Wyoming Medical Center issued the following message to patients and the community: *Wyoming Medical Center takes the privacy of our patients very seriously and strives to protect the privacy of each patient. Although there is little risk to patients, Wyoming Medical Center wants to inform the public of a recent incident which allowed unauthorized access to limited protected patient health information (PHI) affecting 3,184 patients. * *On Feb. 25, 2016, Wyoming Medical Center discovered that an unauthorized third party had access to two organizational email accounts. No evidence exists to indicate that PHI was viewed or copied from the compromised email accounts.* *Because the unauthorized party only had access to the email accounts for 15 minutes, we believe that no PHI was viewed or acquired. If the unauthorized party did view patient information, they would have had access to view patient names, medical record numbers, account numbers, dates of hospital service, dates of birth and limited medical information. * *Wyoming Medical Center took immediate steps to secure the email accounts.* *Although this is a serious breach, the information potentially disclosed did not include patients’ addresses, Social Security Numbers or insurance information.* *Because of the limited information contained within the compromised email accounts, there is little to no risk to patients who may have been affected. * *In light of this recent event, Wyoming Medical Center is reviewing our internal email safeguards and policies to protect against future incidents. Wyoming Medical Center has reported this event to the Office for Civil Rights, the government agency that oversees HIPAA privacy compliance (Health Insurance Portability and Accountability Act Privacy Law). * *If you were personally affected, and we have your current address, you will be receiving a letter informing you of this breach. Should you have any questions, please contact Wyoming Medical Center’s Privacy Office at 307-577-2545 or 800-822-7201 extension 2545. * *So what exactly happened?* An employee at Wyoming Medical Center received an email, which appeared to be an official email. However, it was a phishing email that allowed an unauthorized third party access to a Wyoming Medical Center email account. This email account was then used to send out additional phishing emails and another Wyoming Medical Center email account was compromised. This unauthorized access lasted 15 minutes. Wyoming Medical Center performed an investigation, and though the likelihood of a third party accessing patient information is extremely low, we could not prove without a doubt that no information was accessed. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Law required Wyoming Medical Center to inform patients if there was a potential breach of your health information and we are not able to prove that the information was not accessed. More information will be provided as it becomes available. h/t Wyoming Medical Center #oilcity #news #wmc