USA: Guthrie Clinic notifies OCR of health data breach, 92,064 patients affected
The Guthrie Clinic notified, on 9 September 2020, the U.S. Department of Health & Human Services Office for Civil Rights ('OCR') of a data breach affecting around 92,064 of its patients, which the OCR is now investigating. In particular, Guthrie released a notification of a data security incident to alert that it had become aware of the same, involving protected health information of patients. Specifically, Guthrie noted that it had become aware on 16 July 2020 that Blackbaud, Inc. had been the victim of a ransomware attack. In response to the incident, Guthrie outlined that the affected data incident did not involve social security numbers, passwords, credit card or bank information, nor did it involve any access to patient diagnosis or treatment plans in any Guthrie medical systems or electronic health records.
Moreover, Guthrie highlighted that the information was limited to the following; patient name(s), contact information, age, gender, date(s) of treatment, department(s) of service, treating physician(s), and health insurance status.