Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Montrose Regional Health notifies OCR of data security incident

Montrose Regional Health notified, on 25 February 2022, the U.S. Department of Health and Human Services' ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 52,632 individuals. In particular, Montrose Regional Health outlined that it noticed unusual activity in an employee's email account which led to its initiation of an investigation. As a result, Montrose Regional Health determined that there was unauthorised access to certain employee email accounts from 2 August to 26 October 2021.

Furthermore, Montrose Regional Health detailed that the email accounts may have contained information, including inpatient/outpatient status, internal patient account number, service date, treatment cost, procedure code, provider name, and/or health insurance provider. In addition, Montrose Regional Health explained that it has no evidence of any misuse of the information and has taken steps to mitigate any future incidents from happening.

You can read the notice here and access details on the OCR portal here.