USA: University Hospital Newark notifies OCR of data breach
The University Hospital Newark ('UH') notified, on 8 October 2021, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 9,329 individuals. In particular, the UH stated that between 1 January 2016 and 31 December 2017 some personal health information of individuals had been accessed by one of UH's employees who had also provided patient information to unauthorised individuals. In addition, the UH stated that the information involved for each individual may have included names, addresses, dates of birth, social security numbers, health insurance information, medical record numbers, and clinical information related to care received. Moreover, the UH highlighted that this incident did not affect all patients, but only certain patients treated in the emergency department of the hospital, following motor vehicle accidents between 2016 and 2017. Lastly, the UH stated that it is notifying all potentially affected individuals and is offering to those patients a complimentary one-year credit monitoring and identify protection membership.