Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Vail Health notifies OCR of data security incident

Vail Health notified, on 4 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 17,039 individuals. In particular, Vail Health stated that an unauthorised third party had gained access to a restricted location in its computer network containing files of COVID-19 testing results. More specifically, Vail Health noted that the potentially affected information included full names, dates of birth, contact information, COVID-19 test results, and encounter numbers, which constitutes an internal reference used to track individuals' interactions with Vail Health. Furthermore, Vail Health highlighted that, after learning of the incident, it had conducted an investigation and further secured its systems, and added an additional layer of security to the files within the affected location in the computer network, although noting that this location already had in place access controls for limited individuals.

You can read the notice here, and access details on the OCR portal here.