American Family Care Data Breach (2015)

American Family Care notifies 7,200 patients of breach involving PHI An unauthorized individual gained access to systems used to store ePHI on multiple occasions over a period of 10 months. Affected individuals had a limited amount of PHI exposed on CDs containing X-ray images that were provided to patients. American Family Care conducted a thorough investigation and determined that there was a fault with the design and installation of third party software which resulted in the PHI of patients being exposed. The breaches of PHI occurred at four American Family Care Clinics