PeaceHealth St. John Medical Center Data Breach (2015)

A former PeaceHealth St. John Medical Center employee reportedly accessed patient information from a home computer using third-party websites, according to a PeaceHealth statement dated November 24. The individual also used insurance verification websites and prior authorization portals. PeaceHealth added that an investigation shows that 595 individuals had their information accessed between June 15 and Oct. 12. However, the OCR breach reporting tool states that a breach submitted on Nov. 30 affected 1,407 individuals. "In the course of the investigation, the former employee's personal computer and other electronic information devices were obtained and reviewed by law enforcement officials, which should ensure that all PeaceHealth patient information has been secured," PeaceHealth explained. "To help prevent future incidents such as this, we are enhancing processes to ensure former employees are not able to access third-party websites and portals under any circumstance." It is also important to note that while the majority of affected patients were treated at PeaceHealth St. John Medical Center, a "small number of patients" were treated at other PeaceHealth facilities in Oregon and Washington.