Record breach exposes the PHI of 9,800 patients

Aegis Medical Group, a physician practice in Mount Dora, Florida, recently notified 9,800 patients that their protected health information (PHI) may have been accessed by a former employee.

The records that were subject to unauthorized access include the following PHI: first and last names, social security numbers, birth dates, account numbers, mailing addresses, and diagnoses. Notably, 75% of the records that may have been accessed were physical records rather than electronic copies.

Aegis immediately terminated the employee after law enforcement informed the practice of the data breach on September 11. Working with law enforcement, the physician group determined that the records were accessed by the employee between July 24, 2019 and September 9, 2019. The legal investigation also revealed that the employee attempted to sell the PHI of two patients to third parties.

Aegis recently sent disclosure notices to patients who may have been affected by the breach advising them to take the following precautions:

• Lock social security numbers through the credit bureaus
• Monitor bank accounts and credit card activity
• Monitor credit reports for unknown transactions
• Place a fraud alert on the credit bureaus

Aegis confirmed that all physical records were stored properly. However, as a result of the data breach, the group is working to convert all physical records to digital formats which are easier to secure.