Camden’s Cooper University Health Care said May 25 it learned of a data security incident that may have affected information belonging to current and former patients.
A notice has been sent to potentially impacted individuals, along with assistance resources, the South Jersey health system said. According to Cooper, at this time there is no evidence that any of the potentially affected information was accessed, disclosed or misused as a result of the incident.
Information that may have been involved includes names, birthdates, medical professionals’ names, diagnosis and treatment information, billing and claims information, and medical record numbers.
Cooper learned of unusual activity involving an employee’s email account on Dec. 13, 2021. The system said it immediately launched an investigation — assisted by independent cybersecurity experts — to determine what had happened and whether personal or protected health information had been accessed or acquired without authorization.
At that time, the health system says it also took steps to secure all employee email accounts.
Per the investigation, the email account in question was without authorization on or before Nov. 24, 2021, Cooper said, which prompted it to launch a review of its contents. Earlier this month, on May 10, Cooper said it learned that some individuals’ personal and protected health information may have been contained therein. From then to May 24, the system worked to collect contact information to notify any potentially affected individuals.
In its disclosure of the breach, Cooper identified protecting personal and health information as a top priority, adding it “deeply regrets any inconvenience or concern this incident may cause.” The system said it is implementing additional safeguards to shore up its email environment and reduce the risk of similar incidents occurring in the future.
According to Critical Insight’s 2021 H2 Healthcare Data Breach Report, incidents — and those affected by them — are both on the rise. From 2018 to 2021, the report cited an 84% increase in the total number of breaches and a tripling of individuals affected to 45 million in 2021. Last year, the total number of affected individuals was up 32% from 2020, indicating that more records are being exposed per breach.
A toll-free call center has been set up to answer questions. Representatives are available at 1-800-405-6108 Monday through Friday from 8 a.m. to 8 p.m., excluding holidays. The following code should be provided when calling: l3btotw0i3yu.