Recently, Taylor Regional Hospital reported a cyber security event resulting in the hospital’s phones and computer systems going down. Taylor Regional Hospital first reported the breach on January 24, 2021. As of February 1, the hospital was still experiencing outages across its phone and computer systems, as mentioned in a banner displayed across the home page of the Taylor Regional Hospital website.
Security breaches like this one can stem from a variety of cyberthreats. Certainly, it is possible that a hacker merely wanted to cause a disruption in the hospital’s operations. However, in many cases, when computer systems are taken offline by a hacker, it’s an indication of something more nefarious. Often, hackers who are able to bypass the security system will then attempt to remove patients’ protected health information from the affected servers. This may result in myriad potential problems for patients; for example, depending on the information on the servers, this may increase their risk of experiencing identity theft. Regardless, the thought of personal and health information being in the hands of an unknown party—let alone a possible criminal—is good reason to be concerned.
Importantly, Taylor Regional Hospital has not yet confirmed that the protected health information of any patient was compromised in the ongoing cybersecurity event. However, given the risks involved, those who believe their data may have been compromised as a result of the Taylor Regional Hospital data security incident should take the necessary precautions to keep their information secure. The data breach lawyers at Console & Associates, P.C. are closely following all developments and are prepared to investigate a possible class action lawsuit if evidence emerges that Taylor Regional Hospital neglected the duties it owed to patients.
Patients have special rights under federal law when it comes to their protected health information (PHI), and covered entities, including healthcare providers, must take special care when they possess a patient’s PHI. According to the U.S. Department of Health and Human Services, “protected health information” is defined as “information, including demographic data, that relates to:
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.”
This makes clear that protection is afforded to certain health-care-related information when it is paired with additional data that allows a viewer to determine the patient’s identity. Under the HIPAA Privacy Rule, there are 18 of these identifiers:
If PHI has even one of these identifiers, it is protected under HIPAA and patients are entitled to additional protection. It is only when PHI is devoid of all identifiers that it is no longer considered “protected.”
While it remains to be seen if the recent Taylor Regional Hospital “cyber security incident” will turn into a data breach, the consumer privacy lawyers at Console & Associates, P.C. are staying on top of the incident and will announce any further developments.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Console and Associates, P.C. | Attorney Advertising
Refine your interests »
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Back to Top
Explore 2021 Readers’ Choice Awards
Copyright © JD Supra, LLC
