[BreachExchange] EMR provider alerts 2 Maryland medical groups of data breach that may have affected 3, 000 patients

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/emr-provider-alerts-2-maryland-medical-groups-of-data-breach-that-may-have-affected-3-000-patients.html

Meditab, an EMR and practice management software provider, has
notified two healthcare providers in Maryland that their patients'
personal health information may have been exposed, according to the
HIPAA Journal.

The EMR provider became aware that some protected health information
could be viewed by unauthorized parties in March. Upon investigation,
Meditab found that between Jan. 9 and March 14 a limited number of
faxes that contained medical information could be accessed.

Meditab has since corrected the issue, saying fewer than 5 percent of
the faxes that passed through the system were exposed. Meditab had
created a portal to view records for its Fax Cloud service. When the
faxes were transmitted, a link to the image on a separate and secure
server was temporarily available, the HIPAA Journal reports.

Capital Cardiology Associates in Lanham, Md., was notified that 1,980
patients may have been affected. Meditab alerted Greenbelt-based
Southern Maryland Medical Group that 1,400 patients may have had their
data exposed.

Patients' names, addresses, phone numbers, dates of birth and medical
records and treatment notes were affected by the data breach.

Meditab is unaware of any data misuse from the breach. It is still
unclear if other healthcare providers have been affected by the
breach.