cyber Breach

Mercy Health

May 11, 2023 1 min read
Mercy Health

Mercy Health Lorain Hospital Laboratory experienced HIPAA breach due to contractor invoice printing error.

No actual or attempted access or misuse of patient or guarantor information has been discovered.

Batches of medical invoices created and mailed by RCM’s contracted mailing vendor were printed incorrectly.

Instead of the name, street address, city, state, and zip code of the patient (or his/her guarantor) appearing in the clear address “window” of the envelope, what actually appeared were names, street addresses, and Social Security numbers.

Source: https://www.databreaches.net/mercy-health-lorain-hospital-laboratory-patients-notified-of-hipaa-breach-due-to-contractor-invoice-printing-error/

TPRM report: https://scoringcyber.rankiteo.com/company/mercyhealth-chp

"id": "mer21861222",
"linkid": "mercyhealth-chp",
"type": "Breach",
"date": "01/2020",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Lorain, Ohio',
                        'name': 'Mercy Health Lorain Hospital Laboratory',
                        'type': 'Healthcare'}],
 'attack_vector': 'Invoice Printing Error',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Street Addresses',
                                              'Social Security Numbers']},
 'description': 'Mercy Health Lorain Hospital Laboratory experienced a HIPAA '
                'breach due to a contractor invoice printing error. Batches of '
                'medical invoices created and mailed by RCM’s contracted '
                'mailing vendor were printed incorrectly. Instead of the name, '
                'street address, city, state, and zip code of the patient (or '
                'his/her guarantor) appearing in the clear address “window” of '
                'the envelope, what actually appeared were names, street '
                'addresses, and Social Security numbers. No actual or '
                'attempted access or misuse of patient or guarantor '
                'information has been discovered.',
 'impact': {'data_compromised': ['Names',
                                 'Street Addresses',
                                 'Social Security Numbers']},
 'post_incident_analysis': {'root_causes': 'Human Error'},
 'regulatory_compliance': {'regulations_violated': 'HIPAA'},
 'title': 'Mercy Health Lorain Hospital Laboratory HIPAA Breach',
 'type': 'HIPAA Breach',
 'vulnerability_exploited': 'Human Error'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.