Five of these e-mails contained patients' Social Security numbers, and an unspecified number also contained some medical and other information, including "one or more" data elements, such as patient names, dates of birth, diagnosis, prognosis, medications, results, referrals, dates and times of service, provider and facility names, internal hospital medical records and account numbers, Carolinas HealthCare said in the release.
No evidence has been found suggesting that patients' information has been misused, according to the system. The North Carolina attorney general and HHS have been notified, and the system is offering free credit monitoring to affected patients, the release stated.
There have been 511 breaches reported to and posted on the website of HHS' Office for Civil Rights involving the healthcare records of 500 or more individuals since a federal public-notice requirement for these breaches took effect in September 2009. Thus far, a little more than 8% of these posted breaches involved hacking, while just less than 3% were reported to have involved e-mail as the source of the breached information. The records of nearly 21.4 million individuals have been compromised by all of the breaches reported to the OCR under an amendment to the HIPAA privacy rule in the 2009 American Recovery and Reinvestment Act.