Yale New Haven Hospital Accidentally Posts Sensitive Patient Data Online in Recent Data breach | Console and Associates, P.C. | #itsecurity | #infosec


Recently, Yale New Haven Hospital confirmed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. According to the YNHH, the breach resulted in the names, telephone numbers, email addresses, age ranges, preferred languages, medical record numbers, procedure types, and dates and locations of service being compromised. On June 17, 2022, YNHH filed an official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Yale New Haven Health data breach, please see our recent piece on the topic here.

What We Know About the Yale New Haven Health Data Breach

According to an official notice filed by the YNHH, on April 18, 2022, the organization learned that a file containing sensitive patient information was accidentally made available on its website. In response, Yale New Haven Health removed the page and worked with cybersecurity experts to investigate the incident and its potential impact on patients.

This investigation revealed that the file was visible to the public between December 16, 2021 and April 18, 2022. Subsequently, YNHH determined that the file contained certain patients’ personal and protected health information. While the breached information varies depending on the individual, it may include your name, telephone number, email address, age range, preferred language, medical record number, procedure type, and date and location of service.

On June 17, 2022, Yale New Haven Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Are Companies Liable for Accidental Data Breaches

These days, Most data breaches involve some element of criminal conduct. For example, a hacker who breaches a company’s IT network in hopes of obtaining sensitive consumer data is breaking the law. So too is someone who sends a phishing email intended to get an employee to give up their login credentials. However, not all data breaches involve the third-party criminal actions of someone outside the organization.

For example, the Yale New Haven Health data breach didn’t involve anyone breaking the law. Instead, someone within the organization appears to have inadvertently posted a page containing sensitive patient information on a public portion of the organization’s site.

Regardless of how a data breach occurs, a company may be held liable for any resulting damages if victims of the breach can prove that the company was negligent. In data breach cases involving cyberattacks, the question usually comes back to whether the organization’s data security system was sufficient to detect and prevent cyberintrusions. However, the question is much simpler in data breaches such as the Yale New Haven Health breach. Essentially, whether YNHH is financially liable for the breach will boil down to whether the organization’s actions in accidentally posting the patient data were negligent. Of course, it’s too early to tell if Yale New Haven Health bears responsibility for the breach. However, as additional information about the incident becomes available, data breach lawyers will be looking into whether affected patients can hold the organization liable.



Original Source link

Leave a Reply

Your email address will not be published.

67 + = seventy