Henry Ford Health System (HFHS) reported a data breach on June 6, 2023, involving patients’ information due to unauthorized access to mscripts’ cloud storage, a provider of mobile pharmacy solutions used by HFHS. The breach exposed a range of sensitive data, including names, addresses, phone numbers, dates of birth, prescription information, protected health information, and health insurance details. HFHS initiated data breach notification procedures by filing with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) and posting a “Notice of Privacy Incident” on its website. mscripts, after discovering certain files accessible without authorization on its cloud-based storage, reviewed compromised images containing prescription order summaries and insurance cards submitted by pharmacy patients.
The compromised information varied for each individual but encompassed personal details such as names, addresses, phone numbers, dates of birth, prescription data, and protected health information. mscripts took measures to identify the affected consumers and promptly sent out data breach letters on behalf of Henry Ford Health to notify individuals whose information was compromised. The breach highlights the vulnerability of healthcare data and the importance of secure cloud storage solutions to safeguard patient information. Henry Ford Health’s proactive response and collaboration with mscripts demonstrate a commitment to addressing the breach and ensuring transparency in informing affected individuals about the potential compromise of their sensitive data.
As the investigation continues, the incident underscores the ongoing challenges in maintaining the security of healthcare data and the critical need for healthcare organizations and their vendors to implement robust cybersecurity measures. The breach notification letters aim to keep affected individuals informed about the extent of the breach and the potential exposure of their personal and health-related information, emphasizing the importance of vigilance in safeguarding sensitive data within the healthcare sector.
