Becker's Hospital Review

45 CIO / HEALTH IT Lurie Children's sued for medical records privacy breach By Jackie Drees T he mother of a former patient of Ann and Robert Lurie Children's Hospital of Chicago filed a lawsuit May 8 against the hospital over a medical records privacy breach, according to The Chicago Sun-Times. In the lawsuit, the mother claimed that two for- mer Lurie Children's employees accessed her 3-year-old daughter's medical records from early last year. The mother received a letter from the hospital in December 2019 notify- ing her that a nursing assistant had accessed her daughter's medical records "without a work-related reason," according to the report. The mother claimed she then received an- other letter from the hospital May 4 that a different employee had also inappropriate- ly accessed her daughter's medical records. Lurie Children's posted a notice May 4 to its website that an employee viewed more than 4,800 patient medical records without a work-related reason. "Rather than take it seriously, Lurie chalked it up to the curiosity of a bored employee," the lawsuit stated. "Lurie refused to discuss wheth- er this was a more widespread problem." In a statement May 8, Lurie Children's said: "In December 2019 and May 2020, Lurie Children's notified some of our patients about two nurse assistants who had accessed certain patients' medical records without an identified patient need. We have no reason to suspect any misuse of patient information associated with this incident," according to the publication. "Lurie Children's addressed this issue in accor- dance with our disciplinary policies, and the employees no longer work for the hospital," the statement continued. "We remain com- mitted to providing the highest standard of patient care, as well as protecting the privacy and confidentiality of our patients." The lawsuit is seeking class-action status to include other patients whose medical re- cords were also inappropriately accessed. The mother is seeking ongoing credit monitoring for patients who were affected by the security breach as well as damages and restrictions en- acted to prevent further breaches, according to the report. n Minnesota health system email attack exposes 10,000+ patients' info: 4 details By Laura Dyrda M ille Lacs Health System in Onamia, Minn., reported May 11 that select employees fell victim to an email cyberattack that affected thousands of patients' information. Four things to know: 1. The health system found that an unauthorized entity had access to employee emails from Aug. 26, 2019 to Jan. 7, 2020. Mille Lacs discov- ered the phishing attack on Nov. 14, 2019, and began an investigation. 2. Employees were sent phishing emails asking for their login and password information, and their credentials were used to access other employee email accounts. 3. Patient protected health information was contained within the af- fected email accounts, and the health system has terminated the un- authorized access. Information stored in the email accounts included names, dates of birth, provider names, dates of service and other clini- cal information. In some cases, the email accounts included messages with Social Security numbers. 4. HHS reported the email breach affected 10,630 patients. n 25 most common passwords By Laura Dyrda T he first step to lowering your risk of being hacked is to make sure your password isn't too common. In early May the U.S. gov- ernment issued a warning that hackers are targeting healthcare organizations for COVID-19 information using password spraying campaigns, which means they are attempting to break into the system by using common passwords with several accounts. SplashData produces an annual list of the worst passwords based on popular- ity. Here are the top 25 from 2019: 1. 123456 2. 123456789 3. qwerty 4. password 5. 1234567 6. 12345678 7. 12345 8. iloveyou 9. 111111 10. 123123 11. abc123 12. qwerty123 13. 1q2w3e4r 14. admin 15. qwertyuiop 16. 654321 17. 555555 18. lovely 19. 7777777 20. 888888 21. princess 22. dragon 23. password1 24. 123qwe 25. 666666 n

• Cover