CareArc says a data breach from last year affected more than 290 patients, however, no sensitive financial or personal information was compromised.
That was the report from Risk Manager Neil Dean to the CareArc Board of Directors Tuesday afternoon. Dean did not say when the breach was originally reported, however, he says CareArc was notified back in early April of last year.
Dean says Capture RX took all steps required by law to respond to the breach and help prevent future breaches of this nature. He says the case can be closed due to this action by Capture.
CEO Renee Hively says all affected patients have been notified by CareArc directly and no further action is required. The data breach follows a separate, yet similar incident at Newman Regional Health which was reported back in April of this year. The hospital noted that between Jan. 26 and Nov. 23 of 2021 there was an unauthorized access to a “limited number of email accounts.”
In separate business Tuesday, the monthly financial report showed the health center suffered its first monthly loss of the year in May. CareArc saw a net loss of $30,000 against a budgeted loss of $25,000.
Year-to-date CareArc has had a net gain of $276,000. In other business, the board received a presentation of the final draft of the 2022 audit report. Once again, CareArc has received a clean report with no internal control findings and just one compliance finding related to paycheck protection program reporting procedures.
Hively explains there was a slight reporting error due to the health center selecting reporting “option 2” instead of “option 3.”
Hively says the issue was also partially due to the frequency of reporting guideline updates.
The error has since been corrected with no penalty to the health center according to Hively.
The board plans to approve the final report later this week. The CareArc Board of Directors will next convene on Tuesday, Jul. 26 for its monthly meeting.
