An American Action Forum report indicates EMR hacks have more than doubled since 2014, with more than 94 million EMRs being compromised. These breaches have cost the healthcare system an estimated $50 billion.
The following list compiles the most recent data breaches — EMR and otherwise — to occur in the healthcare industry since July 1, starting with the most recently reported.
1. Merit Health Northwest Mississippi in Clarksdale reported a potential data breach after learning an employee was under investigation by law enforcement for identity theft. During the investigation, hospital documents containing patient information were found in the individual's home.
2. Akron (Ohio) Children's Hospital notified approximately 7,660 patients and their families that their information may be compromised after discovering a record device containing backup transport records between ambulance dispatchers and medical staff at hospitals and Akron Children's emergency departments was missing.
3. The William W. Backus Hospital in Norwich, Conn., is notifying 360 patients that an unauthorized party may have viewed some of their protected health information. A hospital employee took patient records home to work on them, and a non-employee may have viewed them.
4. Fourteen employees at Roanoke, Va.-based Carilion Clinic inappropriately accessed a patient's record. All employees were disciplined, and an unspecified number were fired.
5. The Colorado Department of Health Care Policy and Financing notified more than 3,000 Colorado residents receiving Medicaid and CHIP benefits that their protected health information was unintentionally mailed to the wrong recipients.
6. A missing unencrypted flash drive prompted Lawrence (Mass.) General Hospital to notify patients of a potential data breach.
7. Kalispell, Mont.-based Urology Associates reported a potential breach after a break-in at the firm's storage unit during which sensitive medical information may have been accessed.
8. Boston-based Massachusetts General Hospital notified 648 individuals of a data breach after an employee accidentally sent an email containing protected health information to an incorrect email address.
9. East Bay Perinatal Medical Associates, a clinic with offices in Berkeley, Oakland and San Leandro, Calif., reported a breach after discovering a patient list on an employee's personal laptop. The employee had created the patient list as part of his or her duties for cataloguing records.
10. McLean Hospital in Belmont, Mass., reported backup data tapes are missing. The tapes contained information on 12,600 people who donated their brains to research.
11. Columbus-based OhioHealth notified patients of a breach after discovering a missing, unencrypted flash drive containing sensitive information of approximately 1,000 patients.
12. Meritus Medical Center in Hagerstown, Md., reported a breach after learning a vendor's employee may have accessed patient information in a manner unrelated to job duties.
13. Healthfirst, a payer based in New York, suffered a hack on its payer portal affecting 5,300 members. The Department of Justice notified the payer that an individual may have stolen sensitive information of Healthfirst members through the payer's online portal.
14. Los Angeles-based UCLA Health was hit with a cyberattack compromising the protected health information of nearly 4.5 million people.
15. University Hospitals Elyria (Ohio) Medical Center fired an employee after discovering the employee accessed 297 patient medical records without authorization.
16. Pittsburgh-based UPMC Health Plan notified 722 members their data may have been compromised after an email containing sensitive information was inadvertently sent to an incorrect email address.
17. Mayo Clinic is investigating an internal breach upon discovering an employee inappropriately accessed patient records in Red Wing, Minn.
18. A stolen unencrypted laptop prompted the University of California San Francisco to alert patients of a potential data breach. The sensitive information of 435 individuals was contained on the laptop.
19. Orlando (Fla.) Health reported a data breach in which a nursing assistant accessed approximately 3,200 patient records in a manner unrelated to job responsibilities.
More articles on health IT:
The vendor's view of interoperability: Thoughts from Greenway Health's Mark Janiszewski
13% of healthcare organizations targeted by external cyberattacks at least once a day
More than $31B distributed in MU payments to date