10 healthcare privacy incidents in December

Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in December 2018, healthcare organizations experienced breaches as early as 2015.

Here are 10 healthcare privacy incidents reported by Becker's Hospital Review in December:

Editor's note: The incidents are presented in order of number of patients or organizations affected.

1. Baylor Scott & White Medical Center-Frisco (Texas) said one of its vendors suffered a cyberattack in late September, which may have compromised 47,000 patients' or guarantors' credit card information.
2. Cancer Treatment Centers of America at Western Regional Medical Center in Bullhead City, Ariz., warned 41,948 individuals about a potential compromise of their protected health information after a hacker briefly gained access to an employee's email account earlier in 2018.
3. The University of Vermont Health Network-Elizabethtown (N.Y.) Community Hospital notified 32,000 patients after an unauthorized individual breached an employee's email account in October.
4. Redwood Eye Center in Vallejo, Calif., notified 16,055 patients after it learned its EMR vendor IT Lighthouse experienced a ransomware attack in September.
5. BJC HealthCare in St. Louis said Dec. 18 that malware on its website may have exposed credit card information from 5,850 individuals.
6. A lawsuit filed by Massachusetts Attorney General Maura Healey's office alleges Belmont, Mass.-based McLean Hospital lost personal and health information of over 1,500 patients, employees and brain donors.
7. Baltimore-based University of Maryland Medical System investigated a malware attack that affected about 250 of its 27,000 devices Dec. 9.
8. Hospitals across the U.S. received email bomb threats on Dec. 13 as part of a large-scale extortion attempt that authorities said is not credible, according to multiple news sources.
9. Shortly after moving into a retired physician's rental home in Brentwood, Tenn., Kirsten and Don Borgeson stumbled upon thousands of unsecured medical records in the garage.
10. San Mateo (Calif.) Medical Center alerted patients seen at its Daly City (Calif.) Clinic to a potential breach of their protected health information.