Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.
While media outlets reported on the following breaches in March 2019, some of the breaches occurred as far back as May 2018.
Thirteen healthcare privacy incidents reported by Becker's Hospital Review in March:
Editor's note: Incidents are presented in order of the number of patients or organizations affected.
1. The Oregon Department of Human Services reported an email phishing attack on 2 million agency emails that may have exposed the medical information of more than 350,000 people.
2. Medical device and software developer Zoll has notified 277,319 patients of a security incident that put their personal and medical information at risk from Nov. 8 to Dec. 28, 2018.
3. Health Alliance Plan and Blue Cross Blue Shield of Michigan have alerted nearly 270,000 members combined that their personal information may have been compromised after a data breach at the payers' mailing service vendor in September 2018.
4. Chicago-based Rush University Medical Center sent letters to as many as 45,000 patients notifying them of a potential data security incident in May 2018.
5. A security breach at the former medical center of Greenville, S.C.-based St. Francis Physician Services may have compromised data from more than 32,000 patients.
6. Elizabeth City, N.C.-based Pasquotank-Camden Emergency Medical Services posted a notice about a February cybersecurity incident that may have affected 20,420 people.
7. A ransomware attack on a Grand Haven, Mich.-based North Ottawa Community Health System's vendor may have compromised data from about 15,000 patients.
8. Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerting them of a May 2018 cybersecurity attack that may have affected their information.
9. Officials within Arizona's Medicaid program reportedly sent personal health information of 3,146 patients to incorrect home addresses.
10. A fax server error within Meditab, a company that develops software for EHRs, left thousands of physicians’ notes and patient information vulnerable for anyone to access.