12 healthcare privacy incidents in March

Numerous privacy incidents at health IT suppliers, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in March, healthcare organizations experienced breaches as early as January 2012.

Here are 12 incidents covered by Becker's Hospital Review in March.

Note: The incidents are presented in order of number of patients or organizations affected.

1. BJC HealthCare in St. Louis notified 33,420 patients a data server configuration error exposed stored scans of certain documents on the internet without the appropriate security controls from May 9, 2017, to Jan. 23, 2018.

2. The Kansas Department for Aging and Disability Services notified 11,000 of its consumers that an employee sent an unauthorized email containing their protected health information to a group of KDADS business associates.

3. Danville, Pa.-based Geisinger inadvertently exposed the email addresses of nearly 2,000 respondents who completed a customer insights panel survey.

4. CareMeridian, which operates subacute care facilities in California, Arizona, Nevada and Colorado, mailed letters to 1,922 individuals after it discovered an unencrypted disk sent by a third-party associate had been lost in the mail.

5. Memorial Hospital at Gulfport (Miss.) notified 1,500 patients after learning some of their PHI  was inadvertently sent, via email, to an outside email address.

6. The Mississippi State Department of Health sent letters March 26 to an undisclosed number of Mississippi residents after it learned an employee mistakenly emailed an Excel spreadsheet containing patients' PHI  to J Michael Consulting, a CDC contractor in January.

7. Des Moines, Iowa-based Primary Health Care notified an undisclosed number of patients that four of its employees' email and Google Drive accounts had been accessed by an unauthorized individual Feb. 28.

8. Officials from QuadMed, a occupational health and primary care services provider that operates within its clients' workplaces, confirmed three separate incidents that may have compromised clients' employees' PHI , according to three notices posted on QuadMed's website

9. Email, internet, the majority of phone lines and several other electronic systems at Geneva, N.Y.-based Finger Lakes Health have been restored after a ransomware attack shut them down March 18.

10. Two former employees at Orlando-based Florida Hospital, who were tasked with releasing patients' personal information for medical and business needs, allegedly stole and sold an undisclosed number of patient records between January 2012 and May 2014

11. Hackers broke into Baltimore's computer-assisted dispatch system, which supports the city's 911 and other emergency calls, causing city officials to revert to manual processes.

12. A surgeon from the U.K. who was remotely advising Syrian physicians performing an operation at a hospital in the war-torn country believes his computer may have been hacked, leading to the hospital being bombed.

More articles on cybersecurity:
CNBC: What we suspect about Amazon's move into healthcare
UnitedHealth CEO: Tech will drive value-based care in 10 years
Boeing hit with WannaCry, but says damage is limited: 5 things to know

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars