12 healthcare privacy incidents in May

Numerous privacy incidents at health IT suppliers, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in May 2018, healthcare organizations experienced breaches as early as May 2015.

Here are 12 incidents covered by Becker's Hospital Review or reported to HHS' Office for Civil Rights breach portal in May.

Note: The incidents are presented in order of number of patients or organizations affected.

1. Baltimore, Md.-based LifeBridge Health notified more than 500,000 patients the week of May 11  that their personal information may have been compromised during a privacy breach in September 2016.

2. The Oregon Clinic in Portland notified 64,487 patients that their protected health information may have been compromised when an unauthorized third party gained access to one of the clinic's email accounts.

3. Aultman Hospital in Canton, Ohio, notified about 43,000 patients who were seen at itsmain hospital, AultWorks Occupational Medicine and some Aultman physician offices of a potential compromise of their protected health information.

4. Malicious software was discovered on three Orlando-based Florida Hospital websites, affecting certain patient information and leading the hospital to notify 12,724 patients.

5. The Cerebral Palsy Research Foundation notified 8,300 clients who were served from 2001 to 2010 that a database containing their demographic data was vulnerable for 10 months.

6. Rochester, Minn.-based Associates in Psychiatry and Psychology discovered March 31 its files had been locked with a variant of ransomware that also disabled affected computers' system restore functions and reformatted the network storage device where the practice kept local backups. The practice notified 6,546 patients.

7. Three Dignity Health St. Rose Dominican Hospitals — located in San Martin, Siena and DeLima, all in Nevada — notified a total of 6,036 patients to a breach involving  paper and file records, according to HHS' OCR breach portal.

8. The Davis Clinic, which is owned by the University of Texas Health Science Center at Houston's physicians organization, sent multiple mass emails exposing 2,800 email addresses primarily belonging to its patients.

9. The San Francisco Department of Public Health notified 895 patients who were seen at Zuckerberg San Francisco General Hospital or Laguna Honda Hospital —  both of which are part of the San Francisco Health Network — that their information may have been accessed by a former employee of a hospital vendor.

10. South Bend, Ind.-based Allied Physicians of Michiana recovered from a May 17 ransomware attack involving the SamSam variant.

11. Ipswich Hospital in England reportedly disciplined two staff members who accessed Ed Sheeran's patient information without a legitimate reason.

12. Cynthia Silhol requested her own medical records from Brooksville, Fla.-based Oak Hill Hospital, but instead, she allegedly received 256 pages of a stranger's health information.

More articles on cybersecurity:
Phishing campaigns use these 3 applications as disguises
UK hospital fires employee for viewing Ed Sheeran's patient information
70% of companies 'disposing' of data ahead of GDPR deadline, survey finds

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars