12 healthcare privacy incidents in November

Julie Spitzer - Print  | 

Privacy incidents at government departments, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in November, healthcare organizations experienced breaches as early as 2013.

Here are 12 incidents covered by Becker's Hospital Review.

Note: The incidents are presented in order of number of patients or organizations affected.

1. Researchers at Risk Based Security warned healthcare providers using OpenEMR, which hosts 90 million records globally, to a vulnerability in its configuration that may expose the system to a complete compromise.

2. Cottage Health System, a Santa Barbara-based healthcare organization, agreed to pay the state $2 million to settle allegations it failed to establish reasonable safeguards to protect patient medical information, which led to the exposure of nearly 50,000 medical records.

3. Milwaukee-based Medical College of Wisconsin notified 9,500 patients to a potential breach of their sensitive information after some faculty and staff members fell victim to a spear phishing attack targeting their email system.

4. Staunton, Va.-based Valley Family Medicine notified 8,500 patients of a security incident after two employees printed and misused a mailing list.

5. The North Carolina Department of Health and Human Services mailed letters to nearly 6,000 people who underwent routine drug screening for employment, internship and volunteer opportunities at its agency, notifying them of a recent incident in which a spreadsheet containing their personal information was sent in error to a vendor via an unencrypted email. 

6. A data breach led to the inappropriate access of at least 1,200 Williamsport, Pa.-based UPMC Susquehanna patients' information.

7. East Brunswick, N.J.-based Otolaryngology Associates of Central Jersey mailed letters to roughly 1,000 patients affected by a September theft of 13 boxes of medical records taken from an off-site storage facility.

8. Colorado Springs, Colo.-based Rocky Mountain Health Care Services notified 909 patients to a security incident in which an employee's laptop was stolen, potentially compromising patients' protected health information — the second incident involving a laptop theft since June.

9. HHS is investigating the unauthorized access and disclosure of at least 700 Chicago-based Cook County Health and Hospitals System patients' information after a third-party company experienced "an isolated processing error" earlier this year, affecting approximately 727 patients.

10. Muncie-based Indiana University Health Ball Memorial Hospital notified some of its patients after a bag containing billing paperwork with patient information was found at an intersection in Muncie.

11. Officials at Beaufort (S.C.) Memorial Hospital warned community members of a phone scam targeting Beaufort County residents in which callers pretend to be from the hospital to obtain their Social Security numbers or credit card information.

12. The U.S. Computer Emergency Readiness Team issued two alerts Nov. 14, warning organizations to monitor their network systems from attacks known collectively as Hidden Cobra, which are deployed by the North Korean government. 

More articles on cybersecurity:

Washington AG sues Uber in wake of data breach

Federal government considers digital currency

Microsoft plans to rebuild its Redmond headquarters, aims for mini-city feel

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.