Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.
While some security incidents only affected a single patient, others were said to have affected more than 300,000.
Here are 13 healthcare privacy incidents reported by Becker's Hospital Review in September:
Editor's note: Incidents are presented in order of the number of patients or organizations affected.
1. Pleasant Grove, Utah-based Premier Family Medicine alerted 320,000 patients that their health information may have been exposed in a ransomware attack.
2. Oregon-based Providence Health Plan has notified 122,000 members that their information may have been exposed in a data breach at the provider's administrator Dominion National.
3. Albuquerque, N.M.-based Presbyterian Health Plan was notified by its managed care company vendor Magellan Health that more than 56,000 patients may have had their protected health information exposed in a phishing attack.
4. Seattle-based Community Psychiatric Clinic, a mental health provider, fell victim to three email security breaches that may have exposed 15,500 patients.
5. Metro Mobility, a transportation service for patients with disabilities in Minnesota, has alerted 15,000 patients that their information may have been exposed in a data breach
6. Artesia (N.M.) General Hospital has notified 13,905 patients of a recent security incident that may have exposed patient information.
7. Floresville, Texas-based Connally Memorial Medical Center notified 7,358 patients that their protected health information may have been exposed.
8. Rowlett, Texas-based Berry Family Services, which provides health services to people with disabilities, alerted 1,751 patients of a ransomware attack that encrypted their information.
9. Urbana, Ill.-based Carle Foundation Hospital mailed letters to 1,653 patients Aug. 16 notifying them that their data may have been exposed in a phishing attack.
10. Philadelphia-based Temple University Health System's computer system was compromised in late August, impacting operations including email and patient scheduling.
11. Conway (Ark.) Regional Medical Center alerted patients and staff Aug. 23 that an unauthorized third party had gained access to employee email accounts.
12. A limited number of employees at University of Cincinnati Health were targets in a phishing attack that may have exposed patients' protected health information.
13. Charleston, S.C.-based MUSC Health notified the parent of an infant patient of a privacy breach in which an employee posted a photo of the baby on social media without parental consent.