13 healthcare privacy incidents in February

Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in February 2019, some of the breaches date back to May 2018.

Thirteen healthcare privacy incidents reported by Becker's Hospital Review in February:

Editor's note: Incidents are presented in order of the number of patients or organizations affected.

  1. Seattle-based UW Medicine sent letters to 974,000 patients notifying them of a Dec. 4, 2018, data error that allowed patient information to come up in internet searches.
  1. Farmington-based University of Connecticut Health sent letters to up to 326,000 patients notifying them of a recent data security incident. UConn Health discovered several employee email accounts were attacked on Dec. 24, 2018.
  1. Springs, Fla.-based AdventHealth notified 42,161 patients about an August 2017 data breach that may have exposed personal information.
  1. Memorial Hospital at Gulfport (Miss.) sent letters to roughly 30,000 patients Feb. 15 notifying them of a data breach. The hospital discovered an employee's email account was victim to a phishing attack Dec. 17, 2018.
  1. Nearly 24,000 patients may have had their protected health information breached in a recent hacking incident at Dr. DeLuca & Dr. Marciano Eye Associates, the Prospect, Conn.-based optometry practice.  
  1. Pawnee City, Neb.-based Pawnee Country Memorial Hospital notified 7,175 patients that some of their protected health information may have been exposed when a hospital employee was tricked by a phishing email in November 2018.
  1. Blue Earth, Minn.-based United Hospital District notified 2,143 patients about a June 2018 phishing scheme. A hospital employee's email account was compromised in a phishing attack June 10-27, 2018. 
  1. Colorado Springs, Colo.-based Rocky Mountain Health Care Services sent letters to 971 patients alerting them that an employee's laptop was stolen May 15, 2018.
  1. Chicago-based Rush University Medical Center inadvertently exposed the names of 908 patients in a paper mailing announcing the retirement of a certified nurse practitioner at its Epilepsy Center.
  1. Rutland (Vt.) Regional Medical Center said it plans to mail letters to an undisclosed number of affected patients notifying them of a recent data breach. The hospital discovered the breach after an employee noticed an increased number of spam emails being sent from his or her account Dec. 21, 2018.
  1. Box Elder, Mont.-based Rocky Boy Health Center posted a security breach notice on its website, alerting patients of a Jan. 14 incident that may have put medical records at risk.
  1. Roper St. Francis Healthcare in Charleston, S.C., posted a notice to its website Jan. 29, warning patients about a potential compromise of their protected health information that resulted from a November 2018 data breach.
  1. Valley Professionals Community Health Center, a federally qualified health center headquartered in Cayuga, Ind., notified patients of a potential October 2018 data breach involving their protected health information.

More articles on cybersecurity:
Rutland Regional Medical Center employees' email accounts compromised in phishing attack
'Technology has left the healthcare industry more vulnerable to attack' — Senator questions trade groups on cybersecurity
'Data error' exposes 974,000 patient records at UW Medicine

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months