13 healthcare privacy incidents in February

Numerous privacy incidents at health IT suppliers, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in February, healthcare organizations experienced breaches as early as May 2015.

Here are 13 incidents covered by Becker's Hospital Review or reported to HHS' Office for Civil Rights breach portal in February.

Note: The incidents are presented in order of number of patients or organizations affected.

1. Triple-S Advantage, a Puerto Rico-based health insurer, reported an unauthorized individual accessed the data of 36,305 members, according to the OCR breach portal.

2. Parsons, Tenn.-based Decatur County General Hospital notified 24,000 patients that its EMR server had been hit with a cryptocurrency mining software.

3. CarePlus Health Plans, a Florida-based insurer specializing in Medicare Advantage HMO plans, notified 11,200 members to a potential privacy breach.

4. Ron's Pharmacy Services in California reported an email breach may have exposed 6,781 consumers' data, according to the OCR breach portal.

5. Jemison (Ala.) Internal Medicine reported 6,550 of its members' data were potentially compromised in a hack on its network server, according to the OCR breach portal.

6. Boston-based Partners HealthCare said in a Feb. 5 statement roughly 2,600 patients' private information may have been affected after the system's computer network was compromised by an unauthorized third-party "malicious computer program" in May 2017.

7. An unauthorized third party may have had access to the protected health information of nearly 1,882 Charlottesville-based University of Virginia Health System's patients that was stored on a physician's laptop and other devices for nearly 17 months.

8. Horne, a company Hattiesburg, Miss.-based Forrest General Hospital enlists to provide certain Medicaid reimbursement services, discovered one of its employees fell  victim to a phishing attack that may have compromised 1,670 Forrest patients' protected health information.

9. The Missouri Department of Mental Health reported 1,000 patients' data had been potentially accessed by an unauthorized individual, according to the OCR breach portal.

10. Everett-based Western Washington Medical Group notified 842 patients after it discovered its janitorial service failed to shred some medical records and other protected health information prior to disposal.

11. Bangor-based Eastern Maine Medical Center mailed letters Feb. 1 to 660 patients after it failed to locate a portable external computer hard drive containing their personal health information.

12. The City of Detroit reported it lost a portable electronic device containing data on 544 patients, according to the OCR breach portal.

13. In a recent meeting with the board of trustees, staff members from the Medical University of South Carolina in Charleston said 13 employees were terminated in 2017 after administrators determined they had viewed patient records without permission.

More articles on cybersecurity:

UC San Francisco, Samsung partner on blood pressure app for research
Researchers use EHRs to identify hypertension among safety-net patients
NIH's genome institute to unveil new roadmap for genomics research in 2020

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months