Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.
While some security incidents only affected a few hundreds of individuals, others were said to have affected more than 250,000.
Fourteen healthcare privacy incidents reported by Becker's Hospital Review in April:
Editor's note: Incidents are presented in order of the number of patients or organizations affected.
1. A cyberattack last July on Macon, Ga.-based Navicent Health's employee email account system may have affected 278,016 patients' personal information.
2. Ontario, Calif.-based Centrelake Medical Group is alerting 197,661 patients that their personal health information may have been exposed because of a computer virus.
3. Personally identifiable data for approximately 145,000 patients at the Levittown, Pa.-based Steps to Recovery addiction treatment facility and the Ohio Addiction Recovery Center in Columbus was exposed in a searchable online database.
4. Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targeted in a phishing attack that may have put the information of 23,000 patients at risk.
5. Springfield, Mass.-based Baystate Health notified about 12,000 patients of a Feb. 7 phishing attack.
6. Blue Cross of Idaho is notifying 5,600 members of a March 21 data breach that allowed an unauthorized user to gain access to the organization's online provider portal.
7. AltaMed Health Services Corp. has sent letters to 5,500 patients about a security breach that may have impacted their personal health information.
8. The Veterans Health Administration is notifying 4,882 veterans who were treated at the Martinsburg (W.Va.) VA Medical Center that their personal health information may have been mailed out in letters to other patients.
9. Humana told 522 members that a limited amount of their personal data may have been exposed during a data security incident at the beginning of 2019.
10. Bangor, Maine-based Northern Light Acadia Hospital mistakenly emailed the names of 300 patients who had prescriptions for Suboxone.
11. Physician staffing company EmCare is alerting patients, employees and contractors about a Feb. 19 data breach that exposed their personal data.
12. Microsoft emailed an unknown number of users April 12 across its Outlook, MSN and Hotmail platforms alerting them of a data breach that occurred between Jan. 1 and March 28.
13. A Cleveland-based University Hospitals Rainbow Babies and Children's Hospital employee emailed a message to a group of patients, inadvertently allowing the recipients to see each other's email addresses.
14. Anchorage-based University of Alaska is alerting individuals about a computer data breach that may have affected email accounts.
More articles about cybersecurity:
5 common questions about HIPAA, answered
Hospitals can leverage AI to combat cyberattacks, report finds
Virus prevented California medical group from accessing records, exposed 198,000 patients