14 healthcare privacy incidents reported in September

Privacy incidents at government departments, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in September, healthcare organizations experienced breaches as early as November 2011.

Here are 14 incidents covered by Becker's Hospital Review.

Note: The incidents are presented in order of number of patients affected.

1. The protected health information of nearly 66,000 patients at Eden, N.C.-based Morehead Memorial Hospital was potentially exposed when two employees fell victim to a phishing attack July 21.

2. Arkansas Department of Human Services officials notified 26,044 Medicare beneficiaries of an incident in which multiple spreadsheets of personal and health information were emailed to a former employee in March.

3. Aurora-based Children's Hospital Colorado notified almost 3,400 patient families of a privacy incident discovered in July that possibly exposed their protected health information.

4. Spokane, Wash.-based Mann-Grandstaff Veterans Affairs Medical Center notified 3,275 veterans their protected health information was potentially compromised after it discovered a vendor-issued laptop had been missing from one of its labs since May 2016.

5. Vancouver, Wash.-based PeaceHealth Southwest Medical Center notified 1,969 patients after it discovered an employee accessed protected health information without authorization between November 2011 and July 2017.

6. Ridgeview Community Network, an ACO that includes Waconia, Minn.-based Ridgeview Medical Center, exposed 1,074 members' email addresses July 10 and July 11 when it sent a general survey request via email but neglected to blind-copy the email addresses. 

7. The University of Wisconsin-Madison notified 1,000 patients when a quality improvement survey, which included references to prescription medications and family planning service, was mailed via postcard in July.

8. Ventura, Calif.-based Community Memorial Health System notified 959 patients after discovering a June 22 phishing scam possibly exposed their personal information.

9. Monroeville, Pa.-based Premier Medical Associates discovered a data breach affecting 900 visitors to its website, in which a technical error made information individuals submitted through the "Contact us" form accessible to other website visitors.

10. Two computers at the Alaska Department of Health and Social Services' Office of Children's Services were infected with a Trojan horse virus July 5 and July 8, potentially compromising the personal information of more than 500 individuals.

11. Prince Albert Parkland Health Region, a Canadian hospital, fired an employee after she was caught inappropriately accessing the medical records of 14 patients, including several of her family members and herself, an audit and investigation found.

12. A former employee at Deer Park (N.Y.) PTDC, a physical therapy office, has been accused of stealing three elderly patients' identities to help pay for $15,000 worth of cosmetic surgery at Huntington, N.Y.-based Romanelli Cosmetic Surgery.

13. Augusta (Ga.) University Medical Center disclosed a potential breach, which impacted fewer than 1 percent of its patients, after two employee email accounts fell victim to a phishing attack April 20 and April 21.

14. The Ohio Department of Health cautioned residents about a recent phone scheme in which scammers pose as state health department staff.

More articles on cybersecurity:

Hospital leaders should be weary of accidental insider mistakes, better prepare employees

Equifax CEO resigns after massive breach: 5 things to know

SEC Chairman: Extent of SEC breach remains unknown

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars