15 healthcare privacy incidents in April

Numerous privacy incidents at health IT suppliers, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in April, healthcare organizations experienced breaches as early as 2007.

Here are 15 incidents covered by Becker's Hospital Review in April.

Note: The incidents are presented in order of number of patients or organizations affected.

1. West Hills, Calif.-based Center for Orthopaedic Specialists, which is a part of Providence Medical Institute, a physician foundation encompassing a number of practices roped under Renton, Wash.-based Providence Health & Services, reported computer systems at three of its facilities were compromised by a malicious software that encrypted patient data and demanded money to restore the clinics' access. COS notified 85,000 patients.

2. Inogen, an oxygen supply device manufacturer, notified 30,000 existing and former customers their personal data may have been improperly accessed.

3. Several Des Moines, Iowa-based UnityPoint Health employees' email accounts were compromised and accessed by unauthorized individuals between Nov. 1, 2017 and Feb. 8, 2018. The organization notified 16,429 patients, according to HHS' Office for Civil Rights breach portal.

4. Earlier in 2018, the Illinois Department of Healthcare and Family Services and the Illinois Department of Human Services mailed 4,136 individuals notices that contained their personal information to incorrect addresses.

5. Arlington-based Texas Health Resources notified about 4,000 patients who received care in 2017 their protected health information may have been breached when an unauthorized third party potentially gained access to some employees' email accounts.

6. Cambridge (Mass.) Health Alliance notified roughly 2,500 patients that an unauthorized third party gained access to some of their protected health information.

7. Chesapeake (Va.) Regional Healthcare notified 2,100 sleep center patients after discovering two unencrypted, portable hard drives containing their electronic protected health information were missing.

8. Polk County (Iowa) Health Services accidentally and unknowingly disseminated the protected health information of 1,000 patients who received care at the Crisis Observation Center in Des Moines, Iowa from June 2014 to January 2018.

9. The Wisconsin Department of Health Services and its business associate, The Management Group, notified 779 participants of its IRIS program — a Medicaid home- and community-based service for adults with long-term care needs — to a breach of their personal information after a laptop and work bag were stolen from a TMG IRIS consultant in February.

10. About 595 NYC Health + Hospitals/Harlem patients received letters notifying them to a potential compromise of their protected health information after a laptop went missing from the facility in January.

11. Charlotte, N.C.-based Carolina Digestive Health Associates notified about 100 patients after it learned an employee stole their personal information — including Social Security numbers, dates of birth and names — and shared it with fraud suspects.

12. MEDantex, a medical transcription service for hospitals, clinics and private physicians, leaked thousands of physicians' patient medical records because it failed to password protect a portion of its site — an error found by KrebsOnSecurity April 20. Some documents dated as far back as 2007.

13. Lake Mary, Fla.-based MedWatch, a care management company that offers risk management solutions to self-funded health plans, notified its clients' health plan members April 13 that a vendor misconfiguration error exposed their protected health information between October 2017 and December 2017.

14. Grindr, a gay dating app, gave users' HIV statuses and other information from their profiles to two outside data-optimization firms.

15. A registration employee at Miami-based West Kendall Baptist Hospital exploited patient credit card information to make personal purchases.

More articles on cybersecurity:
5 popular clinical process improvement vendors, as ranked by KLAS
Lancaster General Health partners with private equity firm to launch $300M precision medicine fund
Philips posts $4.8B in sales for Q1, dips 2% from 1 year prior: 4 things to know

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars