17 cybersecurity incidents in January

Mackenzie Garrity - Print  | 

Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention in January.

While some security incidents only affected a few hundred patients, others were said to have affected nearly 200,000. 

Here are 17 healthcare privacy incidents reported by Becker's Hospital Review in December:

Editor's note: Incidents are presented in order of the number of patients or organizations reportedly affected.

1. Whittier, Calif.-based PIH Health began notifying 199,548 patients on Jan. 10 that their protected health information may have been exposed in a data breach.

2. Alexandria, Minn.-based Alomere Health began notifying 49,351 patients Jan. 3 that their information may have been exposed in two phishing attacks.

3. Portland, Ore.-based Native American Rehabilitation Association of the Northwest began  notifying 25,187 patients Jan. 3 that their information may have been exposed in a data breach.

4. Franklin, Tenn.-based SouthEast Eye Specialists Group began notifying 13,000 patients that their protected health information may have been exposed in a data breach.

5. McKinney, Texas-based Children's Choice Pediatrics began notifying 12,689 patients Jan. 7 of a ransomware attack that may have exposed their protected health information. 

6. South Portland, Maine-based Spectrum Healthcare Partners is notifying 11,308 patients of an email incident that may have exposed their protected health information.

7. A vulnerability in LabCorp's website allowed for thousands of medical documents, such as test results, to be searchable online. 

8. Cook County (Ill.) Health began notifying 2,713 patients Jan. 24 that their personal information may have been sent to a third-party vendor who did not have a business agreement with the health system at the time.

9. An unauthorized third party gained access to some computers at Manchester (Conn.) Ophthalmology and attempted to encrypt information with ransomware. -- 2000 

10. Phoenix Children's Hospital began notifying 1,860 patients Jan. 14 that their information may have been exposed in a phishing attack.

11. Southfield, Mich.-based Beaumont Health began notifying 1,182 patients Jan. 24 that their information may have been wrongfully disclosed. 

12. An unauthorized individual pretended to be an executive at New York City-based VillageCare Rehabilitation & Nursing Center to gather information on patients.

13. Vorhees, N.J.-based The Center for Neurological and Neurodevelopmental Health announced Jan. 21 that it is alerting patients about a security incident that may have exposed their protected health information.

14. Microsoft released a notice Jan. 22 about a data breach within an internal customer support database used for support case analytics.

15. Adventist Health Simi Valley (Calif.) began alerting patients Jan. 6 that their protected health information may have been exposed in a phishing attack.

16. Lagrangeville, N.Y.-based Health Quest began notifying an undisclosed number of patients Jan. 10 that their information may have been exposed in a phishing attack.

17. Mercy Health Lorain (Ohio) Hospital is alerting patients that their protected health information may have been exposed in a data breach at a revenue cycle management vendor.

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.