17 healthcare privacy incidents in December

Privacy incidents at technology companies, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in December, healthcare organizations experienced breaches as early as 2016.

Here are 17 incidents covered by Becker's Hospital Review, beginning with the most patients affected.

1. The Oklahoma Department of Human Services alerted 47,000 clients of a data breach in 2016 after an unauthorized source accessed their personal information.

2. San Antonio-based Center for Health Care Services, a mental health and substance abuse provider, notified 28,434 patients after it learned a former employee secretly took patients' protected health information from the facility on his personal laptop.

3. Chapel Hill-based University of North Carolina Dermatology, a UNC Health Care faculty physicians practice, notified 24,000 patients of a break-in at the UNC Dermatology and Skin Cancer Center that may have compromised their PHI.

4. Detroit-based Henry Ford Health System notified 18,470 patients whose PHI may have been compromised after someone gained illegal access to employees' email credentials.

5. Officials at Stanford (Calif.) University investigated three instances in which misconfigured permissions on file-sharing platforms may have exposed more than 10,000 students' and employees' personal and financial information.

6. The Colorado Center for Reproductive Medicine in Minneapolis fell victim to a ransomware attack Oct. 3, which may have compromised 3,300 patients' protected health information.  

7. New York City-based New York University Langone Health notified roughly 2,000 patients after its cleaning company mistakenly recycled a binder containing presurgical insurance authorizations Oct. 17.

8. Lowell (Mass.) General Hospital notified 769 patients after it learned an employee may have inappropriately accessed their medical records.

9. The University of Alabama at Birmingham mailed letters to 652 patients notifying them of an incident at its Viral Hepatitis Clinic that may have exposed their protected health information.

10. The city of Portland, Maine mailed letters to more than 200 patients previously enrolled in an HIV-positive health program, apologizing for not disclosing that the city planned to share their personal information with researchers from the University of Southern Maine, though officials claim they did no wrongdoing.

11. The National Capital Poison Center in Washington, D.C., notified an undisclosed number of individuals following a ransomware attack that may have enabled an unauthorized third party to access a database containing information on calls to and from the center dating back to January 1997.  

12. A political ad campaign ran on Facebook in September, which targeted users over the age of 40 labeled as "very liberal" and tricked them into clicking on a headline about President Donald Trump's approval ratings to launch a malware attack on their computers.

13. Hackers emptied a digital wallet belonging to the cryptocurrency company NiceHash, leading it to shut down its website and potentially lose nearly $63 million in bitcoin. 

14. A security researcher revealed a hack on a single IV pump or a digital smart pen could blossom into a full-fledged breach, exposing a healthcare organization's patient records.

15. Northwestern, N.J.-based Chilton Medical Center, an affiliate of Morristown, N.J.-based Atlantic Health System, notified a subset of patients that visited its facility between May 2008 and Oct. 15, 2017, after it learned their PHI had been compromised when an employee stole a hard drive from the hospital in October. 

16. Modesto, Calif.-based Stanislaus County Behavioral Health and Recovery Services recovered from a ransomware attack that compromised its computer network Dec. 12 and jeopardized nearly 500 computers.

17. The names and Social Security numbers of an undisclosed number of Glens Falls (N.Y.) Hospital employees who had not received flu shots were exposed in an internal email to staff.

More articles on cybersecurity:

Employee wrongdoing at SSM Health affects 29k patients

Jones Memorial Hospital experiences computer downtime following cyberattack

What to know about 7 major types of cryptocurrencies


Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars