17 healthcare privacy incidents in June

Mackenzie Garrity - Print  | 

Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.

While some security incidents only affected a few thousand individuals, others were said to have affected more than 11.9 million.

17 healthcare privacy incidents reported by Becker's Hospital Review in June:

Editor's note: Incidents are presented in order of the number of patients or organizations affected.

1. Quest Diagnostics notified 11.9 million patients of a data breach that happened at one of its billing collections vendors.

2. Medical testing company Laboratory Corp. of America learned 7.7 million of its patients may have had their data exposed in the same vendor breach as Quest Diagnostics.

3. Nine employees within Oregon's Department of Human Services opened a phishing email on Jan. 8 that may have exposed around 645,000 people.

4. Cancer Treatment Centers of America learned that an email account of an employee at its Atlanta-based Southeastern Regional Medical Center was the target in a phishing attack that may have exposed 16,819 patients.

5. Forsyth, Ga.-based Monroe County Hospital mailed letters to 10,970 patients to alert them that their personal health information may have been exposed.

6. Humana has notified 5,569 members of a security incident that may have exposed members' personal information.

7. UMass Memorial Health Care's behavior health service in Worcester sent letters to 4,598 patients notifying them of an April 18 data breach.

8. Crown Point, Ind.-based Franciscan Health sent letters to 2,200 patients that an employee had viewed their records "without a business reason."

9. Grand Rapids, Mich.-based Mercy Health notified approximately 1,000 patients on May 24 about a data breach that may have exposed patient data.

10. Vision and dental insurer Dominion National notified an unknown number of members of a data security incident that may have caused personal information to be exposed.

11. Meditab, an EMR and practice management software provider, has notified two healthcare providers in Maryland that their patients' personal health information may have been exposed.

12. Both Olean (N.Y.) Medical Group and Seneca Nation Health System in Salamanca, N.Y., lost access to their computer and EHR systems following recent cyberattacks on the organizations.

13. Lake City, Fla., officials agreed to pay cybercriminals $426,000 on June 24 after a ransomware attack locked them out of systems.

14. A Boardman, Ohio-based urology program was cyberattacked on June 10, with hackers demanding $75,000 in bitcoin for the encrypted files.

15. Kingman (Ariz.) Regional Medical Center notified patients of a potential security incident that has left its website down since April 8.

16. Opko Health was the third healthcare company to learn its patients were affected in the American Medical Collection Agency data breach.

17. Some personal information from University of Chicago Medicine patients and donors was mistakenly exposed on June 3.

More articles about cybersecurity:
UMass Memorial Health Care alerts 4,600 patients of phishing attack
Cybersecurity issue and trends on the horizon: 3 Qs with Edward Elmhurst Healthcare CISO Don Fosen
Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.