18 healthcare privacy incidents in July

Numerous privacy incidents at health IT suppliers, hospitals and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in July, the organizations experienced breaches as early as January 2003.

Here are 18 incidents reported by Becker's Hospital Review in July.

Note: The incidents are presented in order of number of patients or organizations affected. This list is not exhaustive; 24 incidents were reported to HHS' Office for Civil Rights breach portal in July.

1. A database for Singapore's public health system SingHealth was compromised in what the country's Health Ministry and Ministry of Communications and Information called a "deliberate, targeted and well-planned cyberattack." Nearly 1.5 million patients seen at SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018, were affected.

2. UnityPoint Health in West Des Moines, Iowa, notified 1.4 million patients that some of their personal information may have been compromised after hackers broke into its email system using phishing tactics.

3. LabCorp, a medical diagnostics company in Burlington, N.C., detected "suspicious activities" on its computer network that may have compromised the health records of millions of patients.

4. NHS Digital, the information and technology arm of the U.K. National Health Service, said a "coding error" made by clinical systems supplier The Phoenix Partnership breached the medical information of an estimated 150,000 patients in the U.K.

5. Omaha, Neb.-based Boys Town National Research Hospital notified 105,309 patients and staff after hospital officials discovered unusual activity on an employee's email account in May.

6. Staff members at Kansas City, Mo.-based Children's Mercy Hospital fell victim to an email phishing scam, potentially compromising the personal health information of 63,049 patients and family members.

7. Blue Springs (Mo.) Family Care notified 44,979 patients that their protected health information may have been compromised when the practice's computer system was infected with ransomware in May.

8. The physician group at Lubbock, Texas-based University Medical Center Health System, UMC Physicians, notified more than 18,000 patients of a recent data breach that may have compromised their protected health information.

9. The email account of a Billings (Mont.) Clinic employee was hacked while they were on an overseas medical mission in May, potentially compromising 8,400 patients' information.

10. Richmond-based Virginia Commonwealth University Health System alerted 4,700 individuals to a potential compromise of their or their child's EHR data.

11. An estimated 790 patients from UMPC Cole in Coudersport, Pa., may have had their protected health information inappropriately accessed by hackers during two separate email phishing attacks that occurred one week apart in June.

12. UC San Diego Health notified 619 patients that their protected health information may have been compromised as part of a massive data breach at Nuance Communications.

13. The Department of Vermont Health Access exposed the email addresses of 127 health insurance consumers after sending out an online survey.

14. Thousands of HIV/AIDS patients — living and dead — may have had health information dating as far back as 1983 compromised for about nine months when a Nashville Metro Public Health Department database was left accessible to unauthorized staff.

15. Kingsport, Tenn.-based Ballad Health fired an employee for accessing patients' health information without a medically-necessary reason to do so.

16. Manitowoc County in Wisconsin recently notified an undisclosed number of residents about a breach the agency discovered in April that may have left their protected health information exposed for up to three months.

17. Harrisonville, Mo.-based Cass Regional Medical Center's EHR came back online July 16 after almost a week of downtime stemming from a ransomware attack on its IT infrastructure.

18. A Kaiser Permanente website used by employees, physicians and potential employees was hacked July 27 by a group called "Team Faceless Men."

More articles on cybersecurity:

Man guilty of 2014 hacking of Boston Children's Hospital computer network
SamSam ransomware has extorted $5.9M from victims since 2015
Federal cybersecurity lapses put patient data at risk, GAO report finds

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months