19 healthcare privacy incidents in July


Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.

While some security incidents only affected a few thousand individuals, others were said to have affected more than 2.2 million.

19 healthcare privacy incidents reported by Becker's Hospital Review in July:

Editor's note: Incidents are presented in order of the number of patients or organizations affected.

1. Lab testing company Clinical Pathology Laboratories began notifying 2.2 million patients July 5 that their personal health information may have been exposed in a vendor data breach.

2. A database that held personal information for MedicareSupplement.com was left vulnerable to hackers, which may have compromised 239,000 patients.

3. An April ransomware attack on Evansville, Ind.-based Talley Medical Surgical Eyecare Associates' network server and EHR system may have compromised 106,000 patient records.

4. Austin Pathology Associates has notified 46,500 patients about a data breach at one of its billing and collections vendors American Medical Collection Agency.

5. An unauthorized third party gained access to an employee's email account at a New York ACO that contained a spreadsheet of information for around 25,000 patients.

6. Placerville, Calif.-based Shingle Springs Health and Wellness Center discovered that its server infrastructure was infected with ransomware on April 7, which may have compromised the protected health information of 21,513 patients.

7. Louisville, Ky.-based Park DuValle Community Health Center paid hackers around $70,000 to unlock around 20,000 patient medical records.

8. Northwood, a Michigan HIPAA business associate, has notified more than 15,000 patients that a hacker had gained access to an employee's email account and potentially viewed their protected health information.

9. An employee of Los Angeles County Department of Health Services contractor Nemadji Research Corp. fell victim to a phishing attack in March that exposed 14,591 L.A. County patients' personal information.

10. Cancer Treatment Centers of America discovered on June 6 that an employee's email account at its Philadelphia-based Eastern Regional Medical Center was compromised in a phishing attack, putting 3,900 patients at risk.

11. Greenville, Texas-based Hunt Memorial Hospital District has notified 3,700 patients that their medical records may have been exposed due to a criminal cyberattack.

12. DNA-testing service Vitagene shut down external access to more than 3,000 user files that were left exposed online for years.

13. The University of Alabama has alerted around 1,400 former clients, employees and medical providers at its Tuscaloosa-based Brewer-Porch Children's Center of a data breach that may have exposed some personal information.

14. Duluth, Minn.-based Essentia Health mailed letters to 1,000 patients regarding a data breach at a third-party vendor that may have exposed their protected health information.

15. Houston-based Memorial Hermann Health System has notified 507 patients that their information was mistakenly emailed to single recipient by an employee.

16. Google Chrome and Mozilla Firefox browser extensions were used to extract and sell users' personal information from more than 50 companies, including EHR providers DrChrono and Kareo.

17. Bangor, Maine-based Penobscot Community Health Care mailed letters to an unknown number of patients about a data breach at one of the medical center's third-party vendors.

18. Mobile, Ala.-based Springhill Medical Center was the target of a ransomware attack earlier in July.

19. Employees at Akron, Ohio-based Summa Health were targets in phishing attacks in August 2018 and March 2019.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars