23 cybersecurity incidents in February

Mackenzie Garrity - Print  | 

Numerous privacy incidents at hospitals, pharmacy providers and other healthcare organizations captured public attention in February.

While some security incidents only affected a few hundred patients, others were said to have affected more than 157,000. 

Here are 23 healthcare privacy incidents reported by Becker's Hospital Review in February:

Editor's note: Incidents are presented in order of the number of patients or organizations reportedly affected.

1. Lake Success, N.Y.-based Personal-Touch Home Care, a branded home healthcare company that provides services across the state, has notified more than 157,000 patients that their information may have been exposed in a ransomware attack against a third-party vendor.

2. Bellevue, Wash.-based Overlake Medical Center & Clinics, a 364-bed nonprofit community hospital, began alerting 109,000 patients Feb. 7 that their information may have been exposed in a phishing attack.

3. Nashville-based Tennessee Orthopaedic Alliance began alerting 81,146 patients Feb. 14 that their information may have been exposed in a phishing scheme.

4. Decatur, Texas-based Wise Health System began notifying 66,934 patients that their protected health information may have been exposed in a phishing attack.

5. Houston-based Fondren Orthopedic Group warned 30,049 patients that their medical records may have been damaged in a malware attack.

6. Great Bend, Kan.-based Central Kansas Orthopedic Group began notifying 17,214 patients that their information may have been exposed in a ransomware attack.

7. Springfield, Ill.-based Hospital Sisters Health System notified 16,167 patients that their information may have been exposed in a phishing attack.

8. Albia, Iowa-based Monroe County Hospital & Clinics began notifying around 7,500 patients Feb. 17 that their information may have been exposed in a phishing attack.

9. Fort Worth, Texas-based MHMR of Tarrant County began notifying 6,524 patients that their information may have been exposed in a phishing attack.

10. San Diego-based Rady Children's Hospital began alerting 2,360 radiology patients Feb. 21 that their information may have been accessed by unauthorized personnel.

11. Lafayette (Ind.) Regional Rehabilitation Hospital began notifying 1,360 patients that their information may have been exposed in a phishing attack.

12. Shields Health Solutions, which provides specialty pharmacy services to hospitals and other healthcare organizations, has notified 1,277 patients of a phishing attack that may have exposed their information.

13. Connecticut health insurer Access Health CT alerted approximately 1,100 members that their information may have been exposed in a phishing attack.

14. UnitedHealthcare disclosed that nearly 1,000 members may have had their information exposed in a data breach

15. Reva, a medical transportation service, began alerting 1,000 patients that their information may have been exposed in a phishing attack.

16. More than 500 affiliated offices of Boston Children's Hospital had their computer systems shut down Feb. 12 after a malware attack.

17. New York City-based Northwell Health is alerting prospective employees about unauthorized individuals falsely using the health system’s name. 

18. Twenty-nine employees at Munson Healthcare fell victim to a phishing attack that allowed an unauthorized third party access to patient data.

19. Home healthcare company Aveanna Healthcare began notifying an undisclosed number of patients and employees Feb. 18 that their information may have been exposed in a phishing attack.

20. Hospital software provider NRC Health is notifying its affiliated hospitals that it was targeted in a ransomware attack Feb. 11.

21. Wichita Falls, Texas-based United Regional Health Care System has alerted an undisclosed number of patients about a phishing attack that may have exposed their information.

22. Latham, N.Y.-based Community Care Physician began notifying an undisclosed number of patients Feb. 14 that their information may have been affected in a ransomware attack at third-party accounting vendor BST & Co.

23. San Juan Capistrano, Calif.-based Sunshine Behavioral Health began notifying an undisclosed number of patients that their information may have been accessible on the internet.

More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.