10 of the biggest healthcare data breaches announced in Q1

Anuja Vaidya -

As of March 14, there have been 312 reported data breaches and more than 1.3 million exposed records in 2017, according to the Identity Theft Resource Center. Around 25 percent of all data breaches occurred in the medical/healthcare sector thus far in 2017.

Note: For the purposes of this list, 'biggest' was defined as the healthcare-related data breaches that affected the most number of people. Breaches are listed in descending order.

1. In January, Hyde Park, N.Y.-based CoPilot Provider Support Services, a healthcare administrative services and IT organization, reported a data breach affecting 220,000 individuals. CoPilot's database, which healthcare professionals use to advise patients on whether certain treatments are covered by insurance, was illegally accessed.

2. Texas-based Urology Austin notified 200,000 patients in March that their patient information may have been compromised. A ransomware attack infected Urology Austin on Jan. 22, and while the attack might have compromised information, such as patient names, addresses and Social Security numbers, Urology Austin does not believe patient information was taken in the breach.

3. In February, San Antonio-based ABCD Pediatrics staff discovered a software virus, which may have compromised the names, addresses, Social Security numbers and medical records, among other information, of 55,447 patients. The virus began encrypting servers at the practice. ABCD Pediatrics' IT company identified the virus as ransomware, although the practice has not received any ransom-related demands.

4. Indianapolis-based American Senior Communities fell victim to a W-2 email scam earlier this year, impacting its more than 17,000 employees. A payroll processing employee at the nursing home chain received an email from someone claiming to be a company executive. The payroll employee forwarded the W-2 tax information of company employees.

5. An employee of the North Carolina Department of Health and Human Services sent 12,731 Medicaid patients' information to healthcare providers via an unencrypted email. The information included patients' first initial, last name, Medicaid identification number as well as the name and address of the home where each patient resides.

6. Redwood City, Calif.-based Verity Health System informed more than 9,000 patients that their information may have been compromised when an unauthorized third party accessed its Verity Medical Foundation-San Jose Medical Group website between October 2015 and January 2017. The information accessed, which is dated between 2010 and 2014, included patients' names, addresses, dates of birth, email addresses, phone numbers, medical record numbers and the last four digits of credit card numbers.

7. A reinsurance broker contracted by health insurance company Louisiana Health Cooperative suffered a breach that may have affected up to 8,000 former policyholders. The reinsurance broker, Summit Reinsurance Services, reported the breach to LAHC. The breach exposed personally identifiable information and in some cases, the information may have been viewed by unauthorized people.

8. A computer stolen from Wichita, Kan.-based Family Medicine East may have comprised the data of approximately 6,800 patients. A burglar who broke into the practice stole a printer and a desktop computer, the latter of which contained typed office notes about patients who visited the clinic between 2002 and 2003.
 
9. A third-party vendor for Norfolk, Va.-based Sentara Healthcare suffered a breach that may have impacted more than 5,454 patients. Information that may have been compromised included names, birth dates, Social Security numbers, demographic information, medical record numbers, procedure information and medication information of vascular and thoracic patients seen at Sentara hospitals. 

10. In January, Children's Hospital Los Angeles began notifying patients that their information may have been on a laptop that was stolen from a physician's car. The theft affected the personal information of 3,600 patients. The laptop was password-protected, but hospital officials are unsure as to whether it was properly encrypted.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.