11 healthcare privacy incidents reported in June

Privacy incidents at government departments, equipment suppliers and other healthcare organizations captured public attention last month.

While media outlets reported on the following breaches in June, healthcare organizations experienced breaches as early as February.

Here are 11 incidents, as reported to HHS' Office for Civil Rights breach portal or covered by Becker's Hospital Review. The incidents are presented in order of number of patients affected.

1. Wyoming, Mich.-based Airway Oxygen, a home medical equipment supplier, was struck with ransomware April 18, affecting 500,000 individuals.

2. Torrance (Calif.) Memorial Medical Center discovered two email accounts — which contained work-related reports involving protected health information — were accessed by unauthorized personnel April 18 and April 19, affecting 46,632 individuals.

3. Tampa (Fla.) Bay Surgery Center reported a hacking or IT breach incident to HHS June 20, which impacted 25,848 individuals, according to HHS' OCR breach portal.

4. A ransomware attack affected 20,000 patients at Cleveland (Tenn.) Medical Associates April 21. 

5. Iowa City-based University of Iowa Hospitals and Clinics reported a privacy breach involving unauthorized access or disclosure June 22, which impacted 5,292 individualsaccording to HHS' OCR breach portal.

6. Ascension's Nashville, Tenn.-based Saint Thomas Health notified 2,859 patients of a privacy breach at Murfreesboro, Tenn.-based Saint Thomas Rutherford Hospital after the health system discovered hospital documents on a rural road in Tennessee in April.

7. North Dakota Department of Human Services notified 2,452 Medicaid beneficiaries and guardians of a privacy breach after it found documents containing protected health information in a local dumpster May 10.

8. A box containing protected health information of 1,842 patients from the Houston area was found outside an unsecured dumpster belonging to a Texas Health and Human Services Commission eligibility office.

9. Carbondale-based Southern Illinois Healthcare notified more than 600 patients of a potential privacy breach after a third-party vendor's technical error misdirected patient data to other medical facilities between Feb. 13 and March 13.

10. As a precautionary measure, Princeton (W.Va.) Community Hospital said it will replace nearly 1,200 hard drives after experiencing a ransomware attack June 27.

11.Waverly (Iowa) Health Center shut down its computer systems for just over 24 hours after experiencing a ransomware attack June 14.

More articles on health IT:

Connecticut could gain another HIE

Former Amazon exec to join Alignment Healthcare as CTO

Infosys plans to create 2k tech jobs in North Carolina by 2021

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.