While media outlets reported on the following breaches in July, healthcare organizations experienced breaches as early as 2003.
The following security incidents were reported by Becker’s Hospital Review in the past month. The incidents are presented in order of number of patients affected.
1. Bupa, a London-based international healthcare group, notified roughly 547,000 of its customers after learning a former employee inappropriately removed customer information from the company.
2. A computer virus at a practice site of Oaks, Pa.-based Axia Women’s Health, formerly Women’s Health Care Group of PA, compromised the protected health information of 300,000 patients.
3. Atlanta-based Peachtree Neurological Clinic uncovered a 15-month breach to its computer system while investigating a separate ransomware attack. In total, 176,295 patients were affected, according to the HHS Office for Civil Rights breach portal.
4. Anthem reported protected health information of 18,580 customers may have been compromised after learning an employee at a third-party coordination service, LaunchPoint Ventures, was likely misusing customer information.
5. Sacramento, Calif.-based UC Davis Health alerted roughly 15,000 patients of a privacy breach July 5 after an employee’s email account was compromised in a phishing scam.
6. Buffalo, N.Y.-based Kaleida Health is notifying 2,789 patients of a phishing incident that may have compromised their protected health information.
7. Tewksbury (Mass.) Hospital, one of four hospitals operated by the Massachusetts Department of Public Health, discovered a former employee had inappropriately accessed 1,176 patients’ protected health information during a span of roughly 14 years.
8. Detroit Medical Center notified 1,529 patients after learning a former employee contracted by the hospital through a staffing agency compromised patients’ protected health information.
9. The Colorado Department of Health Care Policy and Financing notified 822 of its Medicaid patients after its third party fiscal agent — DXC Technology — discovered an issue in its internet link to billing reports.
10. Laramie, Wyo.-based Ivinson Memorial Hospital notified more than 500 patients of a security incident involving a third-party online payment service FastHealth.
11. Caro (Mich.) Community Hospital shut down systems at three of its locations following a ransomware attack.
More articles on health IT:
Appeals court rules health insurance customers can sue for data breach
