The following issues involving hospitals, data breaches and their repercussions were reported within the past month, beginning with the most recent.
1. Data Breach at MD Anderson Cancer Center May Affect 30k Patients
University of Texas' MD Anderson Cancer Center in Houston reported a data breach affecting potentially 30,000 of its patients. The data, including names, treatment and research information and Social Security numbers, was on an unencrypted computer stolen from an MD Anderson faculty member's home April 30.
2. Alaska Medicaid Settles HIPAA Security Case for $1.7M
The Alaska Department of Health and Social Services and the state Medicaid agency agreed to pay HHS $1.7 million to settle possible HIPAA violations. While investigating a data breach in which a portable electronic storage device that may have contained electronic personal health information was stolen from the vehicle of a DHSS employee, HHS found that the department did not have adequate policies and procedures in place to safeguard ePHI.
3. Memorial Sloan-Kettering PowerPoint Presentation Leaks Patient Information
An unknown number of New York City-based Memorial Sloan-Kettering Cancer Center had clinical data and private information, in some cases Social Security numbers, mistakenly leaked onto two medical professional organizations' websites earlier this year. Patient names, phone numbers, addresses and Social Security numbers may have been viewed if the PowerPoint presentation was manipulated.
4. Boston Children's Hospital Data Breach Affects 2k Patients
Boston Children's Hospital announced a data breach that potentially affected more than 2,000 patients. The data breach occurred when an employee lost a password protected but unencrypted laptop containing a file with information on 2,159 patients while at a conference in Buenos Aires, Argentina. The file included names, birth dates, diagnoses and treatment information but no financial data or Social Security numbers.
5. UnitedHealthcare Data Breach Affects 65 Medicare Members in Missouri
UnitedHealthcare, based in Minnetonka, Minn., announced a data breach affecting at least 68 individuals enrolled in its Medicare plans across the state of Missouri. UnitedHealthcare discovered that an employee "may have accessed information in a database in a way that was inconsistent with his job duties" on Jan. 30, 2012. The information in the database included names, Social Security numbers, addresses, telephone numbers, dates of birth and Medicare health insurance claim numbers.
6. Employee Causes Data Breach at Reading Hospital in Pennsylvania
Reading (Pa.) Hospital and Medical Center's medical records system was breached when an employee copied sensitive patient information and used it for training purposes. Medical test results, diagnoses, prescribed medications and other protected health data on 12 patients was made public without Reading Hospital's knowledge or patient consent.
7. Utah Governor Announces Technology Director Resignation Following Data Breach
Utah Governor Gary Herbert announced the resignation of Stephen Fletcher, executive director of the department of technology services under the Utah Department of Health, following the large data breach in April that exposed hundreds of thousands of online patient medical records. While Mr. Fletcher was not directly responsible for the data breach, the exposed medical records had been lingering on state computers for months despite protocol to erase submitted data within 24 hours. Over 280,000 individuals had their Social Security numbers stolen and around 500,000 individuals had less sensitive information stolen off state computers by hackers.
1. Data Breach at MD Anderson Cancer Center May Affect 30k Patients
University of Texas' MD Anderson Cancer Center in Houston reported a data breach affecting potentially 30,000 of its patients. The data, including names, treatment and research information and Social Security numbers, was on an unencrypted computer stolen from an MD Anderson faculty member's home April 30.
2. Alaska Medicaid Settles HIPAA Security Case for $1.7M
The Alaska Department of Health and Social Services and the state Medicaid agency agreed to pay HHS $1.7 million to settle possible HIPAA violations. While investigating a data breach in which a portable electronic storage device that may have contained electronic personal health information was stolen from the vehicle of a DHSS employee, HHS found that the department did not have adequate policies and procedures in place to safeguard ePHI.
3. Memorial Sloan-Kettering PowerPoint Presentation Leaks Patient Information
An unknown number of New York City-based Memorial Sloan-Kettering Cancer Center had clinical data and private information, in some cases Social Security numbers, mistakenly leaked onto two medical professional organizations' websites earlier this year. Patient names, phone numbers, addresses and Social Security numbers may have been viewed if the PowerPoint presentation was manipulated.
4. Boston Children's Hospital Data Breach Affects 2k Patients
Boston Children's Hospital announced a data breach that potentially affected more than 2,000 patients. The data breach occurred when an employee lost a password protected but unencrypted laptop containing a file with information on 2,159 patients while at a conference in Buenos Aires, Argentina. The file included names, birth dates, diagnoses and treatment information but no financial data or Social Security numbers.
5. UnitedHealthcare Data Breach Affects 65 Medicare Members in Missouri
UnitedHealthcare, based in Minnetonka, Minn., announced a data breach affecting at least 68 individuals enrolled in its Medicare plans across the state of Missouri. UnitedHealthcare discovered that an employee "may have accessed information in a database in a way that was inconsistent with his job duties" on Jan. 30, 2012. The information in the database included names, Social Security numbers, addresses, telephone numbers, dates of birth and Medicare health insurance claim numbers.
6. Employee Causes Data Breach at Reading Hospital in Pennsylvania
Reading (Pa.) Hospital and Medical Center's medical records system was breached when an employee copied sensitive patient information and used it for training purposes. Medical test results, diagnoses, prescribed medications and other protected health data on 12 patients was made public without Reading Hospital's knowledge or patient consent.
7. Utah Governor Announces Technology Director Resignation Following Data Breach
Utah Governor Gary Herbert announced the resignation of Stephen Fletcher, executive director of the department of technology services under the Utah Department of Health, following the large data breach in April that exposed hundreds of thousands of online patient medical records. While Mr. Fletcher was not directly responsible for the data breach, the exposed medical records had been lingering on state computers for months despite protocol to erase submitted data within 24 hours. Over 280,000 individuals had their Social Security numbers stolen and around 500,000 individuals had less sensitive information stolen off state computers by hackers.