The vendor discovered the breach when an independent journalist contacted Med-Data about patients’ personal health information being published online, according to Med-Data’s news release.
An investigation concluded that a former employee saved PHI to personal folders and uploaded the files to a public website.
There are at least five health systems and hospitals affected by the breach. HHS’ data breach portal reported 135,908 individuals have been affected.
Here are the organizations that have reported Med-Data breaches so far, ranked by the number of individuals affected:
University Health (San Antonio): 2,704
Memorial Hermann Health System (Houston): 1,893
University of Chicago Medicine: almost 900
Aspirus (Wausau, Wis.): Unknown
OSF Healthcare (Peoria, Ill.): Unknown
More articles on cybersecurity:
IBM finds more cyberattacks against COVID-19 vaccine supply chain
Montefiore fires employee who snooped EHRs for over 1 year
8 hospitals hiring CISOs
