Over 300,000 Patients Affected by Data Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 34 December healthcare breaches, affecting 313,249 patients. Of the reported incidents, there were 18 breaches due to hacking/IT incidents, 10 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to loss, 2 breaches due to theft, and one breach due to improper disposal of PHI.

Hacking / IT Incidents Causing December Healthcare Breaches

The majority of December healthcare breaches were due to hacking/IT incidents, with 47.3% of thetotal breaches reportedin December caused by this type of incident. Hacking/IT incidents affected 148,074 patients. The following chart depicts the type of hacking/IT incidents that caused December healthcare breaches, including how many patients were affected by each:

• Network Server Hacks Affected 45,136 PatientsThe Center for Facial Restoration, Inc.: affected3,600 patientsPediHEalth, PLLC, dba Children’s Choice Pediatrics: affected12,689 patientsRoosevelt General Hospital: affected28,847 patients
• The Center for Facial Restoration, Inc.: affected3,600 patients
• PediHEalth, PLLC, dba Children’s Choice Pediatrics: affected12,689 patients
• Roosevelt General Hospital: affected28,847 patients
• Emails Hacks Affected 86,150 PatientsVimly Benefit Solutions, Inc.: affected2,675 patientsSinai Health System: affected 12,578 patientsAetna affiliated covered entity (ACE): affected5,991 patientsJewish Social Service Agency: affected3,145 patientsCheyenne Regional Medical Center: affected17,549 patientsStarmount Life Insurance Company: affected630 patientsBeech Brook: affected 2,636 patientsEquinox, Inc.: affected1,021 patientsSunrise Community Health: affected7,668 patientsChildren’s Hope Alliance: affected4,564 patientsHealthcare Administrative Partners: affected17,693 patientsRiverKids Pediatric Home Health: affected10,000 patients
• Vimly Benefit Solutions, Inc.: affected2,675 patients
• Sinai Health System: affected 12,578 patients
• Aetna affiliated covered entity (ACE): affected5,991 patients
• Jewish Social Service Agency: affected3,145 patients
• Cheyenne Regional Medical Center: affected17,549 patients
• Starmount Life Insurance Company: affected630 patients
• Beech Brook: affected 2,636 patients
• Equinox, Inc.: affected1,021 patients
• Sunrise Community Health: affected7,668 patients
• Children’s Hope Alliance: affected4,564 patients
• Healthcare Administrative Partners: affected17,693 patients
• RiverKids Pediatric Home Health: affected10,000 patients
• Electronic Medical Record (EMR) Hacks Affected 4,558 PatientsbtyDENTAL: affected2,008 patientsConway Medical Center: affected2,550 patients
• btyDENTAL: affected2,008 patients
• Conway Medical Center: affected2,550 patients
• Other Hacks Affected 12,230 PatientsColorado Department of Human Services: affected12,230patients
• Colorado Department of Human Services: affected12,230patients

• The Center for Facial Restoration, Inc.: affected3,600 patients
• PediHEalth, PLLC, dba Children’s Choice Pediatrics: affected12,689 patients
• Roosevelt General Hospital: affected28,847 patients

• Vimly Benefit Solutions, Inc.: affected2,675 patients
• Sinai Health System: affected 12,578 patients
• Aetna affiliated covered entity (ACE): affected5,991 patients
• Jewish Social Service Agency: affected3,145 patients
• Cheyenne Regional Medical Center: affected17,549 patients
• Starmount Life Insurance Company: affected630 patients
• Beech Brook: affected 2,636 patients
• Equinox, Inc.: affected1,021 patients
• Sunrise Community Health: affected7,668 patients
• Children’s Hope Alliance: affected4,564 patients
• Healthcare Administrative Partners: affected17,693 patients
• RiverKids Pediatric Home Health: affected10,000 patients

• btyDENTAL: affected2,008 patients
• Conway Medical Center: affected2,550 patients

• Colorado Department of Human Services: affected12,230patients

Unauthorized Access / Disclosures Causing December Healthcare Breaches

The unauthorized access or disclosure of protected health information (PHI) represented 14.4% of the total healthcare breaches in December, affecting 45,124 patients.

• Network Server Unauthorized Access Affected 13,137 PatientsAflac: affected1,601 patientsService Benefit Plan Administrative Services Corporation: affected11,536 patients
• Aflac: affected1,601 patients
• Service Benefit Plan Administrative Services Corporation: affected11,536 patients
• Electronic Medical Record (EMR) Unauthorized Access Affected 13,137 PatientsAnn & Robert H. Lurie Children’s Hospital of Chicago: affected4,195 patientsTexas Family Psychology Associates, P.C.: affected12,000 patientsNorth Ottawa Community Health System: affected4,013 patientsAnwan Wellness LLC: affected530 patients
• Ann & Robert H. Lurie Children’s Hospital of Chicago: affected4,195 patients
• Texas Family Psychology Associates, P.C.: affected12,000 patients
• North Ottawa Community Health System: affected4,013 patients
• Anwan Wellness LLC: affected530 patients
• Paper/Films Unauthorized Access Affected 3,087 PatientsTexas Children’s Hospital: affected597 patientsFamily Care Medical Specialists Group, Inc.: affected2,490 patients
• Texas Children’s Hospital: affected597 patients
• Family Care Medical Specialists Group, Inc.: affected2,490 patients
• Other Unauthorized Access Affected 8,162 PatientsPrestige Health Choice: affected4,662 patientsSunshine Behavioral Health Group, LLC: affected3,500 patients
• Prestige Health Choice: affected4,662 patients
• Sunshine Behavioral Health Group, LLC: affected3,500 patients

• Aflac: affected1,601 patients
• Service Benefit Plan Administrative Services Corporation: affected11,536 patients

• Ann & Robert H. Lurie Children’s Hospital of Chicago: affected4,195 patients
• Texas Family Psychology Associates, P.C.: affected12,000 patients
• North Ottawa Community Health System: affected4,013 patients
• Anwan Wellness LLC: affected530 patients

• Texas Children’s Hospital: affected597 patients
• Family Care Medical Specialists Group, Inc.: affected2,490 patients

• Prestige Health Choice: affected4,662 patients
• Sunshine Behavioral Health Group, LLC: affected3,500 patients

Loss / Theft / Improper Disposal Causing December Healthcare Breaches

December healthcare breaches caused by loss of PHI represented 1.1%, affecting 3,311 patients. Theft of PHI accounted for 36.9% of breaches, affecting 115,566 patients. The improper disposal of PHI represented 0.4% of breaches, affecting 1,174 patients.

• Loss of PHI Affected 3,311 PatientsINTEGRIS Health, Inc.: affected500 patientsMarion Eye Center, LTD.: affected811 patientsSpeight Family Medical, LLC: affected2,000 patients
• INTEGRIS Health, Inc.: affected500 patients
• Marion Eye Center, LTD.: affected811 patients
• Speight Family Medical, LLC: affected2,000 patients
• Theft of PHI Affected 115,566 PatientsTherapeutic Oasis of the Palm Beaches LLC: affected1,100 patientsTruman Medical Center, Incorporated: affected114,466 patients
• Therapeutic Oasis of the Palm Beaches LLC: affected1,100 patients
• Truman Medical Center, Incorporated: affected114,466 patients
• Improper Disposal of PHI Affected 115,566 PatientsSan Francisco Department of Public Health – Zuckerberg SF General Hospital: affected1,174 patients
• San Francisco Department of Public Health – Zuckerberg SF General Hospital: affected1,174 patients

• INTEGRIS Health, Inc.: affected500 patients
• Marion Eye Center, LTD.: affected811 patients
• Speight Family Medical, LLC: affected2,000 patients

• Therapeutic Oasis of the Palm Beaches LLC: affected1,100 patients
• Truman Medical Center, Incorporated: affected114,466 patients

• San Francisco Department of Public Health – Zuckerberg SF General Hospital: affected1,174 patients

Source: compliancy-group.com