Over 300,000 Patients Affected by Data Breaches in December 2019
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 34 December healthcare breaches, affecting 313,249 patients. Of the reported incidents, there were 18 breaches due to hacking/IT incidents, 10 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to loss, 2 breaches due to theft, and one breach due to improper disposal of PHI.
Hacking / IT Incidents Causing December Healthcare Breaches
The majority of December healthcare breaches were due to hacking/IT incidents, with 47.3% of the total breaches reported in December caused by this type of incident. Hacking/IT incidents affected 148,074 patients. The following chart depicts the type of hacking/IT incidents that caused December healthcare breaches, including how many patients were affected by each:
- Network Server Hacks Affected 45,136 Patients
- The Center for Facial Restoration, Inc.: affected 3,600 patients
- PediHEalth, PLLC, dba Children’s Choice Pediatrics: affected 12,689 patients
- Roosevelt General Hospital: affected 28,847 patients
- Emails Hacks Affected 86,150 Patients
- Vimly Benefit Solutions, Inc.: affected 2,675 patients
- Sinai Health System: affected 12,578 patients
- Aetna affiliated covered entity (ACE): affected 5,991 patients
- Jewish Social Service Agency: affected 3,145 patients
- Cheyenne Regional Medical Center: affected 17,549 patients
- Starmount Life Insurance Company: affected 630 patients
- Beech Brook: affected 2,636 patients
- Equinox, Inc.: affected 1,021 patients
- Sunrise Community Health: affected 7,668 patients
- Children’s Hope Alliance: affected 4,564 patients
- Healthcare Administrative Partners: affected 17,693 patients
- RiverKids Pediatric Home Health: affected 10,000 patients
- Electronic Medical Record (EMR) Hacks Affected 4,558 Patients
- btyDENTAL: affected 2,008 patients
- Conway Medical Center: affected 2,550 patients
- Other Hacks Affected 12,230 Patients
- Colorado Department of Human Services: affected 12,230 patients
Unauthorized Access / Disclosures Causing December Healthcare Breaches
The unauthorized access or disclosure of protected health information (PHI) represented 14.4% of the total healthcare breaches in December, affecting 45,124 patients.
- Network Server Unauthorized Access Affected 13,137 Patients
- Aflac: affected 1,601 patients
- Service Benefit Plan Administrative Services Corporation: affected 11,536 patients
- Electronic Medical Record (EMR) Unauthorized Access Affected 13,137 Patients
- Ann & Robert H. Lurie Children’s Hospital of Chicago: affected 4,195 patients
- Texas Family Psychology Associates, P.C.: affected 12,000 patients
- North Ottawa Community Health System: affected 4,013 patients
- Anwan Wellness LLC: affected 530 patients
- Paper/Films Unauthorized Access Affected 3,087 Patients
- Texas Children’s Hospital: affected 597 patients
- Family Care Medical Specialists Group, Inc.: affected 2,490 patients
- Other Unauthorized Access Affected 8,162 Patients
- Prestige Health Choice: affected 4,662 patients
- Sunshine Behavioral Health Group, LLC: affected 3,500 patients
Loss / Theft / Improper Disposal Causing December Healthcare Breaches
December healthcare breaches caused by loss of PHI represented 1.1%, affecting 3,311 patients. Theft of PHI accounted for 36.9% of breaches, affecting 115,566 patients. The improper disposal of PHI represented 0.4% of breaches, affecting 1,174 patients.
- Loss of PHI Affected 3,311 Patients
- INTEGRIS Health, Inc.: affected 500 patients
- Marion Eye Center, LTD.: affected 811 patients
- Speight Family Medical, LLC: affected 2,000 patients
- Theft of PHI Affected 115,566 Patients
- Therapeutic Oasis of the Palm Beaches LLC: affected 1,100 patients
- Truman Medical Center, Incorporated: affected 114,466 patients
- Improper Disposal of PHI Affected 115,566 Patients
- San Francisco Department of Public Health – Zuckerberg SF General Hospital: affected 1,174 patients
Source: compliancy-group.com