27 hospital, health system data breaches in 2019
Posted on: Monday, June 10, 2019 By: KorchekStaff
Since Jan. 1, hospitals and health systems have experienced varying sized data breaches. Some had to alert close to 1 million patients their information may have been exposed, while others only issued notices to a few hundred.
Below is a roundup of the hospital and health system data breaches so far this year.
Editor’s note: The list of data breaches is chronological order from newest to oldest reported.
1. Some personal information from University of Chicago Medicine patients and donors was mistakenly exposed on June 3.
2. Cancer Treatment Centers of America learned that an email account of an employee at its Atlanta-based Southeastern Regional Medical Center was the target in a phishing attack that may have exposed 16,819 patients.
3. Columbus (Wis.) Community Hospital notified patients May 24 that a phishing attack at one of its vendors may have exposed their data.
4. Centennial, Colo.-based Centura Health notified 7,515 patients last week that their information may have been exposed due to a phishing attack.
5. Cincinnati-based TriHealth has alerted 2,433 patients that their data may have been shared with a student mentee in June 2018.
6. Philadelphia-based Penn Medicine alerted around 900 patients that their information may have been improperly viewed by a former medical assistant at the hospital.
7. An employee at Toledo, Ohio-based ProMedica stole patient data between April 2017 and March 2019, the U.S. Secret Service alleges.
8. A phishing attack on an employee's email account at Oregon State Hospital may have exposed patients' protected health information.
9. Houston-based Memorial Hermann Health System has notified more than 600 patients that their financial information may have been exposed.
10. St. Joseph, Mich.-based Spectrum Health Lakeland notified 1,100 patients about a data breach at its billing services vendor that may have put patients' personal information at risk.
11. Bangor, Maine-based Northern Light Acadia Hospital mistakenly emailed the names of 300 patients who had prescriptions for Suboxone, a medication used to treat opioid use disorder.
12. Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targeted in a phishing attack that may have put the information of 23,000 patients at risk.
13. Springfield, Mass.-based Baystate Health notified about 12,000 patients of a Feb. 7 phishing attack.
14. Macon, Ga.-based Navicent Health alerted patients of a cyberattack last July that may have affected patients' personal information.
15. A security breach at Greenville, S.C.-based St. Francis Physician Services' former medical center may have compromised data from more than 32,000 patients.
16. Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerting them of a May 2018 cybersecurity attack that may have affected their information.
17. A ransomware attack on a Grand Haven, Mich.-based North Ottawa Community Health System's vendor may have compromised data from an estimated 15,000 patients.
18. Box Elder, Mont.-based Rocky Boy Health Center posted a security breach notice on its website, alerting patients of a Jan. 14 incident that may have put medical records at risk.
19. Farmington-based University of Connecticut Health sent letters to up to 326,000 patients notifying them of a recent data security incident.
20. Rutland (Vt.) Regional Medical Center said it plans to mail letters to an undisclosed number of affected patients notifying them of a recent data breach.
21. Seattle-based UW Medicine sent letters to 974,000 patients notifying them of a Dec. 4, 2018, data error that allowed patient information to come up in internet searches.
22. Memorial Hospital at Gulfport (Miss.) sent letters to roughly 30,000 patients Feb. 15 notifying them of a data breach.
23. Chicago-based Rush University Medical Center inadvertently exposed the names of 908 patients in a paper mailing announcing the retirement of a certified nurse practitioner at its Epilepsy Center.
24. Blue Earth, Minn.-based United Hospital District notified 2,143 patients about a June 2018 phishing scheme.
25. Springs, Fla.-based AdventHealth alerted 42,161 patients about an August 2017 data breach that may have exposed personal information.
26. Pawnee City, Neb.-based Pawnee County Memorial Hospital notified 7,175 patients that some of their protected health information may have been exposed when a hospital employee was tricked by a phishing email in November 2018.
27. Verity Health System, a six-hospital system in Redwood City, Calif., notified an undisclosed number of individuals to a potential exposure of their protected health information stemming from three incidents.