Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.
While some security incidents only affected less than 1,000 patients, others were said to have affected more than 500,000.
- Tampa-based Women’s Care Florida alerted all current and former patients — 528,188 people — that their medical or personal information may have been exposed due to an April 29 cybersecurity incident.
- Around 152,000 patients may have had their information viewed because of a ransomware attack at St. Louis-based Betty Jean Kerr People’s Health Centers.
- Kalispell (Mont.) Regional Healthcare began notifying nearly 130,000 patients Oct. 23 that their information may have been exposed due to a phishing attack.
- Gary, Ind.-based Methodist Hospitals is notifying 68,039 patients that their protected health information may have been exposed in a data breach.
- Approximately 19,000 patients and 3,000 volunteers may have been affected in a data breach at six Prisma Health-Midlands hospitals.
- The University of Alabama Birmingham Medicine has alerted 19,557 patients that their information may have been exposed in a phishing attack.
- San Antonio-based South Texas Dermatopathology has notified 15,982 patients that their information may have been exposed in a data breach at a third-party collections company.
- Goshen (Ind.) Health began notifying 9,160 patients on Sept. 30 of a security incident that may have exposed their personal health information.
- Cancer Treatment Centers of America at Southeastern Regional Medical Center in Atlanta began notifying 3,290 patients that their personal health information may have been exposed in a security incident.
- The Virginia Department of Behavioral Health and Developmental Services is investigating an October data breach that may have affected 1,442 people.
- The Seattle Cancer Care Alliance began notifying nearly 1,000 patients Oct. 16 that their information may have been exposed due to an email error.
- Oakland, Calif.-based Kaiser Permanente began issuing notices Sept. 27 to 990 Sacramento-area patients that their information may have been exposed.
- Danville, Pa.-based Geisinger Health Plan began notifying an undisclosed number of patients Oct. 18 that their information may have been exposed in a phishing attack at a third-party vendor.
- A regional Veterans Affairs Department in Milwaukee mishandled patients’ personal data, leaving medical records, internal communications and other information available for unauthorized personnel to access.
- Asheville, N.C.-based Mission Health has mailed patients letters indicating that their financial information may have been stolen.
- Milwaukie, Ore.-based Monterey Health Center announced Oct. 11 that it is notifying patients their protected health information may have been exposed because of a ransomware attack.
- Greenville, Texas-based Hunt Regional Healthcare has notified additional patients of a cyberattack earlier this year that may have exposed patient information.
- A website created by the Philadelphia Department of Public Health to track hepatitis infections was compromised, exposing individuals’ health records.