So far in 2013, Becker's Hospital Review has reported on more than 50 data breaches at hospitals and health systems.
Many of the data breaches had similar causes.
Stolen laptops. One of the most frequent causes of data breaches was a stolen laptop containing patient information. Such breaches affected 12,900 patients at Lucile Packard Children's Hospital at Stanford in Palo Alto, Calif., 7,405 patients at the William Jennings Bryan Dorn Va Medical Center in Columbia, S.C., 4,022 patients at Oregon Health & Science University Hospital in Portland, 1,300 patients at Houston Methodist Hospital and more than 11,000 patients at University of San Francisco Medical Center over two separate incidents.
Information inappropriately accessed by employees. These breaches affected 5,000 patients at Suffolk, Va.-based Bon Secours Hampton Roads Health System,9,900 patients at Holy Cross Hospital in Ft. Lauderdale, Fla., 1,300 patients at UPMC in Pittsburgh and 3,000 patients at Allina Health in Minneapolis. This type of breach also led to a class-action suit against Altamonte Springs, Fla.-based Adventist Health over failing to prevent 763,000 patients' information from being stolen and sold.
Unsecured transmissions or employee mistakes. Using unsecured methods of data transmission or storage, or inadvertently sending or posting patient information to the wrong place resulted in several breaches this year. These breaches affected 1,310 patients at Gastonia, N.C.-based CaroMont Health, 1,350 patients at Sonoma (Calif.) Valley Hospital and 3,000 patients at Oregon Health & Science University in Portland.
Misplaced files or electronic storage. Several hospitals and health systems lost control over patient data, resulting in a breach. These breaches affected 1,407 patients at Miami-based Jackson Health System, 1,039 patients at Fortuna, Calif.-based Redwood Memorial Hospital and thousands of patients at Eastside Medical Center in Snellville, Ga.
Scams or online hacking. Several of this year's data breaches were caused by malicious software or targeted attacks on hospitals and health systems. For example, a phishing scam targeting St. Louis University employees led to the disclosure of the personal health information of approximately 3,000 people, a cyberattack compromised the personal information of about 7,000 patients at the Medical University of South Carolina in Charleston and malicious email opened by a University of Washington Medicine employee in Seattle compromised the personal and health information of 90,000.
More Articles on Data Breach:
Horizon Blue Cross Blue Shield Notifies 840k of Data Breach
Data Breach at Houston Methodist Hospital Affects 1,300
UPMC Notifies 1,300 of Data Breach