Numerous privacy incidents at hospitals, IT suppliers and other healthcare organizations captured public attention last month.
While media outlets reported on the following breaches in January 2019, healthcare organizations experienced breaches as early as June 2018.
Eight healthcare privacy incidents reported by Becker's Hospital Review in January:
Editor's note: Incidents are presented in order of the number of patients or organizations affected.
- Alaskan officials have upped their tally of individuals likely affected in a June 2018 data breach at the state's health department from 501 victims to 700,000.
- Two separate data breaches disclosed in December 2018 exposed the protected health information of 31,876 plan members of Managed Health Services, which runs Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid programs.
- Critical Care, Pulmonary and Sleep Associates in Lakewood, Colo., notified 23,377 patients about a potential exposure of their protected health information after an unauthorized individual gained access to an employee's email account.
- Integrity House, a nonprofit substance use disorder treatment facility in Newark, N.J., notified 7,206 of its patients of a data security incident after a number of business computers and tablets were stolen from its offices in November.
- An employee at Lebanon (Pa.) VA Medical Center emailed a veteran's family member a document that contained the protected health information of up to 1,002 elderly patients.
- Sacred Heart Rehabilitation Center, a drug and alcohol addiction treatment facility in Richmond, Mich., notified "a limited number of patients" after a phishing scheme compromised an employee's email account in April.
- Officials at the Delaware Department of Insurance said five health insurers and about 650 of their members were affected by a data breach at a third-party administrator in October.
- Verity Health System, a six-hospital system in Redwood City, Calif., notified an undisclosed number of individuals about a potential exposure of their protected health information stemming from three incidents.