Eight privacy incidents at healthcare organizations captured public attention last month.
While media outlets reported on the following breaches in September, healthcare organizations experienced breaches as early as 2014.
Here are the eight incidents, as reported by Becker's Hospital Review. The incidents are presented in order of number of patients affected.
1. The Fetal Diagnostic Institute of the Pacific in Honolulu notified 40,800 patients about a potential data breach after it fell victim to a ransomware attack in June.
2. Blue Cross Blue Shield of Rhode Island notified 1,567 members that an unnamed vendor responsible for sending members' benefits explanations breached their personal health information.
3. An employee at Kings County Hospital's emergency room stole nearly 100 patients' private information and sold it through an encrypted app on his phone.
4. Claxton-Hepburn Medical Center in Ogdensburg, N.Y., terminated an undisclosed number of employees after hospital officials identified breaches of patient health information during a recent internal investigation.
5. Reliable Respiratory in Norwood, Mass., discovered unusual activity on an employee's email account in July, which may have allowed hackers to access an undisclosed number of patients' protected health information.
6. Independence Blue Cross in Pennsylvania notified an undisclosed number of plan members about a potential compromise of their protected health information after an employee uploaded a file containing personal data to a website that was publicly accessible for three months.
7. Nashville, Tenn.-based Aspire Health lost some patient information to an unknown cyberattacker who gained access to its internal email system in September, federal court records filed Sept. 25 show.
8. Lutheran Hospital in Fort Wayne, Ind., canceled all remaining elective surgeries Sept. 18 after its IT team discovered a computer virus on its systems.