Nine privacy incidents at healthcare organizations captured public attention last month.
While media outlets reported on the following breaches in November, healthcare organizations experienced the breaches as early as November 2016.
Here are the nine incidents, as reported by Becker's Hospital Review. The incidents are presented in order of number of patients affected.
1. A grand jury in New Jersey indicted two Iranian hackers in connection with a ransomware campaign that crippled more than 200 organizations, including Allscripts and several hospitals, universities and cities.
2. Charlotte, N.C.-based Atrium Health notified 2.65 million individuals after its third-party billing vendor AccuDoc Solutions was hacked in late September.
3. New York Oncology Hematology in Albany mailed letters to all of its 128,400 patients and employees notifying them that some of their protected health information may have been accessed as the result of an email phishing attack.
4. Health First, a nonprofit community health system comprising four hospitals in Brevard County, Fla., notified 42,000 patients of a potential compromise of their personal information.
5. Mason City-based Mercy Medical Center-North Iowa mailed notification letters to about 1,900 patients after discovering a former employee may have inappropriately accessed their protected health information.
6. Upstate University Hospital in Syracuse, N.Y., notified 1,216 patients of a breach after it learned that an employee had accessed their medical records without authorization.
7. A surgeon at Lexington-based University of Kentucky HealthCare recently sent two emails containing detailed patient information to roughly 60 individuals, including a news producer at an ABC News affiliate.
8. Two hospitals owned by Ohio Valley Health Services & Education Corp. confirmed patients' health records remained secure despite an attempted ransomware attack Nov. 23.
9. Altus Baytown (Texas) Hospital posted a notice to its website alerting patients of a potential compromise of their protected health information stemming from a September ransomware attack.