At least five healthcare organizations have confirmed they were affected in a data breach by revenue cycle and patient billing vendor Med-Data.
The vendor discovered the breach when an independent journalist contacted Med-Data about patients' personal health information being published online, according to Med-Data's news release.
An investigation concluded that a former employee saved PHI to personal folders and uploaded the files to a public website.
There are at least five health systems and hospitals affected by the breach. HHS' data breach portal reported 135,908 individuals have been affected.
Here are the organizations that have reported Med-Data breaches so far, ranked by the number of individuals affected:
University Health (San Antonio): 2,704
Memorial Hermann Health System (Houston): 1,893
University of Chicago Medicine: almost 900
Aspirus (Wausau, Wis.): Unknown
OSF Healthcare (Peoria, Ill.): Unknown