The following data breaches were reported within the past four months, beginning with the most recent.
1. Patient Medical Records Found in Dumpster in Florida
Hundreds of patient medical records were found in a dumpster in a Fort Myers, Fla., strip mall. The records, which included patient names, addresses, phone numbers and Social Security numbers, allegedly belonged to Luxor Industries, a physician group in Fort Myers.
2. Carolinas HealthCare System Discloses Data Breach to 5,600 Patients
Charlotte, N.C.-based Carolinas HealthCare System notified 5,600 patients of Carolinas Medical Center-Randolph in Charlotte of a potential data breach from an unauthorized electronic intruder.
3. Data Breach Puts 900 Patients at Grady Memorial Hospital at Risk
Grady Memorial Hospital in Atlanta announced that an estimated 900 patients may have had personal information stolen when an employee of Advanced Data Processing, which handles the hospital's ambulance billing system, illegally stole thousands of patients' data from numerous hospitals nationwide. Patient names, Social Security numbers and dates of birth may have been disclosed.
4. University of Arkansas for Medical Sciences Notifies 1,500 Patients of Data Breach
The University of Arkansas for Medical Sciences in Little Rock notified approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010. UAMS discovered that the former resident kept some patient lists and notes from January 2010 to June 2010, which contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service and other medical information.
5. Blount Memorial Hospital Data Breach Affects 27k Patients
Blount Memorial Hospital in Maryville, Tenn., notified 27,000 patients whose personal information was compromised when an employee's laptop was stolen. The records contained information on approximately 22,000 patients, including their names, dates of birth, responsible party names, addresses, physician names and billing information, and information for an additional 5,000 patients with Social Security numbers and other non-medical data.
6. Kentucky Health Agency Notifies 2,500 of Potential HIPAA Breach
The Cabinet for Health and Family Services in Frankfort, Ky., informed approximately 2,500 clients of a data breach that may have released information held by the Cabinet's Department for Community Based Services. There was no evidence that confidential contents of the email account were accessed or viewed, but the hacker did have access to the email account for a short period of time.
7. Former Harris County Hospital District Employee Allegedly Sold Patient Information as Part of Medicare Kickback Scheme
Around 3,000 patients of Harris County Hospital District in Houston may have had personal information stolen by a former employee who was indicted in a federal court this year for a Medicare kickback scheme involving home healthcare operators.
8. Data on 600 Patients Stolen From Temple Community Hospital in Los Angeles
Temple Community Hospital in Los Angeles warned 600 patients that their personal and medical information was breached when a computer was stolen from a locked office in July. The computer contained CT scans of patients, patient names, the reason for the scans and patients' hospital account numbers. No financial information, Social Security numbers or personal contact information was part of the stolen data.
9. Cancer Care Group Data Breach Exposes Nearly 55,000 Patients
Cancer Care Group in Indianapolis announced a data breach that potentially exposed protected health information for close to 55,000 individuals when a laptop computer was stolen from an employee. The data included names, addresses, dates of birth and Social Security numbers, as well as patients' medical and insurance information and employees' beneficiary, employment or financial information.
10. MD Anderson Cancer Center Employee Loses USB With Patient Data
The University of Texas MD Anderson Cancer Center in Houston notified patients that a USB thumb drive with patient information was lost by an employee on an MD Anderson employee shuttle bus. The thumb drive contained patient names, dates of birth, medical record numbers and diagnoses, treatment and research information. There were no Social Security numbers or other financial information on the thumb drive.
11. Patient Records at Physician Practice in Illinois Held Ransom by Hackers
Electronic medical records for patients of Surgeons of Lake County in Libertyville, Ill., was held hostage by hackers who attacked the computer network, infiltrated and encrypted the server and sent a ransom note to the physicians demanding payment for access to the records.
1. Patient Medical Records Found in Dumpster in Florida
Hundreds of patient medical records were found in a dumpster in a Fort Myers, Fla., strip mall. The records, which included patient names, addresses, phone numbers and Social Security numbers, allegedly belonged to Luxor Industries, a physician group in Fort Myers.
2. Carolinas HealthCare System Discloses Data Breach to 5,600 Patients
Charlotte, N.C.-based Carolinas HealthCare System notified 5,600 patients of Carolinas Medical Center-Randolph in Charlotte of a potential data breach from an unauthorized electronic intruder.
3. Data Breach Puts 900 Patients at Grady Memorial Hospital at Risk
Grady Memorial Hospital in Atlanta announced that an estimated 900 patients may have had personal information stolen when an employee of Advanced Data Processing, which handles the hospital's ambulance billing system, illegally stole thousands of patients' data from numerous hospitals nationwide. Patient names, Social Security numbers and dates of birth may have been disclosed.
4. University of Arkansas for Medical Sciences Notifies 1,500 Patients of Data Breach
The University of Arkansas for Medical Sciences in Little Rock notified approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010. UAMS discovered that the former resident kept some patient lists and notes from January 2010 to June 2010, which contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service and other medical information.
5. Blount Memorial Hospital Data Breach Affects 27k Patients
Blount Memorial Hospital in Maryville, Tenn., notified 27,000 patients whose personal information was compromised when an employee's laptop was stolen. The records contained information on approximately 22,000 patients, including their names, dates of birth, responsible party names, addresses, physician names and billing information, and information for an additional 5,000 patients with Social Security numbers and other non-medical data.
6. Kentucky Health Agency Notifies 2,500 of Potential HIPAA Breach
The Cabinet for Health and Family Services in Frankfort, Ky., informed approximately 2,500 clients of a data breach that may have released information held by the Cabinet's Department for Community Based Services. There was no evidence that confidential contents of the email account were accessed or viewed, but the hacker did have access to the email account for a short period of time.
7. Former Harris County Hospital District Employee Allegedly Sold Patient Information as Part of Medicare Kickback Scheme
Around 3,000 patients of Harris County Hospital District in Houston may have had personal information stolen by a former employee who was indicted in a federal court this year for a Medicare kickback scheme involving home healthcare operators.
8. Data on 600 Patients Stolen From Temple Community Hospital in Los Angeles
Temple Community Hospital in Los Angeles warned 600 patients that their personal and medical information was breached when a computer was stolen from a locked office in July. The computer contained CT scans of patients, patient names, the reason for the scans and patients' hospital account numbers. No financial information, Social Security numbers or personal contact information was part of the stolen data.
9. Cancer Care Group Data Breach Exposes Nearly 55,000 Patients
Cancer Care Group in Indianapolis announced a data breach that potentially exposed protected health information for close to 55,000 individuals when a laptop computer was stolen from an employee. The data included names, addresses, dates of birth and Social Security numbers, as well as patients' medical and insurance information and employees' beneficiary, employment or financial information.
10. MD Anderson Cancer Center Employee Loses USB With Patient Data
The University of Texas MD Anderson Cancer Center in Houston notified patients that a USB thumb drive with patient information was lost by an employee on an MD Anderson employee shuttle bus. The thumb drive contained patient names, dates of birth, medical record numbers and diagnoses, treatment and research information. There were no Social Security numbers or other financial information on the thumb drive.
11. Patient Records at Physician Practice in Illinois Held Ransom by Hackers
Electronic medical records for patients of Surgeons of Lake County in Libertyville, Ill., was held hostage by hackers who attacked the computer network, infiltrated and encrypted the server and sent a ransom note to the physicians demanding payment for access to the records.