The following data breaches occurred over the past two months, beginning with the most recent.
1. Orlando (Fla.) Health began notifying patients July 2 of a data breach after discovering a nursing assistant had accessed patient records in a manner unrelated to job responsibilities. Orlando Health said in a news release that there is no evidence the data was copied or used illegally but it may have included names, birth dates, addresses, medications, test results and the last four digits of Social Security numbers.
2. Hagerstown, Md.-based Meritus Health began mailing notification letters June 26 to more than 1,000 people whose data may have been stolen, after a routine audit revealed a security breach. The personal information at risk includes date of birth, age, gender and medical records such as treatment and diagnosis information. Meritus has also said that some Social Security numbers were compromised.
3. On June 24, federal prosecutors convicted a former employee of Ascension Parish Health Unit in Louisana for accessing personal identifying information of individuals and selling the information to file fraudulent tax returns. The former employee pled guilty to gaining access to patient information in the health unit's database, taking the information and selling it to another person, who used the information to file fraudulent federal tax returns.
4. On June 15, Lancaster County (S.C.) Emergency Medical Services began notifying patients of a potential data breach after two flash drives and two hard drives were missing from a county building. More than 100,000 records may have been contained on the hardware.
5. On June 11, the Texas Department of Aging and Disability Services announced that the protected health information of approximately 6,600 Medicaid recipients may have been released unintentionally. The agency stated that a web application intended for internal use only was accessible on the Internet. The application contained patients' names, residences, addresses, birth dates, Social Security numbers, medical diagnoses and treatment information.
6. The U.S. Office of Personnel Management announced June 4 that a computer system hack compromised the data of nearly 4 million government workers. An investigation following the breach found the attacks may have been perpetrated by the same hackers responsible for the Anthem and Premera Blue Cross breaches earlier this year.
7. U.S. Healthworks, a Valencia, Calif-based subsidiary of San-Francisco-based Dignity Health, notified employees May 30 of a potential data breach after a laptop was stolen from an employee's car. U.S. Healthworks has not disclosed how many individuals may be affected by the breach.
8. Bronx, N.Y.-based Montefiore Health System received word May 15 from law enforcement that an employee had stolen the personal health information of more than 12,000 patients. Montefiore fired the employee, who has also been arrested and is facing prosecution. Eight others believed to be involved in a "theft ring" related to the crime have been indicted.
9. Great Neck, N.Y.-based North Shore-Long Island Jewish Health System confirmed May 11 that four laptops containing the health information of approximately 18,000 of its patients had been stolen from the offices of collections firm Global Care Delivery. The information included names, birth dates, internal account numbers, insurance information and diagnosis and procedure codes. Social Security numbers of approximately 2,000 patients were also included.