10 most recent HIPAA breaches
As the year 2015 draws to a close with a warning that healthcare – more than ever before – has become a target for cyber security attacks, we list the most recent data breaches reported to the HHS Office for Civil Rights. All 10 were reported in December.
1. 12/01: Centegra Health System, Il, affected 2,929 people.
A mailing snafu may have exposed personal information of patients.
2. 12:01: Cottage Health, Calif. Affected 11,000 people
In a statement, Cottage Health officials said limited information from as many as 11,000 patients was exposed.
"Cottage Health recently hired a team of cyber security experts to test our data systems," the statement said. "This team discovered a single server that was exposed. We immediately shut down this server and began an investigation."
3. 12/02 Univesity of Colorado Heath, Co. 827 people affected.
A nurse at Poudre Valley Hospital was fired for viewing patients' medical records out of personal curiosity, the Coloradoan reported.
University of Colorado Health, which operates PVH and Medical Center of the Rockies in Loveland, is notified patients that an employee inappropriately accessed their electronic medical records.
4. 12/03 Blue Cross Blue Shield of Nebraska, 1,872 people affected
Blue Cross and Blue Shield of Nebraska notified beneficiaries that a printing error caused some dental explanation of benefits forms to be sent to the wrong customers. The forms revealed treatment and services that the insurer paid for their insured.
5. 2/03 CamelBack Women's Health, Ariz., 810 people affected
6. 2/4 Middlesex Hospital, Conn., 946 people affected
7. 12/8 Maine General Health and subsidiaries, 500 people affected
On Nov. 13, 2015, the FBI notified MaineGeneral that agents had detected MaineGeneral data on an external website that is not accessible by the general public. The data affected includes the dates of birth and emergency contact names, addresses, and telephone numbers for certain patients referred by a treating physician to MaineGeneral Medical Center for radiology services since June 2009.
See also: MaineGeneral, FBI probe cyber attack.]
8. 12/11 Mary Ruth Buchness, N.Y., 14,910 people affected
Mary Ruth Buchness, a dermatologist practicing in New York City, accidentally emailed a list of nearly 15,000 patient names and corresponding addresses, appointment dates and Social Security numbers.
9. 12/15 New Mexico Department of Health, 561 people affected
10. 12/18 Physicians Health Plan of Northern Indiana, 1,708 people affected
Scroll OCR's complete list of HIPAA violations here.