10 most recent HIPAA breaches

All listed on OCR this month
By Bernie Monegain
10:30 AM
Share
laptop breach

As the year 2015 draws to a close with a warning that healthcare – more than ever before – has become a target for cyber security attacks, we list the most recent data breaches reported to the HHS Office for Civil Rights. All 10 were reported in December.

1. 12/01: Centegra Health System, Il, affected 2,929 people.

A mailing snafu may have exposed personal information of patients.

2. 12:01: Cottage Health, Calif. Affected 11,000 people

In a statement, Cottage Health officials said limited information from as many as 11,000 patients was exposed.

"Cottage Health recently hired a team of cyber security experts to test our data systems," the statement said. "This team discovered a single server that was exposed. We immediately shut down this server and began an investigation."

3. 12/02 Univesity of Colorado Heath, Co. 827 people affected.

A nurse at Poudre Valley Hospital was fired for viewing patients' medical records out of personal curiosity, the Coloradoan reported.

University of Colorado Health, which operates PVH and Medical Center of the Rockies in Loveland, is notified patients that an employee inappropriately accessed their electronic medical records.

4. 12/03 Blue Cross Blue Shield of Nebraska, 1,872 people affected

Blue Cross and Blue Shield of Nebraska notified beneficiaries that a printing error caused some dental explanation of benefits forms to be sent to the wrong customers. The forms revealed treatment and services that the insurer paid for their insured.

5. 2/03 CamelBack Women's Health, Ariz., 810 people affected

6. 2/4 Middlesex Hospital, Conn., 946 people affected

7. 12/8 Maine General Health and subsidiaries, 500 people affected

On Nov. 13, 2015, the FBI notified MaineGeneral that agents had detected MaineGeneral data on an external website that is not accessible by the general public. The data affected includes the dates of birth and emergency contact names, addresses, and telephone numbers for certain patients referred by a treating physician to MaineGeneral Medical Center for radiology services since June 2009.

See also: MaineGeneral, FBI probe cyber attack.]

8. 12/11 Mary Ruth Buchness, N.Y., 14,910 people affected

Mary Ruth Buchness, a dermatologist practicing in New York City, accidentally  emailed  a list of nearly 15,000 patient names and corresponding addresses, appointment dates and Social Security numbers.

9. 12/15 New Mexico Department of Health, 561 people affected

10. 12/18 Physicians Health Plan of Northern Indiana, 1,708 people affected

See our slideshow of breaches reported over all of 2015.

Scroll OCR's complete list of HIPAA violations here.