The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 39 February healthcare breaches, affecting 1,531,855 patients. Of the reported incidents, there were 26 breaches due to hacking/IT incidents, 6 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to theft, 2 breaches due to loss, and 2 breaches due to improper disposal of PHI.

February healthcare breaches

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

February Healthcare Breaches: Hacking / IT Incidents

The majority of February healthcare breaches occurred as a result of hacking / IT incidents, with 54.8% of total breaches due to this type of incident. The 26 instances of hacking / IT incidents in February affected 839,226 patients. The following chart depicts the location of the incidents, meaning where, within the organization, the hacking / IT incidents occurred. 

Hacking / IT Incidents
Email Hacks Affected 603,916 Patients

  • Ozark Orthopaedics, PA: affected 15,240 patients
  • Interactive Medical Systems, Corp.: affected 15,010 patients
  • Munson Healthcare: affected 75,202 patients
  • Engage Behavioral Health: affected 650 patients
  • Rainbow Hospice Care, Inc.: affected 2,029 patients
  • Endeavor Energy Resources, L.P.: affected 5,103 patients
  • NCH Healthcare System, Inc.: affected 63,581 patients
  • Monroe County Hospital & Clinics: affected 7,573 patients
  • United Regional Health Care System : affected 1,893 patients
  • Aveanna Healthcare: affected 166,077 patients
  • James F. Collette DDS & David N. Hamilton DDS PLLC: affected 552 patients
  • Tennessee Orthopaedic Alliance: affected 81,146 patients
  • Peregrine Corporation d/b/a PSL Services: affected 501 patients
  • Audiology Services Company USA, LLC: affected 3,917 patients
  • Relation Insurance, Inc., d/b/a Relation Insurance Services of Georgia: affected 4,335 patients
  • VibrantCare Rehabilitation, Inc.: affected 1,655 patients
  • Overlake Medical Center & Clinics: affected 109,000 patients
  • Shields Health Solutions: affected 1,277 patients
  • JDC Healthcare Management: affected 45,748 patients
  • Lincoln National Life Insurance Company and its affiliate Lincoln Life & Annuity Company of New York: affected 2,468 patients
  • Iredell-Statesville Schools Board of Education: affected 959 patients

Network Server Hacks Affected 235,310 Patients

  • Alameda Alliance for Health: affected 500 patients
  • SOLO Laboratories, Inc.: affected 60,000 patients
  • BST & Co. CPAs, LLP: affected 170,000 patients
  • Vision Care Specialists, P.C. a part of MyEyeDr. Optometry of Colorado, P.C.: affected 1,475 patients
  • UnitedHealth Group Health Plan Single Affiliated Covered Entity: affected 3,335 patients

Is your organization protected against breaches? Download the free cybersecurity eBook to get tips on how to protect your patient information.

February Healthcare Breaches: Unauthorized Access / Disclosures

A small number February healthcare breaches occurred as a result of unauthorized access / disclosures, with just 1% of total breaches due to this type of incident. The 6 instances of unauthorized access / disclosures in February affected 15,826 patients. The following chart depicts the location of the incidents, meaning where, within the organization, the unauthorized access / disclosures occurred. 

Unauthorized Access / Disclosures

Unauthorized Access / Disclosures: Email Affected 2,852 Patients

  • The Queen’s Health Systems Affiliated Covered Entity: affected 2,852 patients

Unauthorized Access / Disclosures: Paper / Films Affected 6,293 Patients

  • Riverview Health: affected 2,610 patients
  • Government Employees Health Association, Inc.: affected 696 patients
  • Mercy Health Physician Partners: affected 2,487 patients
  • Kaiser Health Plan, Southern California: affected 500 patients

Unauthorized Access / Disclosures: Other Affected 6,681 Patients

  • Walgreen Co.: affected 6,681 patients

Avoid HIPAA fines by becoming HIPAA compliant today!

February Healthcare Breaches: Theft / Improper Disposal / Loss

The second highest reason behind February healthcare breaches was theft, with 42.8% of total breaches due to this type of incident. The 3 instances of theft in February affected 655,392 patients. Improper disposal of protected health information (PHI) caused 1% of total February healthcare breaches. The 2 instances of theft in February affected 15,507 patients. The smallest number of February healthcare breaches were due to loss of PHI, affecting 5,904 patients, accounting for just 0.4% of breaches. The following chart depicts the incidents of loss, theft, and improper disposal of PHI.

Loss / Theft / Improper Disposal

Theft of PHI Affected 655,392 Patients

  • Armada Physical Therapy of Albuquerque, LLC: affected 500 patients
  • Health Share of Oregon: affected 654,362 patients
  • Arizona Pain and Spine Institute: affected 530 patients

Improper Disposal of PHI Affected 15,507 Patients

  • Today’s Vision Willowbrook (acquired by Capital Vision Services d/b/a MyEyeDr. (MED Southwest PLLC): affected 7,983 patients
  • SAMA HealthCare Services: affected 7,524 patients

Loss of PHI Affected 5,904 Patients

  • Harris County Hospital District d/b/a Harris Health System: affected 2,298 patients
  • Walmart Inc.: affected 3,606 patients
Healthcare Compliance Software - CG

Prevent HIPAA Breaches

Don’t fall victim to breaches. Protect your business by becoming compliant today!