1 Million Patients Affected by June 2021 Healthcare Breaches

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients on their online breach portal. Each month, we review those breaches to determine what the leading cause behind the previous month’s breaches are. June 2021 healthcare breaches affected 1,039,442 patients, and were predominantly the result of hacking incidents, representing 90.37% of patients affected by June’s breaches.

The breaches reported in June mostly targeted healthcare providers:

• 71.66% of patients affected by June’s breaches were targeted through healthcare providers
• 22.31% of patients affected by June’s breaches were targeted through business associates
• 6.02% of patients affected by June’s breaches were targeted through health plans
• 90.37% of patients affected by June’s breaches were the result of hacking incidents

Hacking Incidents Affected 939,318 Patients

June 2021 hacking incidents affected 939,318 patients. Of those incidents, 69.48% targeted healthcare providers, 24.45% targeted business associates, and 6.08% targeted health plans.

• 66.50% were targeted through their network server
• 25.84% were targeted through their email
• 4.79% were classified as “other”
• 2.87% were targeted through their electronic medical record platform

Healthcare Providers:

• Northwestern Memorial HealthCare: 201,197 patients affected
• San Juan Regional Medical Center: 68,792 patients affected
• Renown Health: 65,181 patients affected
• Minnesota Community Care: 64,855 patients affected
• Francisco J. Pabalan MD, INC: 50,000 patients affected
• Reproductive Biology Associates, LLC and its affiliate My Egg Bank, LLC: 38,000 patients affected
• UW Medicine: 18,389 patients affected
• Cancer Care Center: 18,000 patients affected
• Temple University Hospital, Inc.: 16,356 patients affected
• Mississippi Center for Advanced Medicine, PC: 9,664 patients affected
• Epic Care: 9,000 patients affected
• Jones Memorial Hospital: 8,962 patients affected
• Carle Cancer Institute Normal: 8,066 patients affected
• Cancer Centers of Southwest Oklahoma, LLC: 8,000 patients affected
• Charles E. Jones DDS PC, DBA Jones Family Dental: 6,493 patients affected
• Neighborhood Healthcare Inc. d.b.a. Neighborhood Family Practice: 6,156 patients affected
• Golden Care Pharmacy LLC: 5,530 patients affected
• Ankle and Foot Physicians and Surgeons PLLC: 5,244 patients affected
• St. Charles Health System, Inc.: 4,687 patients affected
• Singing River Health System: 4,658 patients affected
• University of Wisconsin Hospitals and Clinics Authority: 4,318 patients affected
• Glacier Medical Associates: 3,007 patients affected
• Hill Country Community Clinic dba Hill Country Health and Wellness Center: 2,658 patients affected
• Little Hill Foundation for the Rehabilitation of Alcoholics, Inc. d/b/a Alina Lodge: 2,565 patients affected
• Physicians Dialysis: 2,533 patients affected
• Fairbanks Cancer Care Physicians, P.C.: 2,426 patients affected
• Dental Center of Westport Group LLC: 2,175 patients affected
• Tiburcio Vasquez Health Center Inc.: 2,042 patients affected
• Dermatology Group of Arkansas, PA: 1,579 patients affected
• Hosparus, Inc. dba Care Guide Partners Inc.: 1,545 patients affected
• United Neighborhood Health Services d/b/a Neighborhood Health: 1,519 patients affected
• Tri-County Family Medicine: 1,438 patients affected
• JFK Medical Associates, PA d/b/a Coastal Medical Group: 1,304 patients affected
• Abode Services: 1,172 patients affected
• East Jordan Family Health Center: 1,151 patients affected
• The Recovery Project, LLC: 1,103 patients affected
• Penn Foundation: 768 patients affected
• Centura Health: 738 patients affected
• Turning Point Clinic: 700 patients affected
• Steward Medical Group: 640 patients affected

Health Plans:

• Prominence Health Plan: 45,000 patients affected
• Wisconsin Department of Health Services: 2,868 patients affected
• Superior HealthPlan: 2,781 patients affected
• AtriCure, Inc. Group Health Plan: 2,487 patients affected
• PA Health & Wellness, Inc.: 1,325 patients affected
• Absolute Total Care: 1,286 patients affected
• Spire Power Solutions, L.P.: 800 patients affected
• Health Care Service Corp: 543 patients affected

Business Associates:

• MultiPlan: 214,956 patients affected
• Discovery Practice Management, Inc.: 13,611 patients affected
• Care Inns of Texas, Ltd: 550 patients affected
• PracticeMax, Inc.: 500 patients affected

Unauthorized Access to PHI or Disclosure Affected 81,764 Patients

June 2021 incidents of unauthorized access or disclosure of PHI affected 81,764 patients. Of those incidents, 90.42% affected healthcare providers, 6.74% affected health plans, and 2.84% affected business associates.

• 84.38% of unauthorized access occurred through email
• 11.32% of unauthorized access occurred through electronic medical records
• 4.30% of unauthorized access were classified as “other”

Healthcare Providers:

• UofL Health, Inc.: 42,465 patients affected
• Jawonio: 13,313 patients affected
• Aultman Health Foundation: 7,354 patients affected
• South Texas Health System: 6,761 patients affected
• Falcon Group International Corp: 1,900 patients affected
• Moses Lake Community Health Center: 1,190 patients affected
• Springfield Psychological: 948 patients affected

Health Plans:

• Providence Health Plan: 5,509 patients affected

Business Associates:

• CVS Caremark: 2,324 patients affected

Loss, Theft, or Improper Disposal of PHI Affected 18,360 Patients

There was one incident each of loss, improper disposal, and theft of PHI.

• Walmart Inc.: loss of PHI affected 14,532 patients
• Eye Consultants of Atlanta / Piedmont System Ambulatory Surgery Center, LLC: improper disposal of PHI affected 2,662 patients
• Pediatrix Cardiology of Washington, P.C. d/b/a NorthWest Congenital Heart Care: theft of PHI affected 1,166 patients