The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 34 December healthcare breaches, affecting 313,249 patients. Of the reported incidents, there were 18 breaches due to hacking/IT incidents, 10 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to loss, 2 breaches due to theft, and one breach due to improper disposal of PHI.

December healthcare breaches

Are you following HIPAA law? Find out if your compliance program would hold up against an OCR investigation!

Hacking / IT Incidents Causing December Healthcare Breaches

The majority of December healthcare breaches were due to hacking/IT incidents, with 47.3% of the total breaches reported in December caused by this type of incident. Hacking/IT incidents affected 148,074 patients. The following chart depicts the type of hacking/IT incidents that caused December healthcare breaches, including how many patients were affected by each:

December healthcare breaches - Hacking / IT incidents

  • Network Server Hacks Affected 45,136 Patients
    • The Center for Facial Restoration, Inc.: affected 3,600 patients
    • PediHEalth, PLLC, dba Children’s Choice Pediatrics: affected 12,689 patients
    • Roosevelt General Hospital: affected 28,847 patients
  • Emails Hacks Affected 86,150 Patients
    • Vimly Benefit Solutions, Inc.: affected 2,675 patients
    • Sinai Health System: affected 12,578 patients
    • Aetna affiliated covered entity (ACE): affected 5,991 patients
    • Jewish Social Service Agency: affected 3,145 patients
    • Cheyenne Regional Medical Center: affected 17,549 patients
    • Starmount Life Insurance Company: affected 630 patients
    • Beech Brook: affected 2,636 patients
    • Equinox, Inc.: affected 1,021 patients
    • Sunrise Community Health: affected 7,668 patients
    • Children’s Hope Alliance: affected 4,564 patients
    • Healthcare Administrative Partners: affected 17,693 patients
    • RiverKids Pediatric Home Health: affected 10,000 patients
  • Electronic Medical Record (EMR) Hacks Affected 4,558 Patients
    • btyDENTAL: affected 2,008 patients
    • Conway Medical Center: affected 2,550 patients
  • Other Hacks Affected 12,230 Patients
    • Colorado Department of Human Services: affected 12,230 patients

Unauthorized Access / Disclosures Causing December Healthcare Breaches

The unauthorized access or disclosure of protected health information (PHI) represented 14.4% of the total healthcare breaches in December, affecting 45,124 patients.

December healthcare breaches - Unauthorized access / disclosures

  • Network Server Unauthorized Access Affected 13,137 Patients
    • Aflac: affected 1,601 patients
    • Service Benefit Plan Administrative Services Corporation: affected 11,536 patients
  • Electronic Medical Record (EMR) Unauthorized Access Affected 20,738 Patients
    • Ann & Robert H. Lurie Children’s Hospital of Chicago: affected 4,195 patients
    • Texas Family Psychology Associates, P.C.: affected 12,000 patients
    • North Ottawa Community Health System: affected 4,013 patients
    • Anwan Wellness LLC: affected 530 patients
  • Paper/Films Unauthorized Access Affected 3,087 Patients
    • Texas Children’s Hospital: affected 597 patients
    • Family Care Medical Specialists Group, Inc.: affected 2,490 patients
  • Other Unauthorized Access Affected 8,162 Patients
    • Prestige Health Choice: affected 4,662 patients
    • Sunshine Behavioral Health Group, LLC: affected 3,500 patients

Loss / Theft / Improper Disposal Causing December Healthcare Breaches

December healthcare breaches caused by loss of PHI represented 1.1%, affecting 3,311 patients. Theft of PHI accounted for 36.9% of breaches, affecting 115,566 patients. The improper disposal of PHI represented 0.4% of breaches, affecting 1,174 patients.

December healthcare breaches - Loss / Theft / Improper Disposal

  • Loss of PHI Affected 3,311 Patients
    • INTEGRIS Health, Inc.: affected 500 patients
    • Marion Eye Center, LTD.: affected 811 patients
    • Speight Family Medical, LLC: affected 2,000 patients
  • Theft of PHI Affected 115,566 Patients
    • Therapeutic Oasis of the Palm Beaches LLC: affected 1,100 patients
    • Truman Medical Center, Incorporated: affected 114,466 patients
  • Improper Disposal of PHI Affected 1,174 Patients
    • San Francisco Department of Public Health – Zuckerberg SF General Hospital: affected 1,174 patients

 

 

Need Help with HIPAA?

Let our complete HIPAA solution handle it.