The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) publicly posts reported breaches affecting 500 or more patients. In September, there were 77 healthcare breaches posted to the OCR breach portal. These large-scale breaches affected 9,057,414 patients. More details on September healthcare breaches are discussed below.
September Healthcare Breaches: 9 Million Patients Affected by Hacking Incidents
The majority of September healthcare breaches were the result of hacking incidents, with 70 healthcare organizations targeted, accounting for 99.54% of breaches. These types of breaches exposed 9,015,461 patients’ protected health information (PHI).
Organizations that fell victim to hacking incidents included healthcare providers (92.86% of hacking incidents), business associates (5.71% of hacking incidents), and a health plan (1.43% of hacking incidents). Of the 70 hacking incidents in September, 55 were network server hacks, 12 were email hacks, one was an Electronic Medical Records hack, and 2 were classified as other.
Network Server Hacks Affected 8,656,782 Patients
â—ˆ North Memorial Health: affected 21,236 patients
â—ˆ MedStar Health, Inc.: affected 668 patients
â—ˆ Magnolia Pediatrics: affected 12,861 patients
â—ˆ OrthoAtlanta, LLC: affected 5,600 patients
â—ˆ Sheltering Arms Physical Rehabilitation Centers: affected 683 patients
â—ˆ Accents on Health: affected 2,000 patients
â—ˆ Catholic Health System: affected 61,267 patients
â—ˆ Nuvance Health (on behalf of its covered entities): affected 314,829 patients
â—ˆ Gillette Children’s Specialty Healthcare: affected 1,766 patients
â—ˆ Bluegrass Care Navigators: affected 2,343 patients
â—ˆ Devereux Advanced Behavioral Health: affected 1,758 patients
â—ˆ Joslin Diabetes Center: affected 71,160 patients
â—ˆ Life Enriching Communities: affected 2,345 patients
â—ˆ Trinity Health: affected 3,320,726 patients
â—ˆ University of Tennessee Medical Center: affected 234,954 patients
â—ˆ Iowa Health System dba UnityPoint Health Affiliated Covered Entity: affected 27,410 patients
â—ˆ June E. Nylen Cancer Center: affected 500 patients
â—ˆ Prelude Behavioral Services: affected 699 patients
â—ˆ Christiana Care Health Services, Inc.: affected 1,229 patients
â—ˆ Connecticut Children’s Medical Center: affected 2,633 patients
â—ˆ The Christ Hospital Health Network: affected 183,265 patients
â—ˆ Texas Children’s Hospital: affected 1,987 patients
â—ˆ Roswell Park Comprehensive Cancer Center: affected 141,669 patients
â—ˆ UMass Memorial Medical Center: affected 87,420 patients
â—ˆ USA Health: affected 52,344 patients
â—ˆ University Health Systems of Eastern Carolina, Inc. dba Vidant Health: affected 77,942 patients
â—ˆ Lehigh Valley Health Network: affected 81,487 patients
â—ˆ Veterans Health Administration: affected 44,308 patients
â—ˆ Catholic Medical Center: affected 18,623 patients
â—ˆ Mount Sinai Health System: affected 87,535 patients
â—ˆ Augusta Health Care, Inc. d/b/a Augusta Health: affected 3,061 patients
â—ˆ Allina Health: affected 199,389 patients
â—ˆ Community Medical Centers: affected 43,667 patients
â—ˆ Hebrew SeniorLife, Inc.: affected 27,244 patients
â—ˆ Riverside Health System: affected 54,151 patients
â—ˆ Piedmont Healthcare, Inc.: affected 111,588 patients
â—ˆ Adventist HealthCare: affected 13,041 patientsÂ
â—ˆ Medical University of South Carolina: affected 54,869 patients
â—ˆ Community Health Network, Inc.: affected 81,118 patients
â—ˆ Children’s Minnesota: affected 160,268 patients
â—ˆ Enloe Medical Center: affected 33,575 patients
◈ SCL Health – Colorado (affiliated covered entity): affected 343,493 patients
◈ SCL Health – Montana (affiliated covered entity): affected 93,642 patients
◈ SCL Health – Kansas (affiliated covered entity): affected 3,845
â—ˆ Inova Health System: affected 1,045,270 patients
â—ˆ Baylor College of Medicine : affected 4,500 patientsÂ
â—ˆ University of Kentucky HealthCare: affected 163,774 patients
â—ˆ Virginia Mason Medical Center: affected 244,761 patients
â—ˆ The Guthrie Clinic: affected 92,064 patients
â—ˆ Roper st. Francis Healthcare: affected 92,963 patients
â—ˆ Regions Hospital: affected 52,795 patients
â—ˆ NorthShore University HealthSystem: affected 348,746 patients
â—ˆ The Baton Rouge Clinic, A Medical Corporation: affected 308,000 patients
â—ˆ Atrium Health: affected 165,000 patients
â—ˆ Spectrum Health: affected 52,711 patients
Email Hacks Affected 321,845 Patients
â—ˆ Oaklawn Hospital: affected 26,861 patients
â—ˆ Seven Counties Services, Inc.: affected 13,375 patients
â—ˆ UCare Minnesota: affected 4,806 patients
â—ˆ University of Missouri Health Care: affected 189,736 patients
â—ˆ Alameda Health System: affected 2,691 patients
â—ˆ Piedmont Cancer Institute, P.C.: affected 5,226 patients
â—ˆ SOUTHERN INDIAN HEALTH COUNCIL, INC.: affected 695 patients
â—ˆ Specialized Alternatives for Families & Youth of America, Inc.: affected 58,123 patients
â—ˆ Mental Health Center of Boulder County Inc. dba Mental Health Partners: affected 2,650 patients
â—ˆ Lycoming-Clinton Joinder Board Programs: affected 3,905 patients
â—ˆ Starling Physicians, PC: affected 7,777 patients
â—ˆ Roper St. Francis Healthcare: affected 6,000 patients
Electronic Medical Record Hacks Affected 2,850 Patients
â—ˆ Mono County: affected 2,850 patients
Other Hacks Affected 33,984 PatientsÂ
â—ˆ Our Lady of the Lake: affected 31,166 patients
â—ˆ George West Mental Health Foundation dba Skyland Trail: affected 2,818 patients
September Healthcare Breaches: 41,953 Patients Affected by Other Incidents
There were 7 incidents that occurred that weren’t related to hacking, all of which affected healthcare providers. These 7 incidents represented 0.45% of September healthcare breaches, with 0.33% due to unauthorized access/disclosure, 0.07% due to theft, 0.05% due to loss, and 0.01% due to improper disposal of PHI.
Unauthorized Access/Disclosure Affected 29,983 Patients
â—ˆ Advocate Aurora Health: affected 2,979 patients
â—ˆ Total Urology Care of New York PLLC: affected 23,000 patients
â—ˆ Montefiore Medical Center: affected 4,004 patients
Theft Affected 5,956 Patients
â—ˆ H. Lee Moffitt Cancer Center & Research Institute: affected 4,056 patients
â—ˆ Lifetime Middleton LLC: affected 1,900 patients
Loss Affected 4,938 Patients
â—ˆ Erlanger Health System: affected 4,938 patients
Improper Disposal Affected 1,076 Patients
â—ˆ Carnegie Tri-County Municipal Hospital: affected 1,076 patients