October healthcare breaches, listed on the Office for Civil Rights’ (OCR) “wall of shame” affected 623,888 patients. Only healthcare breaches affecting more than 500 individuals are listed on the OCR’s site, making it likely that several other patients were affected by smaller breaches. There were 51 reported breaches in October, of the reported breaches, 18 involved hacking/IT incidents, 27 were due to unauthorized access/disclosure, 3 were the result of loss, 2 were from theft, and one was caused by the improper disposal of protected health information (PHI). 

Protecting your Organization From Healthcare Breaches

Healthcare breaches are increasing in frequency, with more healthcare breaches occurring each month. The best way to protect your organization from falling victim to a healthcare breach is by implementing an effective HIPAA compliance program that ensures that PHI is adequately protected.

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

The Department of Health and Human Services (HHS) released guidelines on what an effective HIPAA compliance program is, identifying seven elements of an effective HIPAA compliance program:

  1. Implementing written policies, procedures, and standards of conduct
  2. Designating a compliance officer and compliance committee
  3. Conducting effective training and education
  4. Developing effective lines of communication
  5. Conducting internal monitoring and auditing
  6. Enforcing standards through well-publicized disciplinary guidelines
  7. Responding promptly to detected offenses and undertaking corrective action

Implementing a HIPAA compliance program that covers the full extent of the HIPAA regulation can be difficult, as such, when developing a HIPAA compliance program it is best to consult an expert.

What was the Cause Behind the October Healthcare Breaches?

October healthcare breaches were caused for several reasons, below is a breakdown of the breaches, including how many patients were affected by each.

Hacking/IT Incident

  • Email
    • The Guidance Center: hacking incident affecting 1,189
    • Greater Cincinnati Pathologists, Inc.: hacking incident affecting 7,725
    • Kalispell Regional Healthcare: hacking incident affecting 140,209
    • Self Regional Healthcare: hacking incident affecting 2,661
    • LaBorde Therapy Center LLC: hacking incident affecting 7,000
    • Hamlin & Burton Liability Management, Inc.: hacking incident affecting 1,500
    • Central Valley Regional Center: hacking incident affecting 15,975
    • The Methodist Hospitals, Inc.: hacking incident affecting 68,039
    • University of Alabama at Birmingham: hacking incident affecting 19,557
  • Network Server
    • Betty Jean Kerr People’s Health Centers: hacking incident affecting 152,000
    • TOTS & TEENS PEDIATRICS: hacking incident affecting 31,787
    • Monterey Health Center: hacking incident affecting 5,400
    • South Texas Dermatopathology Laboratory: hacking incident affecting 15,982
  • Other
    • Prisma Health – Midlands: hacking incident affecting 19,060
    • Wheatland Dental Care: hacking incident affecting 955
    • Artesia General Hospital: hacking incident affecting 858
    • Magnolia Pediatrics: hacking incident affecting 11,100
    • Euphemia R. Brumskine, MD, LLC: hacking incident affecting 850

Unauthorized Access/Disclosure

  • Email
    • United States Medical Supply, LLC.: unauthorized access/disclosure affecting 674
    • Chronic Care Management Inc.: unauthorized access/disclosure 612
    • Buckhead Smile Center, P.C.: unauthorized access/disclosure 1,655
    • Seattle Cancer Care Alliance: unauthorized access/disclosure 944
    • Humana Inc: unauthorized access/disclosure 756
  • Network Server
    • Virginia Department of Behavioral Health & Developmental Services: unauthorized access/disclosure affecting 1,442
  • Electronic Medical Records
    • Roswell Park Comprehensive Cancer Center: unauthorized access/disclosure affecting 584
    • Defense Health Headquarters: unauthorized access/disclosure affecting 3,500
    • Paper/Films
    • San Francisco Department of Public Health: unauthorized access/disclosure affecting 622
    • Sioux Falls VA Health Care System: unauthorized access/disclosure affecting 564
  • Other
    • Texas Health Harris Methodist Hospital Hurst-Euless-Bedford: unauthorized access/disclosure affecting 4,804
    • Texas Health Presbyterian Hospital Dallas: unauthorized access/disclosure affecting 12,415
    • Texas Health Harris Methodist Hospital Alliance: unauthorized access/disclosure affecting 3,784
    • Texas Health Presbyterian Hospital Denton: unauthorized access/disclosure affecting 6,688
    • Texas Health Harris Methodist Hospital Azle: unauthorized access/disclosure affecting 2,113
    • Texas Health Harris Methodist Hospital Cleburne: unauthorized access/disclosure affecting 2,737
    • Texas Health Harris Methodist Hospital Southwest Fort Worth: unauthorized access/disclosure affecting 7,478
    • Texas Health Presbyterian Hospital Rockwall: unauthorized access/disclosure affecting 4,789
    • Texas Health Harris Methodist Hospital Stephenville: unauthorized access/disclosure affecting 1,348
    • Texas Health Harris Methodist Southlake: unauthorized access/disclosure affecting 525
    • Texas Health Arlington Memorial: unauthorized access/disclosure affecting 6,187
    • Texas Health Presbyterian Hospital Plano: unauthorized access/disclosure affecting 9,678
    • Texas Health Harris Methodist Hospital Kaufman: unauthorized access/disclosure affecting 2,157
    • Texas Health Harris Methodist Hospital Fort Worth: unauthorized access/disclosure affecting 14,881
    • Texas Health Presbyterian Hospital Allen: unauthorized access/disclosure affecting 2,993
    • Arkansas Health Group: unauthorized access/disclosure affecting 903
    • Gary Smith and assoc inc DBA gary smith agency: unauthorized access/disclosure affecting 2,000

Loss

  • Paper/Films
    • The Kroger Co., for itself and its affiliates and subsidiaries: loss affecting 4,812
    • The Kroger Co., for itself and its affiliates and subsidiaries: loss affecting 2,752
    • Portable Electronic Device
    • Walmart Inc.: loss affecting 4,211

Theft

  • Laptop
    • Abdul Memon, MD PLLC: theft affecting 1,000
    • The Affiliated Sante Group: theft affecting 679

Improper Disposal of PHI

  • Electronic Medical Record/Network Server
    • Southern New Mexico Neurosurgery LLC: improper disposal of PHI affecting 11,754

HIPAA Violations and HIPAA Fines

All of the breaches listed above are considered HIPAA violations and are currently under investigation by the Office for Civil Rights (OCR). Once investigations have been completed, it is likely that many of these organizations will be subject to HIPAA fines and remediation efforts.

Avoid HIPAA fines by becoming HIPAA compliant today!

Prevent HIPAA Breaches

Don’t fall victim to breaches. Protect your business by becoming compliant today!