January healthcare breaches predominantly affected healthcare providers with 22 of the 30 reported breaches targeting providers. Of the other breaches reported in January, two affected business associates, while five affected health plans. More details on January healthcare breaches are discussed.
The Department of Health and Human Services’ (HHS’) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients to its online breach portal. In January, 28 organizations were posted on the portal. These breaches affected 957,950 patients, with 95.66% targeting healthcare providers, 2.65% targeting business associates, and 1.7% targeting health plans.
January Healthcare Breaches and Hacking Incidents
As of late, it seems to be that most healthcare breaches occur as the result of hacking or IT incidents, and January was no different. There were 19 hacking / IT incidents posted in January, affecting 913,762 patients, and representing 95.39% of affected patients.
Network Server Hacks Affected 654,780
Of those hacking incidents, seven were network server hacks affecting 654,780 patients, representing 72% of January hacking incidents.
Healthcare Providers:
- County of Ramsey: 8,687 patients affected
- Paraquad, Inc. : 648 patients affected
- Hendrick Health: 640,436 patients affected
- KR Perio, Katherine Rodriguez, DMD: 500 patients affected
- Leon Medical Centers, LLC: 500 patients affected
- Gastroenterology Consultants Ltd: 2,500 patients affected
Health Plans:
- Merrill Iron & Steel Health Benefit Plan: 899 patients affected
- Krapf Group: 610 patients affected
Email Hacks Affected 245,223 Patients
There were nine email hacking incidents affecting 245,223 patients, representing 27% of January hacking incidents.
Healthcare Providers:
- Leonard J. Chabert Medical Center: 2,254 patients affected
- A Renewed Mind: 2,428 patients affected
- Lynn Community Health, Incorporated: 1,800 patients affected
- Montgomery Hospice, Inc.: 1,440 patients affected
- Precision Spine Care: 20,787 patients affected
- Greater Jefferson Healthcare: 2,543 patients affected
- New Bedford Community Health Center: 696 patients affected
- Roper St. Francis Healthcare: 189,761 patients affected
Business Associates:
- Louisiana State University-Health Care Services Division: 8,085 patients affected
- The Richards Group:15,429 patients affected
Electronic Medical Record Hacks Affected 13,759
There was one electronic medical record hack affecting 13,759 patients, representing 1% of January hacking incidents.
Healthcare Providers:
- Florida Hospital Physician Group Inc.: 13,759 patients affected
January Healthcare Breaches and Unauthorized Access or Disclosure
Unauthorized access or disclosure occurs when protected health information (PHI) is accessed or disclosed without authorization. This can be by an organization employee, or an outside entity. In January, there were ten incidents of unauthorized access or disclosure affecting 41,848 patients, representing 4.37% of affected patients.
Email Unauthorized Access or Disclosure Affected 18,369
There were three incidents of email unauthorized access or disclosure in January affecting 18,369 patients, representing 44% of unauthorized access or disclosure incidents.
Healthcare Providers:
- Austin Hearing Service: 600 patients affected
- Inova Health System: 1,680 patients affected
- Walgreen Co.: 16,089 patients affected
Paper/Films Unauthorized Access or Disclosure Affected 15,316
There were three incidents of paper/films unauthorized access or disclosure in January affecting 15,316 patients, representing 44% of unauthorized access or disclosure incidents.
Business Associates:
- Prime Therapeutics, LLC: 1,863 patients affected
Health Plans:
- Public Education Employees’ Health Insurance Plan d/b/a PEEHIP: 1,465 patients affected
- Managed Health Services (MHS): 11,988 patients affected
Other Unauthorized Access or Disclosure Affected 8,163
There were four other incidents of unauthorized access or disclosures causing January healthcare breaches. This included impermissible electronic medical record, network server, and/or desktop computer access or disclosure. These incidents affected 8,163 patients, representing 19.5% of unauthorized access or disclosure incidents.
Healthcare Providers:
- Froedtert Health: 760 patients affected
- Feeling Great Sleep Medical Centers: 5,000 patients affected
- Desert Oasis Healthcare: 1,122 patients affected
Health Plans:
- Wisconsin Department of Health Services: 1,281 patients affected
January Healthcare Breaches and Loss of PHI 2,340
There was one incident of loss of PHI, affecting 2,340 patients, representing 0.24% of January healthcare breaches.
Healthcare Providers:
- WeCare TLC: 2,340 patients affected