Each month we provide an overview of the healthcare breaches occurring in the previous month. In November, healthcare breaches affected 1,157,813 patients. November healthcare breaches are discussed below.
The breaches reported by the Department of Health and Human service on their breach portal included 48 breaches affecting 35 healthcare providers, 7 business associates, and 6 health plans.
November Healthcare Breaches and Hacking/IT Incidents
The majority of November healthcare breaches occurred as a result of hacking/IT incidents. There were 24 hacking/IT incidents affecting 886,645 patients. Of these incidents, 21 affected healthcare providers, 2 affected business associates, and one affected a health plan.
Network Server Hacks Affected 662,396 Patients
Healthcare providers:
◈ Lawrence General Hospital: affected 176,587 patients
◈ Donghyun Noh DMD, LLC d/b/a Pristine Dental: affected 1,428 patients
◈ Methodist Hospital of Southern California: affected 39,881 patients
◈ The GEO Group Inc.: affected 3,991 patients
◈ Chesapeake Regional Healthcare: affected 24,000 patients
◈ Seeley Enterprises Company: affected 16,196 patients
◈ PhySynergy LLC: affected 3,667 patients
◈ AspenPointe, Inc.: affected 295,617 patients
◈ Bayhealth Medical Center, Inc.: affected 78,006 patients
◈ Planned Parenthood of Metro Washington: affected 500 patients
◈ Indian Health Council Inc.: affected 5,769 patients
Business associates:
◈ US Fertility LLC: affected 5,439 patients
◈ Golden Gate Regional Center: affected 11,315 patients
Email Hacks Affected 195,929 Patients
Healthcare providers:
◈ Peachtree Immediate Care FP, LLC: affected 1,462 patients
◈ Louisiana State University- Health Care Services Division: affected 8,000 patients
◈ Legacy Community Health Services: affected 3,076 patients
◈ Paragon Health, P.C.: affected 685 patients
◈ Northpoint Recovery Holdings, LLC: affected 1,866 patients
◈ Mercy Iowa City: affected 92,795 patients
◈ People Incorporated: affected 27,500 patients
Health plans:
◈ Tufts Health Plan: affected 60,545 patients
Other Hacks Affected 28,320 Patients
Healthcare providers:
◈ Cornerstones of Care: affected 15,680 patients
◈ Jekyll Island-State Park Authority – Jekyll Island Fire/EMS: affected 1,881 patients
◈ Galstan & Ward Family and Cosmetic Dentistry: affected 10,759 patients
November Healthcare Breaches and Unauthorized Access/Disclosures
In November, there were 19 incidents related to the unauthorized access or disclosure of protected health information. 9 of these incidents affected healthcare providers, 5 affected business associates, and 5 affected health plans.
Paper/Films Unauthorized Access/Disclosure Affected 80,519 Patients
Business associates:
◈ Presbyterian Health Plan: affected 3,557 patients
◈ One Touch Point: affected 28,658 patients
◈ Harvard Pilgrim Health Care, Inc.: affected 8,022 patients
◈ Herron Business Law: affected 1,419 patients
Health plans:
◈ CareSource West Virginia Co: affected 1,587 patients
◈ CareSource Kentucky Co: affected 8,320 patients
◈ CareSource Indiana, Inc: affected 10,021 patients
◈ CareSource Health Plan: affected 8,730 patients
◈ Kaiser Foundation Health Plan of Georgia, Inc.: affected 10,205 patients
Network Server Unauthorized Access/Disclosure Affected 59,337 Patients
Healthcare providers:
◈ Bruce L. Boros, M.D., P.A. DBA Advanced Urgent Care: affected 58,823 patients
Business associates:
◈ The Tree House Child Advocacy Center of Montgomery County: affected 514 patients
Email Unauthorized Access/Disclosure Affected 18,945 Patients
Healthcare providers:
◈ Brazos Valley Plastic Surgery: affected 2,255 patients
◈ Delaware Department of Health and Social Services, Division of Public Health: affected 9,930 patients
◈ Conway Regional Health System: affected 2,945 patients
◈ Lake County Health Department and Community Health Center: affected 3,815 patients
Electronic Medical Record Unauthorized Access/Disclosure Affected 4,530 Patients
Healthcare providers:
◈ Hillcrest Nursing Center: affected 1,030 patients
◈ ProMedica Bixby Hospital: affected 3,500 patients
Other Unauthorized Access/Disclosure Affected 2,784 Patients
Healthcare providers:
◈ Bardstown Primary Care dba: Physicians to Children & Adolescents: affected 859 patients
◈ Bilingual Psychological Associates, PC: affected 1,925 patients
November Healthcare Breaches and Theft, Loss, and Improper Disposal
November healthcare breaches were also caused by the theft, loss, or improper disposal of PHI, all of which affected healthcare providers. 2 incidents involved theft, 2 involved loss, and one involved the improper disposal of PHI.
Paper/Films Theft and Improper Disposal Affected 2,524 Patients
Healthcare providers:
◈ Walmart Inc.: affected 524 patients
◈ Physicians Apothecary: affected 2,000 patients
Other Theft/Loss Affected 102,529 Patients
Healthcare providers:
◈ Jonathan Woolfson, MD, PC: affected 2,000 patients
◈ Hi-Tech Artificial Limbs, Inc..: affected 529 patients
◈ Alamance Skin Center: affected 100,000 patients
