The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) publicly displays breaches affecting 500 or more patients on their breach portal. In October, there were 59 breaches reported, affecting 2,088,686 patients. More details about the October healthcare breaches are discussed.

October Healthcare Breaches: What Type of Entity Was Affected

October Healthcare Breaches

The majority of October healthcare breaches affected healthcare providers, with 51 incidents affecting 1,038,202 patients. The second most affected group were business associates, with 6 incidents affecting 962,779 patients. Although there were significantly less business associates breaches than healthcare providers, the business associate breaches were of larger scale. Additionally, there was one breached healthcare clearinghouse affecting 45,732 patients, and 3 breached health plans affecting 41,973 patients.

October Healthcare Breaches: Hacking/IT Incidents

Hacking in healthcare has become the leading cause of breaches, and October was no different.

October Healthcare Breaches

The majority of October healthcare breaches occurred due to hacking/IT incidents, with 43 incidents affecting 2,024,988 patients. Of these incidents, 35 targeted healthcare providers, 5 targeted business associates, 2 targeted health plans, and 1 targeted a healthcare clearinghouse.

Network Server Hacks Affected 1,581,560 Patients

Healthcare Providers:

Yale New Haven Hospital: affected 15,904 patients

AdventHealth Shawnee Mission: affected 28,766 patients

Provider Health Services: affected 1,700 patients

Ascend Clinical, LLC: affected 77,443 patients

OSF HealthCare System: affected 94,171 patients

Arkansas Methodist Medical Center: affected 4,916 patients

Geisinger: affected 86,412 patients

Stamford Hospital: affected 1,050 patients

Bonnie Brae: affected 884 patients

Passavant Memorial Homes, Inc.: affected 25,000 patients

Lawrence + Memorial Hospital: affected 21,617 patients

The Medical College of Wisconsin, Inc.: affected 5,655 patients

Greenwich Hospital: affected 95,000 patients

Froedtert & the Medical College of Wisconsin Community Physicians, Inc.: affected 3,074 patients

The Opportunity Alliance: affected 4,500 patients

Body by RAvi Plastic Surgery and Aesthetics: affected 2,618 patients

Adults and Children with Learning and Developmental Disabilities, Inc.: affected 603 patients

Sisters of Charity of St. Augustine Health System: affected 118,874 patients

First Impressions Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut PLLC: affected 23,000 patients

Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut, PLLC: affected 5,000 patients

Rady Children’s Hospital – San Diego: affected 19,788

Let’s Simplify Compliance

HIPAA compliance and cybersecurity go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

Business Associates:

Timberline Billing Service, LLC: affected 116,131 patients

Luxottica of America Inc.: affected 829,454 patients

Email Hacks Affected 219,367 Patients

Healthcare Providers:

State of North Dakota: affected 35,416 patients

Centerstone of Indiana, Inc.: affected 11,638 patients

Centerstone of Tennessee, Inc.: affected 50,965 patients

Perry County Memorial Hospital: affected 501 patients

Intellirad Imaging, LLC: affected 1,862 patients

DJO, LLC: affected 3,429 patients

Center for Autism and Related Disorders: affected 1,440 patients

Einstein Healthcare Network: affected 1,821 patients

Cedar County, Iowa Board of Supervisors : affected 1,138 patients

Virginia Cancer Institute Incorporated: affected 6,258 patients

Business Associates:

Lycoming-Clinton Joinder Board Programs: affected 14,500 patients

Practice Transformation Solutions, LLC: affected 1,678 patients

Practice Transformation Solutions, LLC: affected 1,016 patients

Health Plans:

Connecticut Department of Social Services: affected 37,000 patients

Milestone Electric, Inc.: affected 4,973 patients

Healthcare Clearinghouse:

Georgia Department of Human Services: affected 45,732 patients

Other Hacks Affected 224,061 Patients

Healthcare Providers:

Northwest Eye Surgeons, P.C. and Sight Partners LLC: affected 20,838 patients

Heavenly Hands Family Medical Clinic: affected 2,000 patients

Presbyterian Healthcare Services: affected 193,223 patients

MK Periodontics and Implants: affected 8,000 patients

October Healthcare Breaches: Unauthorized Access/Disclosures

Incidents of unauthorized access or disclosures occur when protected health information (PHI) is accessed or disclosed for purposes other than for treatment, payment, or healthcare operations. These can either be accidental, when an employee sends patient information to an entity unintentionally, or purposely, when an employee accesses or discloses PHI for personal or financial gain. In October, there were 11 incidents of unauthorized access/disclosures, affecting 52,862 patients, all of which affected healthcare providers.

Unauthorized Access/Disclosures Through Email Affected 32,932 Patients

Tri-State Specialists, LLP: affected 17,050 patients

Allergy & Asthma Center: affected 711 patients

Arkansas Otolaryngology Center, PA: affected 12,000 patients

University of Michigan/Michigan Medicine : affected 1,062 patients

Premier Health Partners: affected 749 patients

Clinical & Forensic Consultation, LLC d/b/a Thriveworks Bristol, Johnson City, and Knoxville: affected 1,360 patients

Unauthorized Access/Disclosures to Paper/Films Affected 14,420 Patients

Community Clinic of Maui: affected 1,784 patients

Beaufort Memorial Hospital: affected 12,636 patients

Other Unauthorized Access/Disclosures Affected 5,510 Patients

Mary Rutan Hospital: affected 1,677 patients

McLaren Oakland: affected 2,219 patients

Mayo Clinic: affected 1,614 patients

October Healthcare Breaches: Other

Other October healthcare breaches were caused by theft of PHI, or improper disposal of PHI. There were 4 incidents of theft affecting 6,546 patients, and one incident of improper disposal affecting 4,290 patients. All of these breaches solely affected healthcare providers.

Theft of PHI Affected 6,546 Patients

WellMed: affected 591 patients

Health and Wellness Clinic, PLLC: affected 885 patients

Coast Dental: affected 1,700 patients

My Choice Housecalls, LLC: affected 3,370 patients

Improper PHI Disposal Affected 4,290 Patients

Jemez Health & Human Services: affected 4,290 patients

Need Help with HIPAA?

Let our complete HIPAA solution handle it.