Healthcare Information Security

Latest Health Data Breaches News

20,000 Patients Impacted by Ransomware Attack on Illinois Specialist

Two errors involving paper records were behind two breach notifications this week, while ransomware continues to hit the healthcare sector.

healthcare data breach notification

By Jessica Davis

- The Center for Vitreo-Retinal Diseases in Illinois recently began notifying 20,371 patients that their data was potentially breached after a ransomware attack in September.

On September 18, officials discovered a ransomware attack infected the provider’s servers. An investigation was launched to determine if patient data was at risk and found an unauthorized user may have gained access to the servers.

While there was no evidence the hacker viewed patient files, officials said they could have viewed or accessed the data. The breached data included names, dates of birth, insurance information, health data and addresses, phone numbers. Social Security numbers were compromised for Medicare patients involved in the breach.

The incident was reported to the Department of Health and Human Services on Nov. 16 and all patients have been notified. Officials said they’ve taken steps to “prevent a similar event from occurring in the future.”

San Mateo Medical Center Reports Privacy Breach

About 5,000 San Mateo Medical Center patient records were breached after a staff member at the Daly city Clinic left a box of patient records under her desk overnight.

According to officials, housekeeping mistook the box for garbage and put the documents into the recycling bin instead of the confidential area for shredding. The medical center couldn’t determine what patient records were contained in the box, so all patients have been notified as a precautionary effort.

SMMC officials have since retrained staff about the shredding process around patient records and reinforced that patient records cannot remain out overnight. Further, officials have eliminated the use of recycling bins to prevent a future incident.

Two clinic site visits were conducted by officials on November 8 and 16, where the “clinic manager for Daly City instructed that recycling bins no longer be used and confidential information be immediately placed in a confidential shred bin.”

Mailing Error Breaches 2,100 Patient Records of Texas Specialist

OrthoTexas Physicians and Surgeons, an orthopedic and sports medicine practices network, recently notified 2,172 patients of a mailing error that potentially breached their personal data.

Officials discovered an error made in a mass mailing sent out on October 5. The letters notified patients that a new physician had joined the practice and would treat patients who visit the Plano and Frisco, Texas locations.

The letters were incorrectly dated August 27 and placed in the wrong envelopes by OrthoTexas’ mailing vendor. One patient name was disclosed to another patient during the incident.

Mailing errors have plagued the healthcare sector in recent years. Earlier this year, Samba, a federal benefit association, notified nearly 14,000 patients after IRS tax forms were sent to the wrong recipient.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...