Healthcare Information Security

Latest Health Data Breaches News

Computer Virus Potentially Exposes PHI of 2.5K at OR Clinic

Recent potential health data breaches include three instances of exposed PHI, with one stemming from a computer virus and another from a stolen hard drive.

PHI Data Breaches

Source: Thinkstock

By Kate Monica

- A technician at Lane Community College health clinic recently discovered a computer virus, which may have exposed the PHI of some patients, according to an online statement.

The Oregon college health clinic stated the virus may have been sending the names, addresses, phone numbers, diagnoses, and Social Security numbers to an unknown third party for over a year.

LCC has since notified potentially impacted patients of the virus, which had infected the computer from March of 2016 to February 3, 2017.

 “We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

After thoroughly inspecting about 20 other computers at the health clinic, LCC authorities confirmed only one computer was infected by the virus. Approximately 2,500 individuals were notified that their information may have been exposed, the Register-Guard reported.

READ MORE: VA University Health System Security Breach Impacts 2.7K

To mitigate any further problems, LCC advised patients monitor their bank accounts for suspicious activity and report any perceived threats to the police. The college health clinic also suggested patients report the data breach to their banks, credit bureaus, and credit card companies.

UNC Health Care System data breach impacts 1.3K

On March 20, 2017, University of North Carolina Health Care began notifying patients of a potential data breach at two UNC Health Care obstetric clinics. The PHI of 1,300 prenatal patients was inadvertently transmitted to local county health departments, UNC Health Care said in an online statement.

Patients not eligible for Medicaid who completed Pregnancy Home Risk Screening Forms at their clinical visits between April 2014 and February 2017 at the Women’s Clinic at N.C. Women’s Hospital and UNC Maternal-Fetal Medicine at Rex may have been impacted by the breach, according to UNC Health Care System officials.

“If you completed a Pregnancy Home Risk Screening Form, it may have included information about you, such as demographic information (like your name and address), your race and ethnicity, your Social Security Number, information about your physical and mental health, sexually transmitted diseases, your HIV status, smoking, drug and alcohol use, and medical diagnosis information related to your pregnancy and any prior pregnancies,” UNC Health Care said in the notification letter.

Following the incident, UNC Health Care has set up a call center for concerned patients. Additionally, the health system adjusted its process for submitting patient pregnancy forms to ensure only those completed by patients eligible for Medicaid are sent to county health departments.

READ MORE: Metropolitan Urology Ransomware Attack Affects 18K Patients

All relevant staff members have also completed training on the newly modified procedure.

UNC Health Care has requested all county health departments erase electronic health information on non-Medicaid patients from their systems.

Back-up hard drive containing health information stolen from Funds office

Local 693 Plumbers & Pipefitters Benefit Funds Office recently announced that a back-up hard drive containing the information of 1,291 current and former plan participants, beneficiaries, and union members was reportedly stolen on or around January 20, 2017.

Authorities discovered the hard drive was missing on January 23, 2017 after becoming aware the office had been broken into.

Along with some personal health information, data on the hard drive included full names, addresses, telephone numbers, and Social Security numbers.

The Funds Office has since reported the incident to the South Burlington Police Department.

READ MORE: Allina Health Privacy Incident Possibly Exposes Patient Info

 So far, there is no evidence to suggest the personal information of any impacted individuals has been misused in any way, the statement explained.

The Funds Office sent letters notifying potentially affected individuals of the incident. The organization also added security features to all its offices to prevent similar incidents from happening in the future and encrypted all backed-up data containing personal information.

All back-up hard drives have also been replaced with cloud-based back-up systems.

Along with its letter, the organization posted a notice on its website informing concerned participants of actions they can take to protect against identity theft and fraud moving forward.

Houston Methodist Cancer Center sends email revealing patient data

On March 16, 2017, Houston Methodist Cancer Center notified patients of an email sent the week prior showing the addresses of all recipients, potentially exposing the identities of these individuals to the public.

"On March 9, 2017, one of our employees unintentionally disclosed your email address to 1,416 other patients, and associated it with the Houston Methodist Cancer Center while requesting follow-up information,” stated the letter, a copy of which was posted by the Houston Chronicle. “Instead of protecting your identifying information (for example using the bcc feature to ‘blind your e-mail address), as required by our policies, the email addresses of all intended recipients were placed in the ‘cc’ section, making the email addresses visible," the letter said.

"Again, the only identifying information disclosed was your email address; no financial information (such as your social security number or your medical record number) or demographic information (such as your home address or date of birth) was included."

The hospital’s investigation discovered the error the same day it was made, and said that its attempt to redact the emails was unsuccessful.

"We deeply regret any concerns you might have as a result of exposing your email address and associating it with the Cancer Center,” the letter read. “We are sharing this information to be sure you know that we have extensive safeguards in place to protect the privacy and security of our patients' health information and we continually review and update our security safeguards.”

Houston Methodist added that it is looking into adding additional technical safeguards to prevent this type of incident from happening in the future. The organization said it is also retraining appropriate staff on such matters.  


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks