Healthcare Information Security

Latest Health Data Breaches News

Michigan Medicine Reports 2nd Healthcare Data Breach This Year

Latest healthcare data breaches include the second data breach this year for Michigan Medicine, a 2-year data breach at Tillamook Chiropractic, and 10,000 customers of MedCall exposed in another leaky AWS bucket.

healthcare data breach

Source: Thinkstock

By Fred Donovan

- The University of Michigan’s Michigan Medicine reported to OCR on Sept. 28 that there was an unauthorized access/disclosure of paper records that affected 3,624 individuals.

In a press release, Michigan Medicine said that there was a mailing error that may have exposed patient names and contact information.

On Sept. 4, Michigan Medicine discovered fundraising letters being sent to patients were incorrectly processed by the vendor, which resulted in letters being mailed to the wrong address.

Michigan Medicine said that the letters contained patient name, address phone number, and/or email address. It stressed that no Social Security information, credit or debt card numbers, or bank accounts were exposed because of the error.

This is Michigan Medicine’s second data breach reported to OCR this year. The first one, announced in June, involved the theft of an unencrypted laptop with PHI, affecting around 870 patients.

READ MORE: MGH Study Finds Major Increase in US Healthcare Data Breaches

The laptop contained PHI that was collected for research, including patient names, birthdates, medical record numbers, gender, race, diagnoses, and other treatment information. However, it did not contain patient addresses, phone numbers, Social Security numbers, payment card numbers, or bank account numbers.

Tillamook Chiropractic Cops to 2-Year Data Breach Affecting 4K

Oregon-based Tillamook Chiropractic Clinic discovered on Aug. 3 that a computer network breach had occurred at its offices more than two years earlier, resulting in the theft of 4,058 patient records, according to

Attackers used malware installed on the primary insurance billing system on May 24, 2016, to steal patient records, including patient names, diagnoses, lab results, medications, home addresses, work addresses, phone numbers, drivers’ licenses, dates of birth, social security numbers for Medicare patients only, insurance billing information, bank routing numbers and account numbers, and employee payroll data.

In response to the breach, Tillamook Chiropractic Clinic has modernized and upgraded its systems, updated its policies, and notified affected individuals.

Rebound Orthopedics Email Hack Puts PHI on 2,800 Patients at Risk

Washington-based Rebound Orthopedics and Neurosurgery said that an email hack may have exposed Social Security numbers and health information on 2,800 patients, reported The Columbian newspaper.

READ MORE: UMass Memorial to Pay $230,000 for Healthcare Data Breaches

Rebound explained that on May 22 a hacker broke into an employee’s email account and accessed patient names, dates of birth, social security numbers, drivers’ license numbers, financial account information, and limited health information.

Rebound said it was providing free identity theft protection and credit monitoring services to those impacted by the breach.

The clinic said it is providing employee training and testing, enabling dual-factor authentication, and implementing forced email password change policy to prevent future incidents.

MedCall Exposes Data on 10K Customers Through Leaky AWS Bucket

MedCall Healthcare Advisors has suffered another data breach in less than a month from a leaky Amazon S3 storage bucket, reported

MedCall is an emergency care medical service using communication technology to connect anyone experiencing a medical event with an emergency medicine physician. 

READ MORE: Independence Blue Cross Admits to Healthcare Data Breach

Information on around 10,000 MedCall customers was available for anyone to download, delete, or edit, discovered security researcher Britton White. Information exposed included patient’s name, email address, postal address, phone number, gender, date of birth, and Social Security number.

Also exposed were recordings of patient evaluations/conversations with doctors, and records completed by doctors following patient or injured employee contacts, which contained information on medications, allergies, and the nature and detail of their complaint.

In the previous breach, PII on nearly 3,000 customers was stored in an unsecured Amazon S3 storage bucket.

Billing Printing Error Compromises 206 Jackson  Hospital Patients

Florida-based Jackson Hospital said that 206 patients were affected by a data breach caused by a billing printing error, the Jackson County Floridian reported.

Information bled from one page of the patient billing statements to the back of another statement page sent to others in the billing cycle. Healthcare Resource Group (HRG), the service provider who handled the billing, informed the hospital about the problem in mid-August.

The exposed information included names, addresses, and a description of services rendered, but did not include Social Security numbers, birthdates, or medical conditions, according to the report.

“Patients were notified in a written letter from the third-party provider, HRG, with details about the matter,” said Jackson Hospital Director of Public Relations and Marketing Amy Milton in a statement.

“Following the HIPAA notification process, the patients have been alerted about the personal information that had been released … Steps have been taken by HRG to improve processes and prevent future printing errors,” Milton added.

Mailing Error Puts Data on Lincoln Pulmonary Patients at Risk 

Pulse System, a Missouri-based medical billing company, reported to OCR on Sept. 19 that an unauthorized disclosure of paper records affected 722 individuals.

Patient names and procedure information were mixed up on statements sent after July 27, the Lincoln Journal Star reported. The error impacted patients from Lincoln Pulmonary and Critical Care, although it was not clear if all the 722 individuals were Lincoln patients, the newspaper said.

Pulse Systems said it had taken steps to address the problem and update its technology. Those affected were notified by letter.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...