Healthcare Information Security

Latest Health Data Breaches News

Ransomware Attack Raises Health Data Security Worry for 2.6K

Recent potential health data security breaches include a ransomware attack, a phishing scam, and two lost USB memory sticks.

health data security breaches ransomware attack

Source: Thinkstock

By Elizabeth Snell

- Columbus, Nebraska-based Eye Physicians, P.C. experienced a ransomware attack on October 7, 2017 that encrypted files on some of its servers. The organization was able to immediately restore servers through a backup, it explained in an online statement.

“We take the security of all information in our systems very seriously, and want to assure you that we have taken steps to prevent a similar event from occurring in the future,” Eye Physicians, P.C. stated. “This includes an in-depth network security assessment by an outside IT security consultant, as well as improved hardware and software upgrades.”

Potentially accessed information includes patient names, dates of birth, and ophthalmic imagery. Social Security numbers, financial transactions, and payment information were not involved, the organization added.

An investigation from forensics experts did not reveal that any data was accessed, but Eye Physicians said that the possibility could not be completely ruled out.

The OCR data breach reporting tool states that 2,620 individuals may have been impacted.

Potential PHI breach reported by OH health system

Mount Carmel Health System recently announced on its website that 836 former bariatric patients may have had their information involved in a possible PHI breach.

A Mount Carmel Bariatric Program employee sent a “save the date” email on October 26, 2017. The employee reportedly wanted to send the “save the date” to individual recipients of the Mount Carmel-sponsored 2017 bariatric social event at Grange Insurance Audubon Center. However, the email displayed all recipients’ email addresses.

The organization maintained that telephone numbers, Social Security numbers, dates of birth, home addresses, and financial information were not involved.

The employee tried to immediately retract/recall the email. Email recipients were asked to delete the message and not forward or share the email.

“All employees are required to undergo training appropriate to perform the services that they provide,” Mount Carmel explained. “Nevertheless, Mount Carmel is further analyzing procedures and will take corrective measures as necessary to ensure that instances like this are prevented in the future. The health system is reevaluating processes for contacting individuals who might be interested in bariatric social events.”

Phishing scam hits CO facility

The Colorado Mental Health Institute at Pueblo (CMHIP) had a staff member fall for a phishing scam, which has the potential to affect 650 patients, according to a KOAA report.

CMHIP told the news station that the phishing attack occurred on November 1, 2017. An investigation was launched the next day but it could not be determined whether information was acquired or viewed.

Potentially compromised information includes names, dates of birth, Social Security numbers, addresses, phone numbers, insurance information, and admission and discharge dates.

Specific actions were not disclosed, but the news source stated that CMHIP had addressed the incident with the employee.

New safeguards have also been put in place, including technical safeguards and additional staff training.

University of Alabama clinic incident may impact 600 patients

The University of Alabama (UAB) Viral Hepatitis Clinic experienced a potential data breach that may have exposed the PHI of 652 patients.

Two USB drives were reported as lost on October 25, 2017, according to an report. The drives were used to transfer electronic data from a Fibroscan machine that evaluates liver disease to a computer.

It is not currently known whether the information on the drives was accessed or viewed by an unauthorized individual.

Patient first and last names, dates of birth, gender, diagnoses, dates and times of examinations, and numbers and images associated with test results may have been exposed. The referring physician’s name may also have been involved in a few cases.

Social Security numbers, financial/banking information, addresses, and telephone numbers were not involved.

"We care deeply for our patients' wellbeing and their quality of life," a UAB letter stated, according to the news source. "UAB Medicine takes the protection of our patients' PHI very seriously and sincerely regrets this possible exposure.”

“We conducted an extensive search for the USB sticks and continue to investigate the incident,” UAB continued. “We have implemented measures to prevent a similar breach in the future and will continue to evaluate our operations."


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...