Healthcare Information Security

Latest Health Data Breaches News

Stolen Patient Records in OH Lead to Potential PHI Breach

Some recent PHI breaches involved cases of stolen patient records and laptops, unattended medical files, and hackers accessing an EHR system.

By Jacqueline LaPointe

- An Ohio-area dental practice has notified 7,784 individuals of a potential PHI breach after patient records were stolen, reported the Office of Civil Rights on its website.

Stolen patient records caused a possible PHI breach in Ohio

In a HIPAA breach notification letter, Sunbury Plaza Dental explained that its secured storage unit containing business and patient records was burglarized sometime between March 10 and March 20.

The dental practice was unaware of the possible breach until law enforcement officials notified them on May 25. The officers confirmed that some patient records were stolen from the storage unit, but the majority of records were not removed.

The patient files contained personally identifiable information, such as names, addresses, dates of birth, and Social Security numbers, as well as some healthcare data.

Sunbury Plaza Dental stated that the suspects likely stole the records to commit identity fraud. Although, the practice has recovered all patient files involved in the incident.

READ MORE: Brand New Day Data Breach from Vendor System Access

To prevent future healthcare data security incidents, the dental practice has updated its policies and procedures for safeguarding patient information and partnered with law enforcement agencies to investigate the break-in.

Due to the sensitive nature of the exposed information, Sunbury Plaza Dental has also offered affected individuals complimentary identity monitoring services for a year.

5 stolen laptops lead to healthcare data security concerns in Texas

A break-in at a Texas-based medical office has led to a potential healthcare data breach affecting 2,900 individuals.

In a notice on its website, StarCare Specialty Health System reported that one or more burglars broke into its East Broadway office in Lubbock, Texas on May 30 and stole five laptops. One of the stolen computers contained confidential patient information and it was not encrypted.

READ MORE: 2016 Record Data Breach Year, Attackers Less Healthcare-Focused

The burglars may have also viewed patient records that were in a box.

Names, medical record numbers, telephone numbers, diagnoses, admission and discharge dates, dates of birth, Social Security numbers, and Medicare and Medicaid numbers may have been viewed by the outside parties.

Upon discovering the incident, StarCare Specialty Health System disabled the stolen laptop containing patient information. The healthcare system also stated that it is improving the office’s security features and encrypting all of its computers.

While StarCare Specialty Health System does not have evidence that patient information has been misused, it has mailed notification letters to all affected individuals and offered them a year of free identity monitoring services.

Texas medical group notifies 1,326 patients of possible PHI breach

READ MORE: Allina Health Privacy Incident Possibly Exposes Patient Info

A former employee at a medical group in Texas may have inadvertently exposed PHI for some individuals after leaving patient records at his previous home, explained the Premier Physicians Group.

The medical group discovered in April that a previous employee, Mario Gross, MD, had left patient records at his former residence after he moved away from the area. Possession of the house was transferred to a local bank, indicating that that PHI was left unsupervised at the residence.

After learning of the incident, Premier Physicians Group removed and secured the patient files. However, PHI such as names, dates of birth, medical record numbers, Social Security numbers, clinical data, and medical insurance information may have been inappropriately viewed by an outside entity.

The Office of Civil Rights reported that 1,326 individuals were affected by the healthcare data security event.

The medical group stated that there has been no evidence that patient information was misused or accessed by unauthorized persons.

In response to the incident, Premier Physicians Group has notified all affected patients and taken steps to increase healthcare data security.

“This includes reviewing and modifying our policies and procedures, educating our medical staff about the incident and tasking them with reviewing and updating their own controls over patient records, and reminding our workforce about the rules and procedures for protecting patient records,” the statement explained.

“The privacy and protection of patients’ personal information will continue to be a top priority for us.”

Hacking incident causes potential EHR breach in Georgia

Athens Orthopedic Clinic in Georgia has experienced a potential EHR breach after a healthcare cybersecurity incident occurred in June, according to a notice on its website.

The orthopedic clinic explained that an external entity had launched a cyberattack on its EHR system using a third-party vendor’s credentials.

Medical record information for some current and former patients that may have been accessed in the hacking event included names, addresses, Social Security numbers, dates of birth, telephone numbers, and, in some cases, diagnoses and partial medical histories.

The practice did not disclose how many individuals were affected by the healthcare data security incident.

Athens Orthopedic Clinic stated that it has called on cybersecurity experts to investigate the attack and assess their systems. It has also started to implement the cybersecurity firm’s recommendations to improve their healthcare data security.

“We are in the process of notifying the affected patients, and deeply regret any stress this may cause our patients,” Kayo Elliott, CEO of Athens Orthopedic Clinic told

“Rest assured that we are taking all necessary measures to ensure that any resulting damage is limited to the extent possible and working to retain your trust in our practice. We advise that our patients contact credit reporting agencies to create a fraud alert as soon as possible; we have posted a statement on our website that includes credit reporting agency contact information.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...