Healthcare Information Security

Latest Health Data Breaches News

Potential PHI Exposure at BJC HealthCare Impacts 33K

March 15, 2018 - An internal security scan revealed that there was a data server configuration error, allowing potential PHI exposure at BJC HealthCare. The Missouri-based organization revealed in an online statement that 33,420 patients may have had their information made publicly accessible through the internet. Identifying documents were accessible without the appropriate security controls from May 9, 2017,...


134K Possibly Affected in St. Peter’s Server Data Breach


An unauthorized third party gained access to St. Peter’s Surgery & Endoscopy Center (the Center) servers on January 8, 2018, according to an online statement. The potential data breach was discovered on the same day of the infiltration,...

Reported Kansas PHI Data Breach Could Involve Info of 11K


An unauthorized email from a Kansas Department for Aging and Disability Services (KDADS) employee was sent to a group of business associates, which created a possible PHI data breach, according to a KDADS online statement. KDADS became aware...

70K Notified in Tufts Health Plan Data Breach in Vendor Error


A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards were...

Healthcare Ransomware Attack Affects 6.5K at AL Practice


A healthcare ransomware attack allowed an unknown hacker to gain access to EMR software containing patient medical records, Jemison Internal Medicine, PC (JIM) announced on its website. The Alabama-based practice said the virus encrypted its...

CarePlus Health Reports PHI Data Breach Impacting 11K


A series of programming and printing errors resulted in Explanation of Benefits (EOB) letters being sent to the incorrect CarePlus Health Plan members, an organization spokesperson confirmed to Approximately 11,200 individuals...

36K Notified of Potential Healthcare Data Breach from Mailing Error


A mailing error has led to a potential healthcare data breach for Triple-S Advantage (Triple-S) members, according to an online company statement. The Puerto Rico-based organization is an independent licensee of the BlueCross BlueShield Association....

Timothy Noonan Named OCR Acting Deputy Director


The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently named Timothy Noonan as the new OCR acting deputy director for health information privacy (HIP). Noonan has been in the position since January 29, 2018,...

Decatur County General EMR Security Incident Impacts 24K


Tennessee-based Decatur County General Hospital experienced an EMR security incident when unauthorized software was installed on the server the EMR vendor supports on the organization’s behalf. Decatur County received a security incident...

Retirement Community Reports Potential PHI Data Breach for 5.2K


Maryland-based Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (Ingleside) experienced a possible PHI data breach when it was targeted by a malware attack, according to an online statement. Ingleside discovered the malware...

Symantec, VMware Named Best in KLAS for Data Security Solutions


The Best in KLAS Awards were announced earlier this week, with Symantec, VMware, and Imprivata being named to the top slots of various data security solutions categories. KLAS took data from 2,500 interviews it conducts with providers and payers...

Patient Data Likely Unaffected in Adams Health Ransomware Attack


Indiana-based Adams Health Network experienced a ransomware attack on January 11, the organization confirmed in an online statement. CEO Jo Ellen Eidam said that a virus was put on the computer systems but patient care was not interrupted and...

Allscripts Ransomware Attack Impacts Limited Number of Applications


UPDATE: An Allscripts spokesperson emailed an additional update to on January 26, 2018 about the ransomware attack.  An Allscripts ransomware attack was reported on January 18, 2018, with certain applications made inaccessible....

Onco360 Email Data Security Incident Impacts 53K Patients


Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email...

Potential WV Health Data Breach from Laptop Theft Affects 43K


West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s automobile...

Kathryn Marchesini Named New ONC Chief Privacy Officer


The Office of the National Coordinator (ONC) announced through an internal email that Katheryn Marchesini, JD, had been appointed to the ONC Chief Privacy Officer position. National Coordinator Donald Rucker, MD explained that Marchesini is an...

29K Impacted by SSM Health Data Breach from Unauthorized Access


St. Louis, Missouri-based SSM Health recently reported that it experienced a potential data breach after an employee accessed patient records without authorization. The access occurred between February 13, 2017 and October 20, 2017 when the employee...

Ransomware Attack Raises Health Data Security Worry for 2.6K


Columbus, Nebraska-based Eye Physicians, P.C. experienced a ransomware attack on October 7, 2017 that encrypted files on some of its servers. The organization was able to immediately restore servers through a backup, it explained in an online...

PA Security Breach from Missing External Hard Drive Affects 4.1K


Pennsylvania-based Washington Health System (WHS) Greene recently announced that a missing external hard drive has created security breach concerns at the organization. The device was for the Bone Densitometry machine and contained certain patient...

Unauthorized Server Access Creates Data Security Concern for 47K


Carl Albert State College (CASC) is re-notifying certain individuals of unauthorized server access from 2016 that may create data security concerns. CASC explained in an online statement that the server was accessed on April 7, 2016. It...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks