|Articles|August 8, 2018
With 860K Affected Patients, July Among Worst Data Breach Months of Year
Author(s)Jack Murtha
Healthcare organizations reported 31 privacy incidents last month.
Advertisement
July was particularly bad for reported healthcare data breaches. With the data of nearly 860,000 patients compromised, the month stood out among the year’s worst for health privacy, with few others even coming close, according to an analysis of government data.
In total, 31 security incidents placed 858,411 individuals at risk, according to records publicized by the U.S. Department of Health & Human Services’ Office for Civil Rights.
>>
Two of the three largest data breaches affected patients of providers — Jefferson City, Missouri’s St. Mary’s Hospital and Nebraska’s Boys Town National Research Hospital — each of whom suffered different kinds of incidents. The second largest data breach, meanwhile, stemmed from a networking breakdown in a company called MedEvolve, which sells software to physicians and larger providers.
Here’s how the data breaches, which are currently under investigation by the Office for Civil Rights, played out in terms of numbers and type. (Also, note that not every healthcare data breach is required to be reported, and not all incidents result in harm or loss to patients. Finally, many of these incidents didn’t occur in July, which is the month when they were reported.)
Improper Disposal: 317,154 Patients
Despite occurring just two times in July, instances of improper disposal affected the most patients, beyond hacking, theft and all of the bogeymen that healthcare is fighting against. (For reference,
So what made July such a rough time for taking out the trash? A single incident at SSM Health St. Mary’s Hospital, Jefferson City, which was reported on July 30 and affected 301,000 patients. The hospital
Hacking/IT Incident: 291,465 Patients
Across 18 incidents, hackers compromised the data of 291,465 patients, according to the Office for Civil Rights.
Aside from one administrative vendor and two health plans, nearly all of the breached institutions were healthcare providers. These incidents occurred in many states, dotting the map, from California to Texas and Arkansas to New Jersey, with breaches. The number of patients affected in each case ranged from several hundred or several thousand to tens or even hundreds of thousands.
But the largest attack jeopardized 105,309 patients of Boys Town National Research Hospital in Omaha, Nebraska. Reported on July 20,
Unauthorized Access/Disclosure: 245,597 Patients
July saw 245,597 patients whose data were caught up in eight unauthorized access/disclosure incidents. Several occurrences affected just a few hundred individuals, but many numbered in the thousands. Like the month’s reported hacks, these worrisome instances took place across the nation.
The majority of affected patients, however, can trace their troubles to Little Rock, Arkansas, where data from 205,434 people were exposed in a network server problem at MedEvolve. The practice-management software developer noticed that a file containing patient information was “inadvertently accessible to the internet,” according to
Theft/Loss: 4,195 Patients
Here, we combined the two categories that typically see the smallest number of patients affected. Rocky Mountain Health Care Services in Colorado reported that a stolen laptop had placed the data of 1,087 people at risk, and Central New York Cardiology had lost documents containing data on 824 individuals.
Get the best insights in healthcare analytics
Related
Newsletter
Advertisement
Related Content
Advertisement
Latest CME
Advertisement
Advertisement
