DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HealthSource of Ohio data leak exposed 8,800 patients' information

Posted on March 13, 2014 by Dissent

HealthSource of Ohio, a private, not-for-profit community health center experienced a privacy breach in November 2013 that affected 8,845 patients. The incident was added to HHS’s public breach tool this week.

According to a statement posted on their website on or after February 26th, HSO uses a web-based program to provide information to patients calling with billing questions.  On December 24, however, they discovered that file information from 2004 through 2013 had been unprotected and available to unauthorized individuals searching the Internet from November 18, 2013 through December 24, 2013.

HSO disabled the site access and immediately secured the information so that it can only be accessed by qualified HSO staff.

The unsecured file contained demographic and personal identifying information such as names, account numbers, addresses and phone numbers. Additional information such as dates of birth, social security numbers, credit card numbers and some limited healthcare information appeared in some individual call entries. HSO’s investigation showed that the file was viewed 47 times.

“The privacy and security of patients’ personal and healthcare information is very important to HSO. Individuals who called HSO’s patient accounting staff during the time period above with questions about their account should examine their personal and financial information, such as credit card accounts and accounts with financial institutions for unusual or unauthorized activity. Patients can contact HealthSource of Ohio toll-free at 1-800-495-7647 for further information,” HSO told those affected.

In its submission to HHS, HSO listed Pair Networks as the business associate, but that does not mean that the breach was due to any error on Pair Networks’ part. It may simply have been reported because that’s where the file was hosted. Pair Networks’ terms of service in their contract makes account security the sole responsibility of the customer.

 

No related posts.

Category: Health Data

Post navigation

← Courts Reining In What it Means to be a “Hacker” Under the Computer Fraud and Abuse Act (CFAA)
Former patient sues St. Helena Hospital over alleged privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.