DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HealthSource of Ohio data leak exposed 8,800 patients' information

Posted on March 13, 2014 by Dissent

HealthSource of Ohio, a private, not-for-profit community health center experienced a privacy breach in November 2013 that affected 8,845 patients. The incident was added to HHS’s public breach tool this week.

According to a statement posted on their website on or after February 26th, HSO uses a web-based program to provide information to patients calling with billing questions.  On December 24, however, they discovered that file information from 2004 through 2013 had been unprotected and available to unauthorized individuals searching the Internet from November 18, 2013 through December 24, 2013.

HSO disabled the site access and immediately secured the information so that it can only be accessed by qualified HSO staff.

The unsecured file contained demographic and personal identifying information such as names, account numbers, addresses and phone numbers. Additional information such as dates of birth, social security numbers, credit card numbers and some limited healthcare information appeared in some individual call entries. HSO’s investigation showed that the file was viewed 47 times.

“The privacy and security of patients’ personal and healthcare information is very important to HSO. Individuals who called HSO’s patient accounting staff during the time period above with questions about their account should examine their personal and financial information, such as credit card accounts and accounts with financial institutions for unusual or unauthorized activity. Patients can contact HealthSource of Ohio toll-free at 1-800-495-7647 for further information,” HSO told those affected.

In its submission to HHS, HSO listed Pair Networks as the business associate, but that does not mean that the breach was due to any error on Pair Networks’ part. It may simply have been reported because that’s where the file was hosted. Pair Networks’ terms of service in their contract makes account security the sole responsibility of the customer.

 


Related:

  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Category: Health Data

Post navigation

← Courts Reining In What it Means to be a “Hacker” Under the Computer Fraud and Abuse Act (CFAA)
Former patient sues St. Helena Hospital over alleged privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.