DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Healthcare breach reports continued to climb in March

Posted on April 14, 2017 by Dissent

Protenus has released their Breach Barometer report for March. The report is based on 39 incidents that reportedly affected 1,519,521 patients’ records.

As noted in recent months, we’ve reached that unhappy stage where we are seeing an average of one or more breach disclosures every day. If this just represented greater transparency, that would be great, but it may also represent an increase in the number of breaches.

On a positive note: almost all of the entities for whom we had date of breach or discovery and date of report reported their breaches within 60 days from date of discovery.  Protenus understandably wonders whether that could indicate that a recent $475,000 settlement between HHS and Presence Health over late notification might be getting entities more calendar-conscious.

Some breaches are still taking too long to discover, however, as three breaches that were first disclosed in March had gone undetected for more than one year. Two of those three incidents involved insider-wrongdoing.

As in past months, insider breaches represented a significant percentage (44%) of all reported incidents, but did not account for the bulk of breached records. As we have seen before, hacking accounted for a smaller percentage of incidents but a larger percentage of breached records. This month, there were 11 reports to HHS submitted as “Hacking/IT incidents.” Four of those entities specifically described their hacking incidents as ransomware incidents in their notifications. A fifth entity declined to answer the question of whether their incident involved ransomware. Several other entities reported “hacking” incidents, but did not respond to inquiries from this site requesting more information.

The largest – or second largest – incident of the month was a ransomware incident reported by Urology Austin as impacting almost 280,000 patients. It’s not clear what the largest incident of the month was because there was a contradiction between what Commonwealth Health Corporation in Kentucky reported to HHS and what Med Center Health reported to the media. On March 1, CHC informed HHS that 697,800 patients were affected by an incident that they reported as “Theft – Other.”  Three weeks later, Med Center Health uploaded a notice to their site that described an insider-wrongdoing incident. Media outlets were informed that the incident affected 160,000 patients. It’s possible that the contradictory reports were for the same incident, but if so, which is the correct number of patient records? The number of breached records for March remains somewhat uncertain at this point until that incident (or those incidents?) are clarified.

Protenus’s March barometer was based on reports involving the following entities or individuals:

  • ABCD Pediatrics, P.A.
  • American Home Patient
  • Apex Edi
  • Bristol Court Assisted Living Facility
  • Center for Health and Wellness Law, LLC
  • City of Delray Beach
  • Commonwealth Health Corporation
  • CVS Health
  • Denton Heart Group (HealthTexas Provider Network)
  • Dr. O Medical & Wellness Center (Dr. Tinuade Olusegun-Gbadehan)
  • Estill County Chiropractic, PLLC
  • Highland Rivers Community Service Board
  • Houston Methodist Cancer Center
  • Houston Methodist Hospital
  • Lane Community College health clinic
  • Local 693 Plumbers & Pipefitters Health & Welfare Fund
  • Mecklenburg County Health Dept
  • Med Center Health
  • Memphis VA Medical Center
  • Metropolitan Urology Group
  • Orange County Global Medical Center
  • Primary Care Specialists, Inc.
  • Primrose OB/GYN Clinic (CoxHealth)
  • Rashel Williams
  • Riaz Baber, M.D.
  • Rocky Mountain Health Maintenance Organization, Inc
  • Salibas
  • Sharp Healthcare
  • Skin Cancer Specialists, P.C.
  • Specialty Dental Partners of Philadelphia, PLLC.- DBA Rich Orthodontics
  • Charles Health System
  • Louis Children’s Hospital (BJC Healthcare)
  • Tarleton Medical Group (Harold Tarleton, M.D.)
  • UNC Health Care (N.C. Women’s Hospital and UNC Maternal-Fetal Medicine)
  • Unnamed Western PA healthcare facility
  • Urology Austin
  • Virginia Commonwealth University
  • VisionQuest Eyecare
  • Washington University School of Medicine
  • WellSpan Health

Details on many of the incidents can be found by searching this site.

Category: Breach IncidentsCommentaries and AnalysesHealth Data

Post navigation

← Metro Community Provider Network settles HHS breach charges for $400,000 and corrective action plan
USF issues substitute notice after email error exposed names and email addresses →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.