Protenus recently released its Breach Barometer report for health data breaches in the U.S. that were first disclosed in October.
Their analyses are based on 37 incidents compiled by DataBreaches.net, as below:
- Advanced Spine & Pain Center
- Aetna
- Amida Care
- Arch City Dental, LLC – Drs. Baloy and Donatelli
- Atlanta Asthma and Allergy,
- Austin Manual Therapy Association
- Bassett Family Practice (same as Martinsville County health and wellness?)
- Brevard Physician Associates
- Briggs & Stratton Corporation
- Carolina Oncology Assoc
- Catholic Charities for the Diocese of Albany
- Chase Brexton Health Care
- Community Family Care IPA (CFC)
- CVS
- Emergency Coverage Corporation
- HumanGood
- Iliuliuk Family and Health Services
- Insulet Corporation
- Iowa Department of Human Services
- John Hancock Life Insurance Company (U.S.A.)
- Johnston Community SD
- Kaiser Permanente
- Lawrence Berger, cardiologist
- Lifestyle Therapy & Coaching
- Mann-Grandstaff VA Medical Center
- Mann-Grandstaff VA Medical Center
- MGA Home Healthcare Colorado, Inc.
- Namaste Health Care (Bridget Early)
- Orthopedics NY, LLP
- Palomar Health
- Patient Home Monitoring
- Recovery Institute of the South East P.A.
- RiverMend Health, LLC
- Special Therapy Care Chartered
- Tallahassee nursing home (Tangela Brown)
- Texas Children’s Health Plan
- TJ Samson Community Hospital
Of note, three of the incidents were hack and extortion attempts by TheDarkOverlord. None of those three incidents have shown up in HHS’s public breach tool, although two of them may eventually show up.
Apart from one data leak uncovered by Kromtech Security, most of the other reports are generally not mega-incidents. That is a bit of a relief, but we still need to remember that every individual’s privacy matters. In a year where we are getting clobbered on a weekly basis with reports of breaches affecting tens of millions of people each, it may be easy to shrug or dismiss a breach that “only” affects “a few thousand” or so, but as we’ve seen time and time and again, it’s not the numbers, but the nature of the information and its impact for the individual that matters. Let’s not ever lose sight of that.
If you’re looking for details on any of the 37 incidents compiled for October, start by using the search box on this site, and if you can’t find something you need that way, drop me a note and I’ll try to let you know what I may have found out about an incident. In some cases, though, we were unable to get any statement or response from an entity.