Healthcare News & Insights

6 more hospitals suffer data breaches

The list of hospitals who have experienced a data breach just keeps getting longer — six more facilities have been added.

According to The Boston Globe, patient records from four Massachusetts community hospitals (Milford, Holyoke, Carney and Milton) were found in a public dump. The unshredded records included Social Security numbers, patient contact information and medical information.

The pile of discarded records was described as being 20 feet long by 20 feet wide.

Allegedly, the records were disposed of by a medical billing company — Goldthwait Associates — that was acquired this year by another organization.

All of the hospitals involved said they plan to contact the Massachusetts Attorney General’s Office, as well as the tens of thousands of patients’ whose protected health information (PHI) may have been compromised.

The hospitals were notified of the breach in the beginning of August and are in the process of trying to figure out just how large it is.

This case just goes to show you how important business associate contracts are when it comes to the disposal of medical records. It’s not just your facility you have to keep an eye on, but your business associates, too!

Stolen laptop

A password-protected laptop was stolen from a physician’s office causing Stanford Hospital & Clinics and the Stanford University School of Medicine to contact 2,500 patients and let them know their PHI may have been compromised.

The compromised laptop data included patient names, location of services, medical record numbers, some treatment histories and ages, as well as a small amount of Social Security numbers.

The stolen laptop was equipped with location services software that signals its whereabouts when connected to the internet.

Good news: So far no detection has been reported, which means the patient info hasn’t been accessed … yet. So in the meantime, the facilities are contacting the affected patients as a precaution and are offering them paid identity protection services. They’re also tightening security.

Home burglary

At Oregon Health & Science University Hospital (OHSU), a USB drive was stolen that contained information on more than 14,000 patients, 200 employees and 702 pediatric patients. But this time it wasn’t stolen from a physician’s office.

The USB drive was stolen during a home burglary of an OHSU employee.

The employee inadvertently took the USB drive home in a briefcase, and the briefcase was among the items stolen in the robbery.

As far as the patients are concerned, the info contained on the drive included names, birth dates, phone numbers, addresses and medical record numbers. However, as for the employees, the data on the drive included names, Social Security numbers, addresses and employment-related vaccination information.

While the drive was password-protected, the facility is doing an extensive investigation to determine what it would take to access the password-protected data and open the files in a readable format.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.