Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization: all
Date Made Public:
January 21, 2019
Company: Critical Care, Pulmonary and Sleep Associates, PLLP
Location: , Colorado
Type of breach:
HACK
Type of organization:
MED
Records Breached:
23,377

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2019
Company: Valley Hope Association
Location: , Kansas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
70,799

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2019
Company: FABEN Obstetrics and Gynecology, LLC
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,092

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2019
Company: Integrity, Inc. d/b/a Integrity House
Location: , New Jersey
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
7,206

Location of breached information: Desktop Computer, Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2019
Company: Las Colinas Orthopedic Surgery & Sports Medicine, PA
Location: , Texas
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
76,000

Location of breached information: Other Portable Electronic Device

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2019
Company: ABB Inc. Active Employee Group Benefit Plan
Location: , North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
6,877

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 16, 2019
Company: Lebanon VA Medical Center
Location: , Pennsylvania
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,002

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 15, 2019
Company: Humana Inc.
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
598

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 14, 2019
Company: Premier Specialties, Incorporated
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,300

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 10, 2019
Company: Sacred Heart Rehabilitation Center
Location: , Michigan
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,266

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 9, 2019
Company: Humana Inc
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,211

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 8, 2019
Company: Family Physicians of Winter Park, Inc.
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
8,429

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 7, 2019
Company: Dermacare Brickell
Location: , Florida
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,800

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 6, 2019
Company: NORTH ATLANTA MEDICAL CLINIC
Location: , Georgia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,800

Location of breached information: Desktop Computer

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 3, 2019
Company: Managed Health Services
Location: , Indiana
Type of breach:
DISC
Type of organization:
MED
Records Breached:
576

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 3, 2019
Company: Centerstone Insurance and Financial Services (d/b/a BenefitMall)
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
111,589

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 31, 2018
Company: Humana Inc
Location: , Kentucky
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
684

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 29, 2018
Company: Choice Rehabilitation
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
4,309

Location of breached information: Email, Laptop

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 27, 2018
Company: WEA Insurance Corporation
Location: , Wisconsin
Type of breach:
HACK
Type of organization:
MED
Records Breached:
850

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: San Diego Unified School District
Location: San Diego, California
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
500,000

As reported at the Los Angeles Times, "The personal information of San Diego Unified students, former students and employees may have been compromised in a data breach that officials believe happened in January, the school district said Friday.

The breach could affect as many as 500,000 students who attended San Diego Unified schools as far back as the 2008-09 school year, officials said.

The breach may have included information about students and staff such as addresses and dates of birth, discipline, health, scheduling and grade information, according to an email sent to school families on Friday. Social Security numbers were also affected.

About 50 staff members’ accounts are known to have been compromised and have been reset, according to the district.

“The San Diego Unified School District has taken the steps necessary to eliminate the threat to your personal data and implement improvements to prevent such unauthorized access from happening again,” the district said in the email."

Information Source:
Media
Date Made Public:
December 21, 2018
Company: SEIU Local 32BJ, District 36 Building Operators Welfare Trust Fund
Location: , Pennsylvania
Type of breach:
DISC
Type of organization:
MED
Records Breached:
911

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: Kent County Community Mental Health Authority
Location: , Michigan
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,284

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: DePaul University
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
656

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: JAND Inc. d/b/a Warby Parker
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
177,890

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: The Podiatric Offices of Bobby Yee
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
24,000

Location of breached information: Desktop Computer, Laptop, Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: Dermatologists of Southwest Ohio
Location: , Ohio
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
733

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 19, 2018
Company: VIRTUAL RADIOLOGIC PROFESSIONALS, LLC
Location: , Minnesota
Type of breach:
HACK
Type of organization:
MED
Records Breached:
846

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 18, 2018
Company: Tift Regional Medical Center
Location: , Georgia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,045

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 18, 2018
Company: Barnes-Jewish Hospital
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,643

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 17, 2018
Company: University of Vermont Health Network - Elizabethtown Community Hospital
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
32,470

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 17, 2018
Company: Fort Defiance Indian Hospital
Location: , Arizona
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,000

Location of breached information: Desktop Computer

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Marriott International
Location: , Maryland
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
327,000,000

Marriott International disclosed a massive security breach of the reservations system for its Starwood Hotels and Resorts brand, a hack it said Friday may have compromised private info on up to 500 million guests.

According to Marriott, for around 327 million Starwood guests, the database included such personal information as name, mailing address, phone number, email address, passport number, date of birth, and gender. For some Starwood customers, the hacked database also stored payment card numbers and expiration dates, although Marriott said that information was encrypted.

Information Source:
Media
Date Made Public:
November 30, 2018
Company: CHI Health Care, Inc.
Location: , Maryland
Type of breach:
DISC
Type of organization:
MED
Records Breached:
722

Location of breached information: Other Portable Electronic Device, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Mind and Motion, LLC
Location: , Georgia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,000

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: CCRM Dallas-Fort Worth
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,117

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Thielen Student Health Center
Location: , Iowa
Type of breach:
DISC
Type of organization:
MED
Records Breached:
599

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Prairie Fields Family Medicine, PC
Location: , Nebraska
Type of breach:
DISC
Type of organization:
MED
Records Breached:
6,450

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 28, 2018
Company: OrthoTexas Physicians and Surgeons, PLLC
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,172

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 28, 2018
Company: Steward Medical Group
Location: , Massachusetts
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,276

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 27, 2018
Company: Health equity inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
189,957

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
CSV