Data Breaches

Breach Subtotal

Breach Type: CARD, HACK, INSD, PHYS, PORT, STAT, DISC, UNKN
Organization Type: BSF, BSO, BSR, EDU, GOV, MED, NGO, UNKN
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
January 31, 2018
Company: Children's Mercy Hospital
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
63,049

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 29, 2018
Company: QuadMed
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,549

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 29, 2018
Company: QuadMed, LLC (Whirlpool)
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,549

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Steven Yang, D.D.S., INC.
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,202

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Decatur County General Hospital
Location: , Tennessee
Type of breach:
HACK
Type of organization:
MED
Records Breached:
24,000

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Scoppechio
Location: Louisville, Kentucky
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
204

Scoppachio, an advertising agency, experienced a phishing incident that resulted in the exposure of 204 records.

Information Source:
Security Breach Letter
Date Made Public:
January 25, 2018
Company: Rocky Mountain Women's Health Center, Inc.
Location: , Utah
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,123

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 25, 2018
Company: Zachary E. Adkins, DDS
Location: , New Mexico
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,677

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 23, 2018
Company: Central States Southeast and Southwest Areas Health and Welfare Fund
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
634

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 23, 2018
Company: Carite Inc.
Location: Madison Heights, Michigan
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
346

On 1/17 2018 Carite Inc. suffered a breach affecting 346 records, including social security numbers and names. 

Information Source:
Security Breach Letter
Date Made Public:
January 22, 2018
Company: RGH Enterprises, Inc.
Location: , Ohio
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,586

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 22, 2018
Company: Robert Smith DMD, PC
Location: , Tennessee
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 22, 2018
Company: Housing Authority of the City of Charlotte
Location: Charlotte, North Carolina
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
341

An email was sent purportedly from the CEO requesting W-2s for 2016 and 2017. The staff member thought it was the CEO and sent the information.

Information Source:
Security Breach Letter
Date Made Public:
January 22, 2018
Company: Netcracker Technology Corporation
Location: Waltham, Massachusetts
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
9

Between approximately January 4, 2018 and January 12, 2018, Netcracker learned that a few of its employees were the target of an e-mail phishing incident. Those employees received an email that appeared to be from Netcracker's payroll provider, Automatic Data Processing (“ADP”). Employees who clicked on a link in the e-mail and entered their ADP login information on the landing page enabled access by the scammer to their ADP account and to view personal information in that account. The account contains employees' personal information, including financial account number, e-mail address and ADP username with password or security question and answer, and Social Security number. The employee's ADP account does not contain driver's license number or state identification card number, any credit or debit card number, or medical or health insurance information.

Information Source:
Security Breach Letter
Date Made Public:
January 19, 2018
Company: Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc.
Location: , Maryland
Type of breach:
HACK
Type of organization:
MED
Records Breached:
5,228

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2018
Company: The Pediatric Endocrinology and Diabetes Specialists
Location: , Nevada
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,021

Location of breached information: Desktop Computer, Electronic Medical Record, Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2018
Company: Gillette Medical Imaging
Location: , Wyoming
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,476

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 17, 2018
Company: Franciscan Health Indianapolis
Location: Indianapolis, Indiana
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2

On 1/6/2018 Franciscan Health Indianpolis suffered a hack that affected 2 records, including names as well as driver's license numbers.

Information Source:
Security Breach Letter
Date Made Public:
January 15, 2018
Company: High Plains Surgical Associates
Location: , Wyoming
Type of breach:
DISC
Type of organization:
MED
Records Breached:
607

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Western Washington Medical Group Inc.
Location: , Washington
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
842

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Pedes Orange County, Inc.
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
917

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Onco360 and CareMed Specialty Pharmacy
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
53,173

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 9, 2018
Company: Alicia Ann Oswald
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
800

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 8, 2018
Company: Charles River Medical Associates, pc
Location: , Massachusetts
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
9,387

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 8, 2018
Company: Palomar Health (Palomar Medical Center (Escondido)
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,309

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 5, 2018
Company: Agency for Health Care Administration
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
30,000

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 5, 2018
Company: Oklahoma State University Center for Health Sciences
Location: , Oklahoma
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
279,865

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 2, 2018
Company: Penn Medicine
Location: , Pennsylvania
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,050

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV