Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
December 31, 2018
Company: Humana Inc
Location: , Kentucky
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
684

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 29, 2018
Company: Choice Rehabilitation
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
4,309

Location of breached information: Email, Laptop

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 27, 2018
Company: WEA Insurance Corporation
Location: , Wisconsin
Type of breach:
HACK
Type of organization:
MED
Records Breached:
850

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: San Diego Unified School District
Location: San Diego, California
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
500,000

As reported at the Los Angeles Times, "The personal information of San Diego Unified students, former students and employees may have been compromised in a data breach that officials believe happened in January, the school district said Friday.

The breach could affect as many as 500,000 students who attended San Diego Unified schools as far back as the 2008-09 school year, officials said.

The breach may have included information about students and staff such as addresses and dates of birth, discipline, health, scheduling and grade information, according to an email sent to school families on Friday. Social Security numbers were also affected.

About 50 staff members’ accounts are known to have been compromised and have been reset, according to the district.

“The San Diego Unified School District has taken the steps necessary to eliminate the threat to your personal data and implement improvements to prevent such unauthorized access from happening again,” the district said in the email."

Information Source:
Media
Date Made Public:
December 21, 2018
Company: SEIU Local 32BJ, District 36 Building Operators Welfare Trust Fund
Location: , Pennsylvania
Type of breach:
DISC
Type of organization:
MED
Records Breached:
911

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: Kent County Community Mental Health Authority
Location: , Michigan
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,284

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 21, 2018
Company: DePaul University
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
656

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: JAND Inc. d/b/a Warby Parker
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
177,890

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: The Podiatric Offices of Bobby Yee
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
24,000

Location of breached information: Desktop Computer, Laptop, Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2018
Company: Dermatologists of Southwest Ohio
Location: , Ohio
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
733

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 19, 2018
Company: VIRTUAL RADIOLOGIC PROFESSIONALS, LLC
Location: , Minnesota
Type of breach:
HACK
Type of organization:
MED
Records Breached:
846

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 18, 2018
Company: Tift Regional Medical Center
Location: , Georgia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,045

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 18, 2018
Company: Barnes-Jewish Hospital
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,643

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 17, 2018
Company: University of Vermont Health Network - Elizabethtown Community Hospital
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
32,470

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 17, 2018
Company: Fort Defiance Indian Hospital
Location: , Arizona
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,000

Location of breached information: Desktop Computer

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Marriott International
Location: , Maryland
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
327,000,000

Marriott International disclosed a massive security breach of the reservations system for its Starwood Hotels and Resorts brand, a hack it said Friday may have compromised private info on up to 500 million guests.

According to Marriott, for around 327 million Starwood guests, the database included such personal information as name, mailing address, phone number, email address, passport number, date of birth, and gender. For some Starwood customers, the hacked database also stored payment card numbers and expiration dates, although Marriott said that information was encrypted.

Information Source:
Media
Date Made Public:
November 30, 2018
Company: CHI Health Care, Inc.
Location: , Maryland
Type of breach:
DISC
Type of organization:
MED
Records Breached:
722

Location of breached information: Other Portable Electronic Device, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Mind and Motion, LLC
Location: , Georgia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,000

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: CCRM Dallas-Fort Worth
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,117

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Thielen Student Health Center
Location: , Iowa
Type of breach:
DISC
Type of organization:
MED
Records Breached:
599

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 30, 2018
Company: Prairie Fields Family Medicine, PC
Location: , Nebraska
Type of breach:
DISC
Type of organization:
MED
Records Breached:
6,450

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 28, 2018
Company: OrthoTexas Physicians and Surgeons, PLLC
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,172

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 28, 2018
Company: Steward Medical Group
Location: , Massachusetts
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,276

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 27, 2018
Company: Health equity inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
189,957

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 27, 2018
Company: AccuDoc Solutions, Inc.
Location: , North Carolina
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,652,540

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 26, 2018
Company: Cancer Treatment Centers of America (CTCA) at Western Regional Medical Center
Location: , Arizona
Type of breach:
HACK
Type of organization:
MED
Records Breached:
41,948

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 26, 2018
Company: Baylor Scott & White Medical Center - Frisco
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
47,984

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 26, 2018
Company: Mercy Medical Center- North Iowa
Location: , Iowa
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,971

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 23, 2018
Company: Independence community college
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
4,839

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 21, 2018
Company: Lundberg family farms
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
201

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 21, 2018
Company: Tandigm Health
Location: , Pennsylvania
Type of breach:
HACK
Type of organization:
MED
Records Breached:
7,376

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 20, 2018
Company: R r bowker llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
18,578

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 20, 2018
Company: East End Disability Associates, Inc.
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
896

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 19, 2018
Company: Inova Health System
Location: , Virginia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
857

Location of breached information: Electronic Medical Record

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 19, 2018
Company: James R. Etzkorn, MD
Location: , Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
6,845

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 17, 2018
Company: LPL Financial llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
270,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 17, 2018
Company: HealthEquity, Inc.
Location: , Utah
Type of breach:
HACK
Type of organization:
MED
Records Breached:
165,800

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
November 16, 2018
Company: Jo ann jody hendryx
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
67

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 16, 2018
Company: Next gen healthcare inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 16, 2018
Company: Smithand nephew
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
22

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
CSV