Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
July 19, 2018
Company: Family Physicians of Old Town Fairfax PC
Location: , Virginia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 10, 2018
Company: Blue Springs Family Care, P.C.
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
44,979

Location of breached information: Electronic Medical Record, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
June 19, 2018
Company: Family Healthcare of Lake Norman
Location: , North Carolina
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 4, 2018
Company: baystate family dental inc
Location: , Massachusetts
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
500

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 4, 2018
Company: Baystate Family Dental, Inc.
Location: , Massachusetts
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
500

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 30, 2018
Company: Complete Family Medicine, LLC
Location: , Nebraska
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,331

Location of breached information: Laptop, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 26, 2018
Company: Illinois Department of Healthcare and Family Services
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
8,000

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 27, 2017
Company: Longs Peak Family Practice, P.C.
Location: , Colorado
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,238

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 13, 2017
Company: Family & Cosmetic Dentistry of the Rockies
Location: , Colorado
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,850

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 3, 2017
Company: Valley Family Medicine
Location: , Virginia
Type of breach:
DISC
Type of organization:
MED
Records Breached:
8,450

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 16, 2017
Company: Mercy Family Medicine
Location: , Colorado
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
2,069

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 16, 2017
Company: Salina Family Healthcare Center
Location: , Kansas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
77,337

Location of breached information: Desktop Computer, Electronic Medical Record, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 19, 2017
Company: Hathaway-Sycamores Child and Family Services
Location: Pasadena, California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

"What happened? 

We have recently received reports from several employees who have discovered fraudulent tax filings have been made in their names. We are investigating those reports and we have contacted our cyber security advisers and insurers. So far, we have not discovered a compromise of our computer systems or networks. 

What information was involved?
The fact that several employees have reported tax fraud indicates that the information contained on IRS W-2 Forms, which includes names, addresses, Social Security Numbers, and wage information, may be involved."

Information Source:
California Attorney General
Date Made Public:
July 9, 2017
Company: Ledet Family Chiropractic Cener
Location: , Pennsylvania
Type of breach:
HACK
Type of organization:
MED
Records Breached:
530

Location of breached information: Network Server

Business associate present: No

Information Source:
Maryland Attorney General
Date Made Public:
June 19, 2017
Company: Family Tree Health Clinic
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
13,402

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
June 12, 2017
Company: Cove Family and Sports Medicine, LLC
Location: , Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
4,300

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 5, 2017
Company: Jones Family Practice, P.A.
Location: , North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
742

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 17, 2017
Company: Family Service Rochester
Location: , Minnesota
Type of breach:
HACK
Type of organization:
MED
Records Breached:
17,037

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 3, 2017
Company: Family Medicine East, Chartered
Location: , Kansas
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
6,800

Location of breached information: Desktop Computer

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 20, 2016
Company: Desert Care Family and Sports Medicine
Location: , Arizona
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 20, 2016
Company: You and Your Health Family Care, Inc.
Location: Tavares, Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,000

As reported by Health and Human Services hacking/IT Incident. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
October 20, 2016
Company: You and Your Health Family Care, Inc.
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,000

The covered entity (CE), You and Your Health Family Care, Inc., discovered a ransomware virus accessed its server through an open firewall port on September 11, 2016. The ransomware accessed data that included patient names, addresses, dates of birth, Social Security numbers, and clinical information for 1,456 individuals. The CE provided breach notification to HHS, affected individuals, and the media. In response to the breach, the CE initiated a comprehensive review of its privacy and security safeguards, secured all open ports in its firewall, reviewed and secured all user accounts and strengthened passwords, and installed additional security software. It developed a plan to implement an audit system and encryption mechanisms, and retrain all staff after it finishes the in-depth review and update of its privacy and security policies. Additionally, it will conduct a risk analysis on an annual basis moving forward. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 25, 2016
Company: American Family Care, Inc.
Location: , Alabama
Type of breach:
DISC
Type of organization:
MED
Records Breached:
7,200

Location of breached information: Electronic Medical Record, Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 20, 2016
Company: Premier Family Care I, Inc.
Location: Midland, Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,326

As reported by Health and Human Services unauthorized access/disclosure/paper/films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
July 20, 2016
Company: Premier Family Care I, Inc.
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,326

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 13, 2016
Company: Imperial Valley Family Care Medical Group, APC
Location: El Centro, California
Type of breach:
PORT
Type of organization:
MED
Records Breached:
0

"On March 21, 2016 there was a burglary at the office of Dr. Sampat and a single laptop computer was taken from the premises. A police report of the incident was filed with the El Centro Police Department.  We have discovered dring our investigation of the incident that the laptop may have contained your personal information including name, address, date of birth, and personal health information."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-61822

Information Source:
California Attorney General
Date Made Public:
May 13, 2016
Company: Imperial Valley Family Care Medical Group, APC
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
649

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 11, 2016
Company: Family Medicine of Weston
Location: Weston, Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

As reported by Health and Human Services hacking/IT incident/electronic medical records. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 

Information Source:
Government Agency
Date Made Public:
May 11, 2016
Company: Family Medicine of Weston
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 27, 2016
Company: Family & Children's Services of Mid-Michigan
Location: Midland, Michigan
Type of breach:
HACK
Type of organization:
MED
Records Breached:
981

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 

Information Source:
Government Agency
Date Made Public:
April 27, 2016
Company: Family & Children's Services of Mid Michigan, Inc.
Location: , Michigan
Type of breach:
HACK
Type of organization:
MED
Records Breached:
981

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 12, 2016
Company: United Community & Family Services
Location: , Connecticut
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,000

United Community Family Services, the covered entity (CE), mistakenly sent an email blast that advertised dental services, to current and former patients, with email addresses visible to all of the other recipients of the email. The emails were encrypted so that that only the recipients could have accessed them. Approximately 1,095 individuals were affected by this breach. The types of protected health information (PHI) involved in the breach included some names as part of the email addresses and the implied suggestion that these individuals had received dental services from this CE. The CE provided breach notification to HHS, affected individuals, and the media. As a result of OCR’s investigation, the CE implemented plans to review and revise its policies to ensure adequate safeguards of electronic PHI. Additionally, the covered entity re-trained staff on its HIPAA policies and issued periodic HIPAA reminders to staff.

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 7, 2016
Company: Complete Family Foot Care
Location: , Nebraska
Type of breach:
HACK
Type of organization:
MED
Records Breached:
5,883

Bizmatics, Inc., a business associate (BA) that the covered entity (CE), Complete Family Foot Care, employs for the online storage and management of its patient health records, discovered an unauthorized access to the computer servers on which the CE's’s patient files were stored. The breach affected 5,883 individuals and included clinical information. Upon request of the CE, the BA provided breach notification to affected individuals and complimentary identity recovery services for individuals victimized by identity theft. The CE also provided breach notification to HHS and the media and posted substitute notice on its website. Following the breach the BA comprehensively scanned for malware and any external vulnerabilities, upgraded all anti-virus and anti-malware programs as well as system hardware and operating systems, updated server and account passwords, and revised its firewall configurations. The BA also implemented stricter password policies and initiated the installation of an active traffic-monitoring solution for its network. OCR obtained written assurances that the CE and BA implemented the corrective actions listed above.

Location of breached information: Electronic Medical Record, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 31, 2015
Company: Pittman Family Dental
Location: Montpelier, Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
8,830

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
December 31, 2015
Company: Pittman Family Dental
Location: , Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
8,830

An unauthorized third-party accessed protected health information (PHI), according to the forensic firm that the covered entity (CE), Pittman Family Dental, retained to investigate abnormal activity on its computer server. Approximately 8,830 individuals were affected by the breach. The server included full names, social security numbers (of 5,007 individuals), driver’s license numbers, dates of birth, home addresses, treatment notes, and insurance information. The CE provided breach notification to HHS, affected individuals, and the media. To prevent a similar breach from happening in the future, the CE scrubbed and reinstalled its server, installed an anti-virus/malware solution, and contracted with a company to provide an updated risk analysis and additional training. OCR obtained written assurances that the CE implemented the corrective actions listed above.

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 9, 2015
Company: Oakland Family Services
Location: , Michigan
Type of breach:
HACK
Type of organization:
MED
Records Breached:
16,107

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 24, 2015
Company: Seton Family of Hospitals
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
39,000

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 14, 2014
Company: Novant Health Gaffney Family Medical Care
Location: Gaffney , South Carolina
Type of breach:
PORT
Type of organization:
MED
Records Breached:
0

Novant Health Gaffney Family Medical Care informed patients of a data breach when their offices were broken into and two of the facilities laptops were stolen.

The information on the laptops was not disclosed.

More Information: http://www.wspa.com/story/26681323/laptops-with-patient-data-stolen-from...

Information Source:
Media
Date Made Public:
September 30, 2014
Company: American Family Care, Inc.
Location: , Alabama
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
2,588

On July 17, 2014, two password-protected, unencrypted laptop computers belonging to the covered entity (CE), American Family Care, were stolen from an employee’s vehicle while he was on business travel. The laptops contained the electronic protected health information (ePHI) of 2,500 individuals, and included different types of data for different individuals, such as patients’ names, dates of visits, patient identification numbers, social security numbers, dates of birth, and specific health information. The CE provided breach notification to HHS, affected individuals, and the media. Following the breach, the CE contacted the local police department and conducted an internal investigation. The CE also revised its HIPAA policies and procedures, retrained its workforce, and encrypted all of its laptops.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 29, 2014
Company: American Family Care
Location: Birmingham , Alabama
Type of breach:
PORT
Type of organization:
MED
Records Breached:
0

"American Family Care of Birmingham is alerting customers following the theft of two laptops containing sensitive information from an employee’s vehicle earlier this summer".

The information on the laptops contained personal information of patients specifically related to work injuries, physicals, immunizations and drug screens. The lap top also included the names, dates of birth, addresses, phone numbers, medical record numbers, Social Security Numbers, additional medical information, insurance information, driver's license numbers and dates of service.

Those with questions concerning the incident can call (800) 258-7535(800) 258-7535 extension 2588 or e-mail ComplianceOfficer@americanfamilycare.com.

More Information: http://www.phiprivacy.net/american-family-care-alerts-customers-of-stole... and http://www.bizjournals.com/birmingham/morning_call/2014/09/american-fami...

Information Source:
PHIPrivacy.net
CSV