Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
July 2, 2019
Company: Memorial Hermann Health System
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
507

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 13, 2019
Company: Memorial Hermann Health System
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
604

Location of breached information: Electronic Medical Record, Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 20, 2016
Company: Memorial Hermann Health System
Location: Houston, Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
12,061

As reported by Health and Human Services unauthorized access/disclosure. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
July 20, 2016
Company: Memorial Hermann Health System, reporting on behalf of Memorial Hermann Health System Employee Group Health Plan
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
12,061

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 29, 2014
Company: Memorial Hermann Health System
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
10,604

On July 7, 2014, Memorial Hermann Health System's audit program identified that a workforce member had inappropriately accessed the protected health information (PHI) of approximately 10,600 individuals. The covered entity (CE) provided breach notification to HHS, affected individuals, and the media. It also promptly terminated the involved workforce member. OCR reviewed copies of the CE's policies and procedures related to the incident and information related to its HIPAA training program and audit protocols in place at the time of the incident. Following the incident, the CE took corrective actions including expanding its IT audit program and hiring additional audit staff.

Location of breached information: Desktop Computer

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV