Application security, Breach, Threat Management, Data Security

Dignity Health discloses multiple data breaches to HHS

The San Francisco-based health care facilities operator Dignity Health recently experienced an accidental email breach affecting 55,947 patients, according to a May 31 disclosure form the not-for-profit corporation filed with the U.S. Department of Health and Human Services.

In a blog post filed last week, DataBreaches.net reports that Dignity Health acknowledged in a statement that an email list that was formatted by third-party partner Healthgrades contained a sorting error that caused the company to send emails to the wrong patients last April. Fortunately, emails contained only patients' names and their physicians' names, and each incorrectly addressed email was sent to only one individual.

DataBreaches further reports that Dignity Health recently reported experienced two other breach incidents. Specifically, Dignity Health recently reported on its website that an employee St. Joseph's Hospital and Medical Center in Arizona was found to have viewed the records of 229 patients "without a business reason to do so." Additionally, the company last month reported to HHS that three of its Nevada hospitals mistakenly continued to send documents with patient information to a third-party contractor after his or her contract had expired. That contract was later renewed anyway. A total of 6,016 patients were involved in this incident.

In related news, multiple outlets are reporting [1, 2] that Terros Health on June 8 publicly disclosed a data breach impacting roughly 1,600 patients, nearly all of whom received treatment at a medical clinic in Phoenix. The company reportedly stated in a press release that on Nov. 16, 2017, an unauthorized individual accessed information such as names, birth dates, home and email addresses, diagnoses, medical record numbers, and "other protected health information. The Social Security numbers of 142 patients may have also been exposed.

Both health care organizations say they took steps following the various breaches to mitigate their impact, including contacting patients, establishing a help telephone line and offering ID theft protections, as necessary.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.