Data Breaches, Vulnerabilities Discovered at Three Health Entities


Several data breaches recently occurred at health care providers and agencies in California, Minnesota and Virginia. The breaches collectively affected the personal health information of tens of thousands of individuals.

Breach at Bailey's Health Center, Va.

The personal health data of 1,500 patients of the Bailey's Health Center in Falls Church, Va., were inappropriately disclosed when a computer file containing patient records was left on an unsecured computer server, McLean Patch reports.

The patient files were accessed on four occasions between Sept. 9 and Oct. 3.

The Fairfax County Health Department was notified of the breach on Oct. 24.

Information on the computer included patients':

  • Addresses;
  • Medication names and dosages;
  • Payment information;
  • Pharmacy identification numbers; and
  • Prescribers' names and addresses.

In addition, certain patients' Social Security numbers were included in the files.

In response to the breach, the county health department in a statement said it will review existing databases to confirm data are secure (van der Kleut, McLean Patch, 12/15).

Breach at Cottage Health System, Calif.

On Wednesday, Cottage Health System in Santa Barbara, Calif., notified 32,755 patients that their health data might have been compromised after a third party vendor -- inSync -- removed security protections limiting outside access to patient records without notifying the hospital, Healthcare IT News reports (McCann, Healthcare IT News, 12/13).

The data included information on patients who were treated between Sept. 29, 2009, and Dec. 2, 2013, at Cottage facilities in:

  • Goleta;
  • Santa Barbara; and
  • Santa Ynez.

Information contained on the site included patients':

  • Diagnoses;
  • Lab test results; and
  • Procedures performed.

It did not include:

In response, Steven Fellow -- CHS' executive vice president, COO and chief compliance officer -- in a letter to patients said, "We want to also assure you we have taken steps to prevent this type of event from happening again, including reviewing service relationships with third party vendors, expanding and increasing the frequency of internal and external security checks, and enhancing our 'change notification system'" (Healthcare IT News, 12/13).

Security Vulnerabilities at MNsure

The Minnesota health insurance exchange is vulnerable to "rogue access points" that could allow hackers to see information traveling between a user's computer and the MNsure website, the AP/Seymour Tribune reports.

According to the AP/Tribune, such points can look like a standard wireless connection, but they compromise security measures when a user inadvertently connects to a nearby device.

Legislative auditor Jim Nobles said if MNsure does not address this issue, the office will examine it during a security audit of the site next year (AP/Seymour Tribune, 12/12).

to share your thoughts on this article.