May healthcare data breaches: More than 2 million patients affected

Nearly 2 million people had their healthcare records exposed by breaches from medical practices and other HIPAA-covered entities in May, according to the U.S. Department of Health and Human Service’s (HHS) Office for Civil Rights.

The majority of the records were the result of an unauthorized access to the server of a healthcare clearing house in Puerto Rico called Immediata Health Group Corp. More than 1.56 million patients were impacted by that breach.

Below is information on May’s other disclosed breaches.

• 34 of the 43 breaches occurred at healthcare providers.
• Besides the clearing house breach, the other largest breaches were 106,000 records at a surgical eyecare center in Indiana, 87,400 records at a health plan in Maryland, and 26,000 records at a family and internal medicine group in California.
• Most of the breaches were the result of unauthorized access or a hacking incident tied to email. Seven of the breaches were tied to electronic health records.

The 2009 HITECH Act requires HHS to post a list of breaches of unsecured protected health information affecting 500 or more individuals.

READ MORE: See April 2019's data breach report.