Here are five security breaches at ASCs that took place over the first half of the year:
On Jan. 8, an unauthorized third party accessed 134,512 patient records at Albany, N.Y.-based St. Peter's Surgery & Endoscopy Center. Malware potentially compromised a server containing personal patient information, but there was no evidence patient information was accessed. The ASC sent notifications to potentially affected patients Feb. 28.
Silver Spring, Md.-based Capital Digestive Care notified HHS of a data breach Feb. 23. A third-party vendor for the center stored files on a commercial cloud server with inadequate security, according to the gastroenterology group. The reportedly insufficient security exposed 17,639 patient records. Social Security numbers and financial information were not compromised.
On Feb. 26, Baton Rouge, La.-based Eye Care Surgery Center discovered the theft of a laptop that potentially stored patient information. The ASC has since installed a multi-camera security system and launched an investigation into the incident. The surgery center alerted 2,553 patients their information might have been compromised and notified HHS about the breach April 27.
In April, Charlotte, N.C.-based Carolina Digestive Health Associates notified patients a former employee stole about 100 patients' personal data, including Social Security numbers and birthdays, and shared the information with fraud suspects. HHS' Office for Civil Rights data breach reporting portal shows 10,988 records were potentially impacted.
Holland (Mich.) Eye Surgery and Laser Center notified patients May 18 about a hacking incident that occurred in 2016. The hacker accessed a list with patient names, addresses, birthdays, demographic information, health insurance information and Social Security numbers. The OCR portal shows 42,200 patients were affected.