HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New London Hospital Data Breach Affects Almost 35,000 Patients

New London Hospital in central New Hampshire has discovered an unauthorized individual gained access to a file on its network in July 2020 and may have obtained the protected health information of 34,878 patients. A third-party cybersecurity firm was engaged to assist with the investigation and determined on February 16, 2021 that the file was accessed for a short period and may have been copied.

The file contained patient names, limited demographic information, and Social Security numbers; however, no diagnosis, treatment, or hospitalization information was compromised. New London Hospital is unaware of any misuse of information contained in the file. The network system on which the file was stored is no longer used by the hospital.

Additional safeguards have now been implemented to prevent similar breaches in the future. All patients have been notified and offered complimentary credit monitoring and identity theft protection services.

Child Focus Reports Malware Infection and 2,700-Record Data Breach

Child Focus, a Cincinnati, OH-based nonprofit that provides support to children and their families through early learning, behavioral health and foster care programs, has announced its systems have been hacked and malware deployed, which may have allowed the hackers to access sensitive patient information.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

After discovering a potential breach of its core IT systems, third-party cybersecurity specialists were engaged to investigate the incident and determine the nature and scope of the breach. The electronic health record system and application database were not affected; however, Child Focus was informed on January 5, 2021 that the attackers may have been able to view the protected health information of 2,716 individuals, including names, dates of birth, Social Security numbers, health and treatment-related information, and state Medicaid numbers.

Affected individuals have been notified and offered complimentary credit monitoring and identity theft protection services. Child Focus has also taken steps to improve system security, including implementing enhanced controls for remote access to its systems and advanced endpoint detection and response software on all endpoints and workstations.

Orlando Health South Lake Hospital Loses Logs Books Containing PHI of 1,623 Patients

Orlando Health South Lake Hospital has discovered logbooks used for recording patients’ hospital visits have been lost or stolen. The logbooks were discovered to be missing between December 24 and December 28, 2020. An extensive search was conducted, but the logbooks could not be located.

Hospital staff used the logbooks for recording information about obstetrics patients which included information such as patient names, dates of birth, medical record numbers, hospital account numbers, dates of service, attending physician, chief complaint, and/or internal hospital service codes. The data related to 1,673 patients who received care between April 20, 2019 and December 23, 2020.

The logbooks were kept in an area of the hospital that was not open to the public, so the hospital does not believe the logbooks have left the facility. Internal policies and procedures are being reviewed and will be revised, as necessary, to improve information security and the hospital is considering other more secure methods of recording patient data.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.