HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on The Cancer Center of Hawaii Delayed Radiation Therapy for Patients

On November 5, 2019 The Cancer Center of Hawaii in Oahu was attacked with ransomware. The attack forced the Cancer Center to shut down its network servers, which meant it was temporarily prevented from providing radiation therapy to patients at Pali Momi Medical Center and St. Francis’ hospital in Liliha.

While patient services experienced some disruption, no patient information is believed to have been accessed by the attackers. The forensic investigation into the breach is ongoing but all data stored on its radiology machines has been recovered and its network is now fully operational.

It is unclear for how long its network was down and no information has been released so far on the types of patient information that may have been accessed.

The Cancer Center has notified the FBI about the breach and will report the incident to appropriate authorities, if the forensic investigators confirm that patient data may have been accessed.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach was confined to the Cancer Center’s systems. Pali Momi Medical Center and St. Francis’ hospital were unaffected by the attack as their patient data and systems are isolated from the Cancer Center.

Zuckerberg San Francisco General Hospital Alerts Patients to Improper Disposal Incident

1,174 patients of Zuckerberg San Francisco General Hospital are being notified that meal tickets containing a limited amount of their protected health information have been disposed of in an improper manner.

The meal tickets contained patients’ full names, their bed/unit in the hospital, birth month, dietary information, and the menu they received. The tickets should have been disposed of in confidential waste bins but were accidentally disposed of with regular trash.

The breach was due to an employee being unaware that the meal tickets needed to be sent for shredded. The San Francisco Department of Health learned about the improper disposal incident on November 15, 2019. The employee had been disposing of the meal tickets in regular trash bins between June 18 and November 4. The employee has since been advised of the correct procedures for the disposable of sensitive information.

The breach report submitted to the Department of Health and Human Services’ Office for Civil rights shows 1,174 patients have been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.