Three breaches reported: Wal-mart Pharmacy in Arkansas, Premier Healthcare in Indiana, and City of Hope in California.

While the beginning of March saw fewer large-scale breaches than February and January, three substantial breaches occurred costing health care organizations in reputation and finances.


Wal-mart Stores Inc. Pharmacy Breach

On March 2, Wal-Mart Stores Inc., reported that prescription history of a few thousand patients may have been visible February 15 – 18.  This was due to a coding error in the online pharmacy portal software that customers can use to manage their own accounts.  This error was due to server transfers, rather than a hack.

According to the Reuter’s article covering the breach, Wal-Mart is in the process of contacting people who were potentially affected and offering identity protection services.  The article also noted that Wal-Mart does not believe that the information was or will be used in a malicious manner.


Premier Healthcare Breach

In a press release on the Premier Healthcare website, the Indiana health care provider group reported that a laptop was stolen from the Billing Department.  In an update on March 14, the laptop was recovered.  Premier Healthcare hired an information security consulting firm to conduct a forensic analysis on the computer.  The consulting firm was able to determine that the laptop was not powered on since it was lost on December 31, 2015.  Premier Healthcare stated that they believe the information maintained on the laptop was not accessed and that this loss will not affect patients.


City of Hope Breach

On March 4, City of Hope provided a press release on the organization’s website about a phishing email attack.  A phishing email is an attempt to get personal information such as usernames and passwords by sending an email that looks like it is coming from a trustworthy source, such as what looks like a manager’s email address.

The California organization discovered it was targeted by the email attack on January 18, 2016 and took immediate action to end the intrusion by securing affected email accounts.  According to the release, City of Hope notified law enforcement and hired an information security consulting firm.  This firm discovered three email accounts were affected, which included patient information which may have been viewed by the hacker(s).

City of Hope does not believe this phishing attack targeted PHI, but the PHI contained in the emails were an incidental occurrence.  City of Hope stated that they are sending notification letters to affected patients and is working to mitigate the potential risk.


This report outlines three different breaches.  Any of these could affect your healthcare organization.  What are you doing to mitigate these types of risks?

Learn more about how you can protect your organization from breaches with the help of HIPAAgps. Start your free trial today!