Return to site

5 Ohio Data Breaches in 2016

· Security

According to the Identity Theft Resource Center (ITRC), in 2016 there were 980 reported data breaches that exposed over 35 million records. The ITRC defines a breach as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format

Ohio had its fair share of data breaches in 2016. We cover 5 breaches that have impacted nearly 400,000 Ohioans.

  1. Central Ohio Urology Group (300,000 records reported) - A group aligned with far-right Ukrainian activists posted links to the hacked data and screenshots of a stolen database — complete with names, addresses, phone numbers and other private information — to a Twitter account.
  2. Ohio Department of Mental Health and Addiction Services (59,000 records reported) - Patients were sent a satisfaction survey by mail; however, the survey request was sent on postcards rather than in sealed envelopes. Consequently, the fact that each patient had received services related to mental health and addition was inadvertently exposed along with patients’ names and addresses. Each year, OMHAS sends customer satisfaction surveys to patients to obtain feedback about the services they received.
  3. Mayfield Clinic of Cincinnati (23,341 records reported) - In February, patients of the Mayfield Clinic of Cincinnati, Ohio were sent an email containing a malicious attachment which downloaded ransomware onto their devices. The entry on the HHS’ Office for Civil Rights breach portal indicates 23,341 patients were sent the email, although it is unclear how many email recipients opened the malicious attachment and infected their computers. The email was sent by an individual who gained access to a database held by one of Mayfield’s vendors.
  4. Cefalu Eye-Tech of Green, Inc. (850 records reported) - An employee of Cefalu Eye-Tech of Green, Inc. (Cefalu) photographed computer screens containing the protected health information (PHI) of approximately 850 individuals, including names, addresses, email addresses, and codes for diagnosis and conditions. Following the breach, Cefalu investigated the breach and provided breach notification to HHS and the affected individuals.
  5. Cleveland Clinic Akron General / Ambucor (750 records reported) - A company that contracts with Cleveland Clinic Akron General to provide remote monitoring services to patients notified 730 Akron General patients this week that their protected health information may have been compromised. According to the company, Ambucor, a former employee improperly downloaded confidential company information onto portable USB drives, commonly known as “thumb” or “flash” drives.
All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!