HealthWare Systems Blog

Patient Privacy and Safety – Three Recent Errors Exposing Private Medical Information in 2017 and Ways to Avoid Making the Same Mistakes

Posted on Wednesday, August 30, 2017

Learn from the recent mistakes of three healthcare facilities in order to prevent patient privacy errors and patient safety errors.

Learn from the recent mistakes of three healthcare facilities in order to prevent patient privacy errors and patient safety errors.

Protecting patient privacy by keeping patients’ personal and medical information safe is one of every healthcare company’s main concerns. There are many ways patient privacy can be compromised within the healthcare industry, and no facility or company wants to be faced with a HIPAA violation or lawsuit. The good news is that many of these patient privacy errors can be easily avoided through regular risk analysis and updating company policies.

Here are three recent errors in 2017 exposing private medical information:

May 15th, 2017: University of California Davis Health Phishing Attack, 15,000 Patients Affected

An employee of UC Davis Health responded to a phishing email with login credentials. The hacker was then able to access that employee’s account making it possible to view and obtain patient health information. Information at risk included name, address, phone number and (in some cases) diagnosis, social security number, and medical record number. The hacker also sent emails to other UC Davis Health employees, posing as the account owner and requesting fraudulent money transfers.

June 14th, 2017: Los Angeles Provider Hit by Ransomware Attack, over 260,000 Patients Affected
Pacific Alliance Medical Center’s servers were hit by a ransomware attack this June, possibly breaching private medical information of 266,123 patients. The hospital’s servers were compromised, files were encrypted, and the personal and medical information contained in the impacted servers were patients’ names, demographic details, social security numbers, dates of birth, employment information, insurance details, diagnoses, and medical images.

July 28th, 2017: Aetna Letters Publicly Revealed Patients’ HIV Status, 12,000 Patients Affected
In recent news, health insurance company Aetna accidentally revealed the HIV status of patients through a mailing error in late July. A letter was sent to 12,000 patients taking medication for HIV or taking pre-exposure medication to prevent getting the virus. The beginning of the letter informed patients about options under their Aetna plan when filling their HIV prescriptions. This personal and private medical information was visible to read without even opening the letter due to a large, transparent window on the envelope. Lawyers say some patients’ relatives and neighbors learned of their HIV status as a result.

As you can see, high numbers of patient accounts are involved any time a breach happens which can amount to several hundred thousand to several million dollars in fines. The three costly patient privacy errors mentioned above have affected over 293,000 people, and ALL three of these instances could have been avoided if proper training or extra monitoring at the facility was performed.

Here are a few ways to avoid compromising patient privacy:

1. Never send an email with sensitive information to anyone

2. Train staff on cyber security practices, stressing the importance of not opening attachments or links from unknown sources

3. Be wary of pop-ups and always use a high-quality firewall

For more tips, use these resources to learn all the ways you can protect your company’s reputation and avoid making devastating patient safety errors

Avoid Phishing Scams

Prevent Ransomware Attacks


By Samantha Willis