8 ASC data breaches reported to HHS in 2021

Marcus Robertson -

In the past year, at least 279,557 ASC patients were affected by data breaches. Any breach of protected health information involving more than 500 people is required to be listed on HHS' breach portal.

Here are eight ASCs and ASC groups that reported data breaches in 2021.

Note: This is not an exhaustive list. To provide Becker's ASC Review with a tip on an ASC data breach, email info to mrobertson@beckershealthcare.com.

Specialty Surgery Center of Central New York (Syracuse)

  • The ASC discovered unauthorized access to its network on March 31. The breach reportedly affected 24,891 patients, though the ASC said it had no reason to believe the compromised information had been misused.

McAllen (Texas) Surgical Specialty Center

  • The center experienced unauthorized access to its computers and servers in May, the ASC said Oct. 22. Patient information that may have been accessed included names, addresses, Social Security numbers, health insurance information, dates of service, provider names, medical record numbers and patient numbers, although the ASC said there is no evidence the information was viewed or taken. HHS reports that 29,227 people were affected.

Oregon Eye Specialists (Portland)

  • The six-location practice reported an email data breach involving customer information took place from June 29 until Aug. 31. Information accessed during the breach includes customers' names, dates of birth, dates of service, medical record numbers, financial account information and health insurance provider names and policy numbers.

Gastroenterology Consultants (Houston)

  • The GI practice suffered a Jan. 10 ransomware attack that potentially exposed 162,163 patients and employees. The provider allegedly waited months before informing patients and the Texas attorney general.

Eye Consultants of Atlanta/Piedmont System Ambulatory Surgery Center

  • The ASC suffered a data breach after patient files that were marked to be shredded were disposed of and removed with regular trash. The incident, which affected 2,662 people, was filed June 16 with HHS.

Mendelson Kornblum Orthopedic, Spine & Pain Specialists (Livonia, Mich.)

  • The two-ASC, 21-physician practice discovered that one of its computer's servers "had been for an unknown period of time vulnerable to viewing by unauthorized third parties," according to a statement on its website. Mendelson Kornblum reported the incident affecting 28,658 patients to HHS on March 5.
  • The exposed information included patient names, medical record numbers, birth dates, sex and certain data related to medical images. Exposed data did not include medical images, Social Security numbers or financial data.

Harvard Eye Associates and Alicia Surgery Center (Laguna Hills, Calif.)

  • The two organizations suffered data breaches that affected 29,982 people in total. Harvard Eye Associates learned about the breach Jan. 15 from an online data storage vendor it contracts with, according to a notice on its website. Alicia Surgery Center, which contracts with Harvard Eye Associates for billing and administrative services, was also affected, according to a statement.
  • Hackers demanded money from the vendor in exchange for the data, which included patients' names and health insurance information. The vendor made the payment after consulting with investigators and the FBI. 

Gastroenterology Consultants (Reno, Nev.)

The center, not to be confused with the Houston group mentioned in this article, notified HHS of an internal network data breach on Jan. 6. Personally identifiable information of 1,974 patients, including names, mailing addresses and phone numbers were believed to have been stolen.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.