Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Guthrie Clinic notifies OCR of health data breach, 92,064 patients affected

The Guthrie Clinic notified, on 9 September 2020, the U.S. Department of Health & Human Services Office for Civil Rights ('OCR') of a data breach affecting around 92,064 of its patients, which the OCR is now investigating. In particular, Guthrie released a notification of a data security incident to alert that it had become aware of the same, involving protected health information of patients. Specifically, Guthrie noted that it had become aware on 16 July 2020 that Blackbaud, Inc. had been the victim of a ransomware attack. In response to the incident, Guthrie outlined that the affected data incident did not involve social security numbers, passwords, credit card or bank information, nor did it involve any access to patient diagnosis or treatment plans in any Guthrie medical systems or electronic health records.

Moreover, Guthrie highlighted that the information was limited to the following; patient name(s), contact information, age, gender, date(s) of treatment, department(s) of service, treating physician(s), and health insurance status. 

You can access details on the OCR notification here, read Guthrie's notification here and Blackbaud's notification here.