6. Indiana Internal Medicine Consultants. In early February, a stolen laptop resulted in a breach of 20,000 patient records at the Indiana Internal Medicine Consultants. The organization reported the incident about a month later, and the records were recovered. Although little information about the case exists, a lawsuit was filed as a result and an arrest was made. 

7. Our Lady of the Lake Regional Medical Center. Between March 16 and March 20, a laptop was stolen from a local physician office at the Our Lady of the Lake Regional Medical Center in Baton Rouge, La. The laptop contained limited health information for more than 17,000 former ICU patients, including patient names, ages, races, and dates of admission and discharge from the ICU. The organization said there is no evidence the information had been misused, or that there was any malicious intent. As of May, the investigation was still underway. 

[See also: Tennessee Blues to pay $1.5M as result of data breach.]

8. Memorial Healthcare System. On January 27, Memorial Healthcare System in South Florida learned of an employee who accessed patient information, as well as a second employee who accessed patient information with the intent to process fraudulent tax returns. The organization notified 9,497 patients that information including names, dates of birth, and Social Security numbers were accessed, yet, according to their statement, no medical records were taken. Letters weren't sent out to those affected until April 12^th, in an effort to not impede on investigations conducted by law enforcement. The two employees have since been fired. 

9. The Kansas Department of Aging. In January, a laptop computer, flash drive, and paper files were stolen out of a car belonging to an employee of the Kansas Department of Aging. The Social Security numbers of approximately 100 patients were stolen, while 7,000 other seniors, and their information, were put at risk. The stolen data included names, addresses, dates of birth, gender, in-home services program participation information, Medicaid identification numbers, and more. The Social Security numbers stolen were of those patients participating in the Senior Care Act program. The organization contacted those patients via phone and sent mail notifications to all others affected.  

10. The University of Arkansas for Medical Sciences. In April, the University of Arkansas for Medical Sciences investigated a breach after a document wasn't properly redacted. Approximately 7,000 patients were affected after an unidentified physician sent financial information on a patient to someone outside of the UAMS offices in mid-February. The physician didn't remove all identifiers of the patients, such as names, account numbers and dates of services. Of those affected, most were in the interventional radiology program at UAMS between 2009 and 2011. The man who received the information via email claimed he hadn't released it to anyone. 

Has your organization experienced a data breach? Let us know in the comments.