21,856 Individuals Have Data Breached After Attack on HIPAA Business Associate

by | Oct 3, 2017

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and discovered a seemingly strange account on their servers.

This case further highlights the importance of constantly reviewing system activity log.

Closer examination of that account revealed it was being used to download protected data from the server, including the protected health information of patients that had used its medical supplies.

The breach potentially affected 21,856 patients who received durable medical supplies, from the company through their Medicare coverage. The types of data stolen by the hacker included names, addresses, dates of birth, insurance details, and Social Security numbers. While personal private information was obtained, the hacker did not steal information regarding any medical conditions suffered by patients, nor details of any items purchased or financial information.

The investigation continues though it has still not been uncovered exactly how the account was created. According to CBS, the server was isolated and access to data was blocked after the attack. CBS has been carefully monitoring its systems since the breach was identified,and has found no further cases of unauthorized access or data theft.

All persons impacted by the violation been given the chance to avail of 12 months of credit monitoring and identity theft protection services without charge.  Due to the sensitive nature of data stolen by the individuals, CBS is also reviewing its security protections and will be introducing new administrative security measures, providing additional training to staff members on security, as well as improving technical safeguards to stop future incidents like this one.

The 56,000-record breach reported by Enterprise Services LLC in JuneThis remains the worst breach in 2017 but this attack is second worst data breach reported by a HIPAA business associate so far this year.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy