HIPAA Updates

Biomarin Pharmaceutical, based in Novato, CA-based has discovered two staff email accounts have been compromised due to a phishing attack in which a non-permanent employee’s login details were obtained by the hacker. The attack was […]

Letters have been mailed to approximately 21,000 individuals on medical assistance by the Minnesota Department of Human Services to alert them of a potential breach of their protected health information (PHI) due to two phishing […]

A data breach, that saw the highly sensitive protected health information of 93 lower-income HIV positive individuals stolen by unauthorized individuals, will go to trial after a lawsuit submitted by Lambda Legal on behalf of […]

A not-for-profit 115-bed community hospital in Ogdensburg, NY, Claxton-Hepburn Medical Center has sacked several employees for accessing patient health records without official permission.The PHI breaches were identified during an internal review. It is not yet obvious […]

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is contacting 1,567 plan subscribers that a portion of their protected health information has been impermissibly made accessible by one of its business partners. A BCBSRI vendor […]

A former staff member of the emergency department of Brooklyn’s Kings County Hospital is accused of stealing the protected health information of at least 100 patients while employed there. The same person is accused of […]

Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) was hit by a ransomware attack on June 30 this year. File-encrypting software was uploaded to an FDIP server and encrypted a wide range of file types […]

Reliable Respiratory, a Norwood, MA-based respiratory care organisation has been subjected to a phishing attack that has impacted several thousand of its clients. A cyberattack was first noticed on July 3, 2018, after the detection […]

The New Mexico Department of Health is trying to ascertain how the private medical records of some of its clients came to fall from a truck while being taken from the hospital to a secure […]

A mailing mistake that was sent to Missouri Care subscribers reminding them to reserve well-child visits has resulted in the accidental disclosure of the personal data of approximately 20,000 children to other Missouri Care subscribers. […]

Authentic Recovery Center, a West Los Angeles-based drug and alcohol treatment center, is contacting 1,790 clients to inform them that some of their personally identifiable information (PII) and protected health information (PHI) may have been […]

A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general […]

Central Colorado Dermatology (CCD) has made contact with over 4,000 clients that some of their protected health information (PHI) has possibly been obtained by cyber criminals during a ransomware attack on its IT systems. An […]

InterAct of Michigan, a provider of mental health and substance abuse treatments through health centers in Kalamazoo and Grand Rapids, has found an unauthorized person has obtained access to the email account of a staff […]

Over 258,000 people have had their personal health information, personal identification information and/or tax information accessible online due to a data security incident in Adams County, Wisconsin. A possible security breach was discovered on March […]

A group of urgent care clinics in Atlanta, Chicago, Austin, Dallas, Fort Worth, and Houston, MedSpring Urgent Care has identified a breach that occurred when an unauthorized individual has gained access to an email account […]

Jefferson City, Missouri based SSM Health St. Mary’s Hospital is contacting hundreds of thousands of patients to warn them that some of their protected health information has been left unprotected and may have have been […]

A huge UnityPoint Health phishing attack has been reported to the HHS’ Office for Civil Rights (OCR) , one in which the protected health information of up to 1.4 million patients could have been obtained by […]

A mistake has resulted in the exposure of more than 19,000 patients’ protected health information (PHI) took place during a software upgrade on a server owned by a transcription service provider. Patients impacted by the […]

A class action lawsuit submitted after a staff-member related data breach at Flowers Hospital in Dothan, Alabama in 2014 is likely to be settled. The settlement is awaiting final court approval, although approval seems imminent […]

AK-based billing company, Golden Heart Administrative Professionals, a Fairbanks is alerting 44,600 people that some of their protected health information has potentially been obtained by unauthorized people due a recent ransomware attack. The ransomware was […]

An employee’s email account, that contained the protected health information of approximately 8,400 patients of Billings Clinic in Billings, MT has been illegally accessed. The breach was discovered by the clinic’s cybersecurity systems on May 14, 2018, […]

Cass Regional Medical Center in Harrisonville, MO suffered a ransomware attack at Around 11am on Monday July 9 that impacted its communication system and stopped staff from logging onto its electronic medical record (EHR) system. […]

A former staff member of Arkansas Children’s Hospital is being investigated by law authorities in relation to the theft and misuse of patients’ protected health information. The breach notice submitted to the Department of Health […]

In 2016, Radnor, PA-based Main Line Health Inc., fired a member of staff for breaching Health Insurance Portability and Accountability Act (HIPAA) Rules by viewing the personal records of a co-worker without authorization on two […]

Manitowoc County in Wisconsin has revealed that protected health information has been illegally obtained due to a successful phishing attack. The incident happened close to January 14, 2018, although the attack and data breach was […]

Humana is contacting members across the US to notify them that their PHI may have been been accessed during a ‘sophisticated’ spoofing campaign. A spoofing attack refers to a concerted effort by a threat actor […]

In the past few days, Associated Dermatology & Skin Cancer Clinic of Helena, MT, has reported a breach of physical protected health information (PHI) that may have impacted up to 1,254 patients. A journal managed […]

Med Associates the health billing company, located in Latham, NY-based, which provides claims services to over 70 healthcare providers, has found that an employee’s computer has been logged onto by an unauthorized individual. It is possible […]

After what is believed to have been inappropriate accessing of patient health records by staff members, Washington Health System has decided to suspend several staff members while the privacy breach is reviewed. While it has […]

New guidance for HIPAA-covered bodies to streamline HIPAA authorizations for uses of protected health information for research purposes has been released by the Department of Health and Human Services’ Office for Civil Rights , as […]

A phishing attack has been experienced by the Florida Agency for Persons with Disabilities (FAPD), which provides support services for people with disabilities such as autism, cerebral palsy, spina bifida, and Downs syndrome. The phishing […]

A former member of staff at the Veteran Affairs Medical Center located in Long Beach, CA who illegally stole the protected health information (PHI) of over 1,000 patients has been given a three-year jail sentence. […]

Two HIPAA-covered organizations are making their patients aware that some of their protected health information (PHI) has been stolen by unauthorized individuals in recent times. PHI Stolen from Staff Member of Christus Spohn Hospitals The […]

HealthEquity Inc. has been hit by a phishing attack leading to the exposure of members’ protected health information. The data breach was restricted to one email account, although a review of the messages in the […]

A staff member at Phoenix-based Terros Health was tricked by a phishing scam and mistakenly handed over login credentials to the hacker. That person accessed the employee’s email account and may have viewed or obtained […]

The results of a recent survey conducted by Black Book Research show that  90% of hospitals and 94% of physicians have implemented mobile technology and believe that it is helping to enhance patient safety and […]

3,700 plan members of Rise Wisconsin are being warned that some of their protected health information may have been obtained by unauthorized people during a recent ransomware attack. It is estimated that the ransomware was […]

A nurse practitioner who breached the privacy of patients by sharing their contact information with her new employer has been suspended for 12 months by the New York State Education Department. In April 2015, Martha […]

Aetna have launched fresh attempts to recover some of the expenses they incurred in the ongoing legal battles in relation to a 2017 privacy breach involving the exposure of patients’ sensitive health information. A new […]

A new application programming interface (API) for developers that will allow them to develop health apps that include patients’ EHR data has been launched by Apple. Users who share their EHR data into the Apple […]

A former member of staff from Mosaic Life Care Medical Center in St. Joseph, MO has filed legal action over wrongful dismissal and retaliation for her taking measures to avoid a breach of the False […]

In Colorado bill HB 1128 has been signed into law by Governor John Hickenlooper. This bill enhances security for consumer data in the state of Colorado. The bipartisan bill, sponsored by Reps. Cole Wist (R) […]

A number of different data breaches and violations of HIPAA Rules have been discovered by Dignity Health in the past few weeks. One incident involved a staff member accessing the PHI of patients without official […]

Purdue University have been discovered two security breaches that may have lead to unauthorized people obtaining access to the protected health information of patients. During April Purdue University’s security team identified a file on computers […]

Boston-based Steward Healthcare System fired a psychiatrist for breaching HIPAA Rules but must now show evidence to jury that he did so. The psychiatrist, Dr. Alexander Lipin, argues he was relieved of his position due to […]

There was a provision included in the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009, for the Department of Health and Human Services to share a portion of HIPAA settlements with […]

Aultman Health Foundation, which operates Aultman Hospital in Canton, OH, is alerting around 42,600 patients that some of their protected health information may have been accessed due to a phishing attack. Unauthorized and unknown people […]

A completed and signed HIPAA release form must be obtained from an individual before their protected health information can be distributed to other people or groups, except in the case of routine disclosures for treatment, […]

Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-based health organization has suffered a ransomware attack that targeted several computers that stored patients’ protected health data. The ransomware attack was identified on March 31, 2018. […]

Baltimore-based healthcare provider LifeBridge Health has revealed, in a press release issued on May 16, that it had encountered a data breach. While the release made no reference to number of patients impacted at the time […]

A May 17, 2018 ransomware attack that took part of the network belonging to Allied Physicians Group of Michiana out of action following the encryption of several files on its network. At present it remains unclear […]

The protected health information of 2,553 patients of Eye Care Surgery Center, Inc., of Baton Rouge, LA has been stolen following the theft of a A laptop computer containing. The theft in question was noticed by […]

An error has caused a database utilized by Cerebral Palsy Research Foundation of Kansas (CPRF) to have its safeguard switched off for 10 months, making the protected health information (PHI) of 8,300 patients accessible. The […]

Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that did not have proper security controls, exposing the protected health […]

Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that dd not have  appropriate security controls, exposing the protected health […]

Healthcare groups are, more and more, using the cloud to meet their IT requirements, but while there are many benefits to be had from moving applications, infrastructure and data center operations to the cloud, managing […]

Over a period of three and a half years, 1,071 patients of Des Moines Crisis Observation Center, who received medical services at the  operated by Polk County Health Services Inc., have been contacted to advise […]

582,174 patients of the California Department of Developmental Services (DDS) is contacting customers to inform them that their protected health information has possibly been compromised. Last February 11, 2018, some people broke into the DDS […]

It has been discovered that UnityPoint Health employee accounts have been compromised and accessed by unauthorized persons. The employee email accounts were initially accessed on November 1, 2017 and went on for a period of […]

It has been discovered that a former employee of Baptist Health’s West Kendall Baptist Hospital in Miami, FL obtained the credit card details of patients and used the data to make fraudulent purchases. The improper use […]

Physiatry Group Integrated Rehab Consultants based in Chicago, IL-based is issuing notification letters to impacted patients alerting them of the exposure of some of their protected health information in line with HIPAA requirements. However, the […]

A improperly configured security setting on a radiology interface has lead to the exposure of tens of thousands of patients’ protected health data. A multi-specialty physicians’ organization based in Middleton, NY, Middletown Medical, first noticed […]

Texas Health Resources, a group providing services to over 1.7 million patients in North Texas, is alerting ‘fewer than 4,000 patients’ that a portion of of their sensitive information may have been obtained by an […]

Chesapeake Regional Healthcare has found that two hard drives storing the protected health information (PHI) of around 2,100 patients ave gone missing from the Chesapeake Regional Medical Center campus located in Chesapeake, Virginia. The data saved […]

Oregon has reviewed its data breach notification law to enhance protections for state citizens whose personal information is exposed in a data violation. State governor Kate Brown put her signature to Senate Bill (SB 1551) […]

A network of physicians linked to more over that 50 medical practices in New Jersey, Virtua Medical Group, has been hit with a massive financial penalty by the New Jersey Attorney General’s Office for failing to […]

A targeted phishing attack carried out on CareFirst Blue Cross Blue Shield has lead to the exposure of 6,800 plan subscriber’ protected health data. The attack was first discovered by CareFirst on March 12, 2018, […]

The Special Agents Mutual Benefit Association (SAMBA) health plan is warning almost 14,000 people in relation to a February 2018 protected health information breach. The data breach targeted eligible family members of clients who were covered […]

The Arc of Erie County New York (The Arc), a supplierer of person-centered services to people with developmental disabilities, has found that two spreadsheets holding the protected health information of 3,751 patients were accessible on […]

Law enforcement agencies have notified Cambridge Health Alliance (CHA) that the protected health information of some of its subscibers has been obtained by an unauthorized individual. Everett Massachusetts Police Department alerted, on January 31, 2018, […]

ATI Physical Therapy has found that protected health information of over 35,000 of its clients may have been accessed when hacker captured details within the email accounts of some of its staff members. A security […]

A New York medical practice has revealed that tens of thousands of their patients have had their protected health information exposed online due to an improperly configured server. It is currently not obvious if anyone […]

It is believed that healthcare data breach that saw the protected health information of clients of CVS Caremark impacted has lead to legal action against CVS, Caremark, and its mailing supplier, Fiserv. The legal action, […]

Geneva, NY-based Finger Lakes Health has been hit by a ransomware attack that has impacted its computer system. Employees have been forced to work on pen and paper while the health system tries to remove […]

A Clinical Pathology Laboratories Southeast, Inc., (CPLSE) employee’s unencrypted work laptop computer has been stolen, exposing the protected health information of targeted patients and their payment guarantors. Swift action was taken by CPLSE to stop […]

Anomali has teamed up with the National Health Information Sharing and Analysis Center (NH-ISAC) and will be supplying threat intelligence to healthcare groups through NH-ISAC. Anomali will be supplying NH-ISAC with the necessary tools and […]

RoxSan Pharmacy has made contact with 1,049 patients to advise them that some of their protected health information has been shared with to a business associate via unencrypted email. The notification letters were issued to […]

Primary Health Care Inc., a non-profit network of community health oganizations based in Des Moines, Marshalltown and Ames, IA, has found that malicious actors have obtained access to the email accounts of four staff members […]

The Alabama Data Breach Notification Act (Senate Bill 318) has progressed to be  considered by the House of Representatives after being unanimously agreed upon by the Alabama Senate recently. Alabama is one of the final two […]

It has been discovered that an electronic device, used to record the signatures of clients, has been disposed of without first clearing the device of all saved protected health information at a ShopRite pharmacy in Millville, […]

Wisconsin-based provider of medical, laboratory, pharmacy, fitness, and physical therapy services QuadMed has discovered that PHI 5,305 clients may have been impermissibly disclosed to certain members of staff. In November 2013, QuadMed took over management of […]

Many business are seeking HIPAA certification to confirm they are fully compliant with HIPAA Rules and understand all parts of the Health Insurance Portability and Accountability Act (HIPAA). Due to this many are asking is […]

The PHI of 33,420 people of BJC Healthcare has been accessible by the public online for eight months with no requirement for authentication to see the data. BJC Healthcare is one of the biggest not-for […]

A $575,000 settlement with the New York Attorney General has been agreed by by EmblemHealth following a 2016 mailing error that saw the Health Insurance Claim Numbers of 81,122 clients printed on the outside of envelopes. New […]

St. Peter’s Surgery & Endoscopy Center in New York has been hit by a malware infection which could have allowed hackers to access medical records of up to 135,000 patients. This is the second biggest healthcare […]

The most recent release of the Protenus Healthcare Breach Barometer report has been released. Protenus reports that in total, at least 473,807 patient records were accessed or stolen in January, although the number of people […]