HIPAA Updates

A targeted phishing attack carried out on CareFirst Blue Cross Blue Shield has lead to the exposure of 6,800 plan subscriber’ protected health data. The attack was first discovered by CareFirst on March 12, 2018, […]

The Special Agents Mutual Benefit Association (SAMBA) health plan is warning almost 14,000 people in relation to a February 2018 protected health information breach. The data breach targeted eligible family members of clients who were covered […]

The Arc of Erie County New York (The Arc), a supplierer of person-centered services to people with developmental disabilities, has found that two spreadsheets holding the protected health information of 3,751 patients were accessible on […]

Law enforcement agencies have notified Cambridge Health Alliance (CHA) that the protected health information of some of its subscibers has been obtained by an unauthorized individual. Everett Massachusetts Police Department alerted, on January 31, 2018, […]

ATI Physical Therapy has found that protected health information of over 35,000 of its clients may have been accessed when hacker captured details within the email accounts of some of its staff members. A security […]

A New York medical practice has revealed that tens of thousands of their patients have had their protected health information exposed online due to an improperly configured server. It is currently not obvious if anyone […]

It is believed that healthcare data breach that saw the protected health information of clients of CVS Caremark impacted has lead to legal action against CVS, Caremark, and its mailing supplier, Fiserv. The legal action, […]

Geneva, NY-based Finger Lakes Health has been hit by a ransomware attack that has impacted its computer system. Employees have been forced to work on pen and paper while the health system tries to remove […]

A Clinical Pathology Laboratories Southeast, Inc., (CPLSE) employee’s unencrypted work laptop computer has been stolen, exposing the protected health information of targeted patients and their payment guarantors. Swift action was taken by CPLSE to stop […]

Anomali has teamed up with the National Health Information Sharing and Analysis Center (NH-ISAC) and will be supplying threat intelligence to healthcare groups through NH-ISAC. Anomali will be supplying NH-ISAC with the necessary tools and […]

RoxSan Pharmacy has made contact with 1,049 patients to advise them that some of their protected health information has been shared with to a business associate via unencrypted email. The notification letters were issued to […]

Primary Health Care Inc., a non-profit network of community health oganizations based in Des Moines, Marshalltown and Ames, IA, has found that malicious actors have obtained access to the email accounts of four staff members […]

The Alabama Data Breach Notification Act (Senate Bill 318) has progressed to be  considered by the House of Representatives after being unanimously agreed upon by the Alabama Senate recently. Alabama is one of the final two […]

It has been discovered that an electronic device, used to record the signatures of clients, has been disposed of without first clearing the device of all saved protected health information at a ShopRite pharmacy in Millville, […]

Wisconsin-based provider of medical, laboratory, pharmacy, fitness, and physical therapy services QuadMed has discovered that PHI 5,305 clients may have been impermissibly disclosed to certain members of staff. In November 2013, QuadMed took over management of […]

Many business are seeking HIPAA certification to confirm they are fully compliant with HIPAA Rules and understand all parts of the Health Insurance Portability and Accountability Act (HIPAA). Due to this many are asking is […]

The PHI of 33,420 people of BJC Healthcare has been accessible by the public online for eight months with no requirement for authentication to see the data. BJC Healthcare is one of the biggest not-for […]

A $575,000 settlement with the New York Attorney General has been agreed by by EmblemHealth following a 2016 mailing error that saw the Health Insurance Claim Numbers of 81,122 clients printed on the outside of envelopes. New […]

St. Peter’s Surgery & Endoscopy Center in New York has been hit by a malware infection which could have allowed hackers to access medical records of up to 135,000 patients. This is the second biggest healthcare […]

The most recent release of the Protenus Healthcare Breach Barometer report has been released. Protenus reports that in total, at least 473,807 patient records were accessed or stolen in January, although the number of people […]

A ransomware attack on Jemison Internal Medicine of Alabama on December 20, 2017 lead to electronic health records being encrypted, disabling access to the patient data for the healthcare provider. A ransom demand was sent […]

A recent report published in the Post and Courier revealed that the Medical University of South Carolina (MUSC) fired 13 employees last year for violating HIPAA Rules by prying on patient records. Overall, there were […]

White and Bright Family Dental has found that one of its data servers storing patients’ private data has been hacked. Access to the Fresno, CA-based server was obtained by the hackers on January 30, 2018. […]

Around 1,900 people who were treated by the University of Virginia Health System are being contacted to be made aware that a hacker has gained access to their medical information using a malware infection. The […]

Sutter Health is alerting a number of clients that some of their protected health information may have been accessed in a phishing attack on one of its business associates – the Salem and Green legal […]

Aetna has begun a legal action to claim compensation from an administrative support firm in relation to a July 2017 data violation in which details of HIV medications visible through transparent plastic windows of envelopes […]

A privacy breach has been experienced by the Puerto Rico Health Plan Triple-S Advantage. The breach, which affected 36,000 plan members, was due to a mailing mistake which saw sensitive information of plan subscribers disclosed to […]

The protected health information (PHI) of 925 patients of Coastal Cape Fear Eye Associates has been compromised in a ransomware attack. North Carolina’s Coastal Cape Fear Eye Associates, P.A., found that its systems had been […]

Even when HIPAA-compliant businesses close down the obligation to abide by HIPAA Rules does not cease to exist. This was highlighted recently when FileFax, a Northbrook, IL-based firm that offers medical record storage, maintenance, and […]

Ron’s Pharmacy Services , based in San Diego, has reported that an email account that held limited protected health information has been accessed by an unknown person. Suspicious activity was noticed on a staff member’s […]

The protected health information of approximately 2,600 patients of Partners HealthCare System has been sent notifications that their PHI may have been compromised is a HIPAA breach. Even though health care organizations covered by HIPAA are given […]

Partners HealthCare System is making contact with around 2,600 patients to advise them that, potentially, some of their protected health information (PHI) may have been accessed. Even though HIPAA covered bodies have up to 60 […]

Florida-based CarePlus Health Plans has experienced a PHI breach incident which has seen certain plan members’ protected health information disclosed, in error, to other plan subscribers. A mailing including ‘Explanation of benefits statements (EOB)’ was sent […]

Pharmacy benefit manager CVS Pharmacy is suing mail service provider Press America, Inc in relation to over an accidental disclosure of 41 peoples’ protected health information. CVS Pharmacy is under contract to provide a mail-order […]

Massachusetts Attorney General Maura Healey has revealed the introduction launch of a new Internet-based data breach reporting application. The focus is to allow  for breached organizations to file breach notifications to the Attorney General’s office […]

A business associate of Forrest Health’s Forrest General Hospital, HORNE LLP is alerting a number of hospital patients that some of their PHI (PHI) has potentially been stolen by a third party after they accessed […]

660 patients of Eastern Maine Medical Center are being notified that some of their protected health information may have been been exposed after a ortable hard drive, that stored sensitive information, has gone missing from […]

A reminder was recently issued by the Centers for Medicare & Medicaid Services (CMS) that eligible hospitals and Critical Access Hospitals (CAHs) using the Electronic Health Record Incentive Schemes must employ the QualityNet Secure Portal […]

A ransomware attack, discovered last week, against the EHR vendor Allscripts lead to thousands of healthcare suppliers being prevented from accessing patient data or using the e-prescription service. Florida-based Surfside Non-Surgical Orthopedics have moved quickly […]

Westminster Ingleside King Farm Presbyterian Retirement Communities has experienced a malware infection that may have resulted in the attackers obtainingt he protected health information of may of it patients. The assisted living facility, based in […]

The South Dakota Senate Attorney Judiciary Committee has passed a bill to introduce data breach notification legislation after a 7-0 vote. The bill was proposed by the Committee on Judiciary following a request issued by […]

The protected health information of 53,173 patients who received services from Onco360 and CareMed Specialty Pharmacy has been compromised in an email hacking attack. The patients were notified after a security breach when suspicious activity […]

Over 1,300 clients  of Palomar Medical Center Escondido have been wanred that a nurse, previously employed by the group, accessed their medical records without permission while they were being treated at the health center. The […]

Health insurer Aetna has agreed to a settlement in a class action lawsuit taken by victims of a mailing mistaken that lead to the details of HIV medications prescribed to individuals being seen through the clear plastic […]

A recent University of Phoenix College of Health Professions survey shows that indicates registered nurses (RNs) are satisfied withtheir organization’s measures in place to stop data breaches occurring. The survey was conducted on 504 full […]

Charles River Medical Associates, based in Framingham, MA-based, has discovered that one of its portable hard drives was missing, possibly affecting the PHI of almost 9,400 people Last November, the practice discovered that the device  which […]

Tt has been discovered that an unauthorized person has gained access to parts of its Oklahoma State University Center for Health Sciences (OSUCHS) computer network and potentially downloaded files holding billing information of Medicaid subscribers. […]

The Agency for Health Care Administration in Florida has found that an unauthorized individual obtained access to a single email account due to a member of staff beign tricked by phishing scam. The member of […]

1,128 patients’ protected health information has potentially been viewed after an unauthorized individual gained access to the Compassionate Care Hospice Las Vegas (CCHLV) network and server. The breach occurred on October 28, 2017, CCHLV was alerted that […]

Kaiser Permanente has suffered a couple of security incidents which filed with the Department of Health and Human Services’ Office for Civil Rights (OCR). Overall,  in excess of 5,000 people have been affected by the […]

It has been discovered that a former member of staff at SSM Health has been accessing the health records of patients without any valid work reason for doing so for roughly eight months. The former health […]

A former employee of Emory Healthcare (EHC) has been found to have obtained the protected health information of 24,000 EHC patients and shared the data to a Microsoft Office 365 OneDrive account, from where it […]

Longs Peak Family Practice (LPFP) in Colorado has found that an individual gained access to its systems and encrypted files using ransomware last November. The family and sports medicine practice based in Longmont CO, found […]

A cyberattack, causing unexpected downtime, has been discovered at The University of Rochester Medicine’s Jones Memorial Hospital in Wellsville, NY. The attack is thought to have started on Wednesday December 27 and has lead to […]

The Colorado Mental Health Institute at Pueblo has found that one of its staff members has been tricked by a phishing scam that possibly allowed the attacker to gain access to the protected health information […]

A Reno-based dental practice in has been hit by a ransomware attack that denied access to dental records and images for five days. The malicious software was installed, during a ransomware attack on October 30, […]

The protected health information of 1,750 patients of Austin Manual Therapy (AMT) may have been accessed and stolen by a criminal who gained access to the group’s system. A forensic review by a leading national […]

Patients of MidMichigan Medical Center (MMC) in Alpena have been warned of a potential breach of their health data. On November 18, a MMC cardiologist took patient files from the Alpena cardiology office without permission. […]

NYU Langone Health System has found that files that included a log of presurgical insurance authorizations, relating to around 2,000 patients, was mistakenly recycled by a cleaning company in October 2017. Data in the binder included […]

Two serious breaches of patients’ protected health information have been discoveredd in Texas and Pennsylvania. Email Account Compromised at Midland Memorial Hospital Midland Memorial Hospital has suffered a breach of a a number of patients’ protected […]

Many data breaches have been reported by HIPAA-covered entities, involving the loss or theft of physical records, in the past two months. In November, seven violations  involving paper records were made known to the HHS’ Office […]

The Oklahoma Department of Human Services experienced, in April 2016,  a data breach, and while alerts were sent to affected people and the DHS’ Office of Inspector General shortly after the breach was found, a breach […]

UNC Dermatology & Skin Cancer Center has discovered that one of its laptop computers has been stolen, exposing the protected health information of around 24,000 patients. The computer was obtained by unauthorized individuals in a […]

Two employees at Chicago’s Sinai Health System have had their email accounts compromised in a recent cyberattack. Sinai Health System reports that the phishing attack happened on October 2, and that it was quickly discovered […]

The New Jersey-based Hackensack Sleep and Pulmonary Center, experts in sleep disorders and pulmonary conditions and diseases, has suffered a ransomware attack that in the protected health information of certain clients being encrypted. The ransomware […]

Louisville, KY based Baptist Health has contacted 880 patients that some of their protected health information may have been obtained by by hackers. The PHI violation was found on October 3, 2017, when irregular activity […]

The  Henry Ford Health System has started alerting almost 18,500 patients that some of their protected health information may have been been accessed by an unauthorized person. The breach was found on October 3, 2017 […]

The discovery has been made that the medical records of 769 patients of Lowell General Hospital in Massachusetts have been accessed by an employee without any valid work reason. In accessing the medical details, the […]

A provider of mental health treatment and support services for individuals with intellectual and developmental disabilities, Center for Health Care Services (CHCS),  has foudn that documents containing the protected health information of patients have been […]

Paper files with information including names, Social Security details, and medical records, along with details of cancer diagnoses and sexually transmitted diseases (STDs), have been found at a recycling center in Allentown, Pennsylvania. The files […]

A breach of patients’ protected health information (PHI) at the UAB Medicine Viral Hepatitis Clinic in Birmingham, AL has been discovered. UAB Medicine uses flash drives to send data from its Fibroscan machine to another computer. […]

ShopRite Supermarkets, Inc., has revealed that some of its clients have been impacted by a security breach following the improper disposal of a device used to record customers’ signatures. The device was stolen from the […]

Sports Medicine & Rehabilitation Therapy (SMART) has made contact with 7,000 patients to advise them of a violation of their protected health information. The breach has have affected all patients whose information was captured while […]

Recently published, the second draft of the revised NIST Cybersecurity, Version 1.1 of the Framework, incorporates major changes to some of the current guidelines and many new additions. Version 1.0 of the NIST Cybersecurity Framework […]

A HIPAA Administrative Simplification Optimization Project Pilot is being operated by The Department of Health and Human Services is currently inviting volunteers to have compliance audits. The focus of the project is to streamline HIPAA […]

Cottage Health will pay $2 million to settle a number of HIPAA violations in relation to state and federal laws. The group, located in Santa Barbara, was reviewed by the California attorney general’s office due […]

A recent report carried out by the Ponemon Institute has emphasized current endpoint security trends, details the ever-present threat from ransomware, and shows that fileless malware cyberattacks are increasing. Annually, endpoint attacks cost the healthcare […]

It has been discovered that an unencrypted laptop has been stolen from one of the employees of Rocky Mountain Health Care Services of Colorado Springs . This is the second such theft incident to be […]

The House Committee on Energy and Commerce has pleaded with the HHS to move forward on all recommendations for medical device security proposed by the Healthcare Cybersecurity Task Force, seeking quick action to be taken […]

An unencrypted laptop has been stolen from one of its employees in a theft, the second such incident to be discovered in the space of three months, at Rocky Mountain Health Care Services of Colorado […]

A phishing attack at the Medical College of Wisconsin has lead to the exposure of approximately 9,500 patients’ protected health information. The hackers gained access to the email accounts of staff member, which included a […]

After a burglary at an off-site storage center in East Brunswick, NJ, Otolaryngology Associates of Central Jersey is making patients aware a breach of their protected health information. The thieves removed 13 boxes of paper […]

Amazon has revealed that new security measures have been added to its cloud server that will make it much more difficult for users to misconfigure their S3 buckets and mistakenly leave their data accessible. While […]

Patients of Cook County Health and Hospitals System, a health system comprising two hospitals and more than a dozen community health centers in Cook County Illinois, have been made aware of a breach of their […]

In August 2017 malware was discovered to have been installed on one of the computer servers used by Catholic Charities of the Diocese of Albany (CCDA) in its Glens Falls office, which served patients in Saratoga, Warren […]

It has recently been discovered that a former employee of the Texas Children’s Health Plan has recieved the protected health information (PHI) of 932 members in a private email. The last known incident where the […]