A network of physicians linked to more over that 50 medical practices in New Jersey, Virtua Medical Group, has been hit with a massive financial penalty by the New Jersey Attorney General’s Office for failing to safeguard the privacy of over 1,650 patients whose...

A targeted phishing attack carried out on CareFirst Blue Cross Blue Shield has lead to the exposure of 6,800 plan subscriber’ protected health data. The attack was first discovered by CareFirst on March 12, 2018, resulting in a complete review of their systems, which...

The Special Agents Mutual Benefit Association (SAMBA) health plan is warning almost 14,000 people in relation to a February 2018 protected health information breach. The data breach targeted eligible family members of clients who were covered by the Federal Employees...

The Arc of Erie County New York (The Arc), a supplierer of person-centered services to people with developmental disabilities, has found that two spreadsheets holding the protected health information of 3,751 patients were accessible on the Internet with no...

Law enforcement agencies have notified Cambridge Health Alliance (CHA) that the protected health information of some of its subscibers has been obtained by an unauthorized individual. Everett Massachusetts Police Department alerted, on January 31, 2018, CHA that data...

ATI Physical Therapy has found that protected health information of over 35,000 of its clients may have been accessed when hacker captured details within the email accounts of some of its staff members. A security breach was found on January 18, 2018 when ATI Physical...

A New York medical practice has revealed that tens of thousands of their patients have had their protected health information exposed online due to an improperly configured server. It is currently not obvious if anyone other than the security researcher who found the...

It is believed that healthcare data breach that saw the protected health information of clients of CVS Caremark impacted has lead to legal action against CVS, Caremark, and its mailing supplier, Fiserv. The legal action, which was submitted in Ohio federal court on...

Geneva, NY-based Finger Lakes Health has been hit by a ransomware attack that has impacted its computer system. Employees have been forced to work on pen and paper while the health system tries to remove the malware and restore access to electronic data. The...

A Clinical Pathology Laboratories Southeast, Inc., (CPLSE) employee's unencrypted work laptop computer has been stolen, exposing the protected health information of targeted patients and their payment guarantors. Swift action was taken by CPLSE to stop the laptop from...

RoxSan Pharmacy has made contact with 1,049 patients to advise them that some of their protected health information has been shared with to a business associate via unencrypted email. The notification letters were issued to affected people last month, although the...

Primary Health Care Inc., a non-profit network of community health oganizations based in Des Moines, Marshalltown and Ames, IA, has found that malicious actors have obtained access to the email accounts of four staff members and have possibly viewed or gained...

The Alabama Data Breach Notification Act (Senate Bill 318) has progressed to be  considered by the House of Representatives after being unanimously agreed upon by the Alabama Senate recently. Alabama is one of the final two states that still has to bring in laws which...

It has been discovered that an electronic device, used to record the signatures of clients, has been disposed of without first clearing the device of all saved protected health information at a ShopRite pharmacy in Millville, New Jersey A small amount of protected...

Wisconsin-based provider of medical, laboratory, pharmacy, fitness, and physical therapy services QuadMed has discovered that PHI 5,305 clients may have been impermissibly disclosed to certain members of staff. In November 2013, QuadMed took over management of an...

The PHI of 33,420 people of BJC Healthcare has been accessible by the public online for eight months with no requirement for authentication to see the data. BJC Healthcare is one of the biggest not-for profit healthcare systems in the USA. The St. Louis-based...

A $575,000 settlement with the New York Attorney General has been agreed by by EmblemHealth following a 2016 mailing error that saw the Health Insurance Claim Numbers of 81,122 clients printed on the outside of envelopes. New York Attorney General Eric T. Schneiderman...

St. Peter’s Surgery & Endoscopy Center in New York has been hit by a malware infection which could have allowed hackers to access medical records of up to 135,000 patients. This is the second biggest healthcare data breach of 2018, so far, and the largest to be...

The most recent release of the Protenus Healthcare Breach Barometer report has been released. Protenus reports that in total, at least 473,807 patient records were accessed or stolen in January, although the number of people affected by 11 of the 37 breaches is not...

A ransomware attack on Jemison Internal Medicine of Alabama on December 20, 2017 lead to electronic health records being encrypted, disabling access to the patient data for the healthcare provider. A ransom demand was sent for the keys to disable the encryption...

A recent report published in the Post and Courier revealed that the Medical University of South Carolina (MUSC) fired 13 employees last year for violating HIPAA Rules by prying on patient records. Overall, there were 58 privacy breaches in 2017 at MUSC, all of which...

White and Bright Family Dental has found that one of its data servers storing patients’ private data has been hacked. Access to the Fresno, CA-based server was obtained by the hackers on January 30, 2018. The Fresno Police Department was quickly made aware of the...

Around 1,900 people who were treated by the University of Virginia Health System are being contacted to be made aware that a hacker has gained access to their medical information using a malware infection. The malware in question had been loaded onto the devices in...

Sutter Health is alerting a number of clients that some of their protected health information may have been accessed in a phishing attack on one of its business associates – the Salem and Green legal firm. On approximately October 11, 2017, a phishing email was opened...

Aetna has begun a legal action to claim compensation from an administrative support firm in relation to a July 2017 data violation in which details of HIV medications visible through transparent plastic windows of envelopes in a mail shot. Letters inserted in some of...

A privacy breach has been experienced by the Puerto Rico Health Plan Triple-S Advantage. The breach, which affected 36,000 plan members, was due to a mailing mistake which saw sensitive information of plan subscribers disclosed to incorrect people. The released...