Inova Health System Leads to Billing Records of 12,331 Patients Being Compromised

by | Nov 15, 2018

Virginia based Inova Health System has started to contact 12,331 patients to advise them that some of their protected health information has been obtained by an unauthorized person.

Law enforcement contacted Inova Health System on September 5, 2018 in relation to a suspected breach of patients’ billing information. A leading computer forensics agency was hired to carry out an investigation into the breach to determine the extent of the attack and the range of the breach.

The investigation showed that its billing system was first accessed by an unauthorized person in January 2017, and again between July and October 2017. Access was obtained using the login details of an Inova staff member.

Oddly, Inova also reported that the same person also obtained access to paper billing records of a small number of patients in December 2016, which suggests that this may have been an insider breach involving a former staff member, business associate or another individual with permission to access to Inova facilities. However, no information about the person responsible for the breach has been released by Inova.

The range of information that were logged onto included patient names, addresses, birth dates, medical record details and Social Security numbers. Treatment information of a restricted number of patients was also possibly accessed.

The data breach has lead to Inova strengthening its security processes. Extra monitoring tools have been put in place to identify unauthorized access, password policies have been refreshed in relation to password complexity and new restrictions on the broadcast of information have been deployed. Staff members have been retrained on securing sensitive data before leaving their workstations unattended and on password security. An audit of security policies and procedures has also been carried out.

Inova started sending breach notification letters to impacted patients on November 2 and is helping law enforcement with its investigation.

All patients impacted by the breach have been offered one free year of credit monitoring and identity theft protection services bu Inova.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy