HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The accounts were compromised on October 19, 2021, as a result of employees responding to phishing emails.

HIPAA 112

HIPAA Health Insurance Licensing Hospitals 112

HIPAA Journal

NOVEMBER 16, 2022

Suspicious activity was detected within its email environment on December 16, 2021, passwords were changed to prevent further unauthorized access, and third-party cybersecurity experts were engaged to investigate the unauthorized activity. It is unclear why it took so long for the breach to be confirmed.

HIPAA 111

HIPAA Licensing Health Insurance Fraud 111

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 million patients and health plan members.

HIPAA 105

HIPAA Ransomware Health Insurance Compliance 105

HIPAA Journal

JULY 22, 2022

Benson Health in North Carolina has recently started notifying 28,913 patients that some of their protected health information was potentially accessed or acquired in a cyberattack that was detected on May 5, 2021. The post Benson Health Notifies 28,913 Patients About May 2021 Data Breach appeared first on HIPAA Journal.

HIPAA 92

HIPAA Licensing 92

HIPAA Journal

MARCH 10, 2022

Bako Diagnostics (BakoDx), a Georgia-based provider of laboratory services to healthcare providers, has announced it was the victim of a cyberattack that was discovered on December 28, 2021. The Austin, TX-based cloud hosting and data storage company DataHEALTH has announced it was the victim of a ransomware attack on November 3, 2021.

Ransomware 140

Ransomware Licensing Health Insurance HIPAA 140

HIPAA Journal

FEBRUARY 23, 2022

A security breach of its information technology systems was detected on November 22, 2021, with the initial investigation confirming a hacker had breached its security defenses. NHS Management Alerts Patients About May 2021 Cyberattack. The files accessed included the following types of information.

Electronic Medical Records 142

Electronic Medical Records HIPAA Health Insurance Medical Billing 142

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA 107

HIPAA Compliance Hospitals Medicare 107

HIPAA Journal

FEBRUARY 16, 2022

Family Christian Health Center (FCHC) in Illinois has announced it was the victim of a ransomware attack in November 2021 that compromised the protected health information of 31,000 patients. The attackers compromised FCHC’s old dental system which contained the PHI of patients who had received dental services prior to August 31, 2020.

Ransomware 132

Ransomware Hospitals Licensing HIPAA 132

HIPAA Journal

APRIL 7, 2022

SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.

Licensing 137

Licensing HIPAA Health Insurance Hospitals 137

HIPAA Journal

MARCH 14, 2022

Capital Region Medical Center (CRMC) in Jefferson City, MO has recently confirmed patient information was accessed by unauthorized individuals in a December 2021 cyberattack that took its network and phone systems offline for several days. The attack was detected on December 17, 2021, when network systems were disrupted.

Electronic Medical Records 142

Electronic Medical Records Health Insurance HIPAA Licensing 142

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. An employee was discovered to have accessed the medical records of several patients without authorization between October 2021 and May 2022, when there was no legitimate work reason for viewing those records. Family Practice Center Reports October 2021 Hacking Incident.

Hospitals 123

Hospitals HIPAA Health Insurance Licensing 123

HIPAA Journal

MARCH 23, 2022

New Jersey Brain and Spine (NJBS) has recently announced it was the victim of a cyberattack on or around November 16, 2021, that encrypted data on its network. and Dialyze Direct appeared first on HIPAA Journal. Notification letters were sent to affected individuals on March 10, 2022. Highmark Inc.,

HIPAA 136

HIPAA Licensing Health Insurance Governance 136

HIPAA Journal

FEBRUARY 16, 2022

Philadelphia FIGHT Community Health Centers has recently announced it was the victim of a cyberattack on November 30, 2021. The post 15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack appeared first on HIPAA Journal. They started to be notified on January 6, 2022.

Electronic Medical Records 124

Electronic Medical Records Health Insurance Licensing HIPAA 124

HIPAA Journal

MARCH 25, 2022

The forensic investigation revealed the email accounts were accessed by unauthorized individuals between April 7, 2021, and June 2, 2021. AHA provided notice about the attack on January 6, 2021. UMC was a victim of a REvil ransomware attack in June 2021 that resulted in the theft of the protected health information of 1.3

Health Insurance 120

Health Insurance Licensing Ransomware Fraud 120

HIPAA Journal

APRIL 18, 2022

NRH explained on its website that a limited number of employee email accounts were accessed by unauthorized individuals over a period of 10 months in 2021 between January 26, 2021, and November 23, 2021. The types of information exposed included names, Social Security numbers, driver’s license numbers, state-issued I.D.

Licensing 129

Licensing HIPAA Health Insurance Hospitals 129

Bill of Health

JUNE 5, 2023

medical licensing exam , diagnose illnesses , and even outshine human doctors on measures of perceived empathy , raising many questions about how AI will reshape health care as we know it. In the field of medicine, ChatGPT already has been reported to ace the U.S. But what happens when AI gets things wrong?

Malpractice 213

Malpractice FDA HIPAA Doctors 213

HIPAA Journal

NOVEMBER 8, 2022

Suspicious activity was detected within its network on May 12, 2021, with the forensic investigation confirming unauthorized individuals had access to its network for a month between April 20, 2021, and May 17, 2021. During that time, the attackers may have viewed or acquired sensitive patient data. The post U.S.

Licensing 67

Licensing Health Insurance HIPAA 67

HIPAA Journal

JULY 14, 2022

The incident was detected on December 22, 2021, when suspicious activity was identified within its email environment. The forensic investigation confirmed that several employee email accounts had been accessed by unauthorized individuals at various points between February 9, 2021, and December 22, 2021.

Licensing 117

Licensing Health Insurance Ransomware HIPAA 117

HIPAA Journal

MARCH 4, 2022

The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022. dba Fellowship Community in Whitehall, PA, has recently announced it was the victim of a cyberattack that was detected on August 6, 2021.

Health Insurance 130

Health Insurance HIPAA Licensing 130

HIPAA Journal

APRIL 1, 2022

On January 24, 2022, SRHD announced that an employee email account had been compromised on December 21, 2021. Between June 24, 2021, and July 2, 2021, emails and attachments in a Ciox Health employee’s email account were downloaded by an unauthorized individual.

Fraud 141

Fraud HIPAA Licensing Health Insurance 141

HIPAA Journal

JUNE 9, 2022

Suspicious activity was detected in the employee’s email account on November 24, 2021. The forensic investigation confirmed the breach was limited to a single email account that was accessed by an unauthorized individual between November 10, 2021, and November 24, 2021.

HIPAA 133

HIPAA Licensing Health Insurance Hospitals 133

HIPAA Journal

APRIL 15, 2022

A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed. SuperCare Health said unauthorized individuals had access to its network between July 23, 2021, to July 27, 2021, but did not disclose the nature of the cyberattack.

Electronic Medical Records 124

Electronic Medical Records HIPAA Health Insurance Fraud 124

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA 70

HIPAA COVID-19 COVID-19 Vaccine Public Health 70

HIPAA Journal

MAY 9, 2022

one of the largest providers of dental insurance in New York state, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. No evidence was found to indicate Social Security numbers, driver’s license numbers, or financial account/payment card information were exposed or compromised.

ADA 105

ADA Licensing Health Insurance HIPAA 105

HIPAA Journal

MARCH 9, 2022

The Birmingham, AL-based multi-specialty clinic, Norwood Clinic, has recently started notifying 228,103 individuals that some of their protected health information was accessed in a cyberattack that was detected on October 22, 2021. The review was concluded on February 2, 2022, and affected customers were updated on February 14, 2022.

Electronic Medical Records 131

Electronic Medical Records Health Insurance Ransomware HIPAA 131

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. Settlement to Resolve Class Action Ransomware Lawsuit appeared first on HIPAA Journal. The post Scripps Health Proposes $3.5M

Ransomware 127

Ransomware HIPAA Licensing Doctors 127

HIPAA Journal

MARCH 6, 2023

Cedar Park, TX-based Dental Health Management Solutions (DHMS), a provider of dental services to the government/military and private patients has recently announced – via its legal counsel – that the protected health information of certain patients was exposed in a 2021 hacking incident.

Electronic Medical Records 100

Electronic Medical Records HIPAA Licensing Nurses 100

HIPAA Journal

MARCH 1, 2022

2021, and successfully encrypted files on its network and servers. Around 4 GB of data was uploaded to the leak site and the files contained a selection of data including scanned driver’s licenses, patient records, insurance billing information, and other PHI.

Ransomware 145

Ransomware Licensing HIPAA Health Insurance 145

HIPAA Journal

MAY 11, 2023

million settlement to resolve a class action lawsuit filed in response to a 2021 hacking incident in which the protected health information of 318,379 patients was compromised. Million Settlement to Resolve Data Breach Lawsuit appeared first on HIPAA Journal. The Californian home care service provider, SuperCare, has proposed a $2.25

HIPAA 103

HIPAA Health Insurance Licensing Hospitals 103

HIPAA Journal

MARCH 21, 2022

As previously reported on this site, JDC Healthcare Management detected malware within its IT network on or around August 9, 2021, with the forensic investigation into the security breach confirming the malware was downloaded onto its systems on July 27, 2021. Further information on the data breach has now been obtained.

Ransomware 111

Ransomware Licensing HIPAA Health Insurance 111

HIPAA Journal

APRIL 28, 2022

Irvine, CA-based Smile Brands, a provider of support services for dental offices, has recently provided an update on the number of individuals affected by a ransomware attack that was discovered on April 24, 2021. The initial notice to the Maine attorney general was submitted on October 8, 2021.

Ransomware 117

Ransomware Health Insurance HIPAA Licensing 117

Compliancy Group

APRIL 11, 2022

The network intrusion was initially detected on July 27, 2021. In a statement on SuperCare Health’s website, they provided details regarding the hacking incident, “On July 27, 2021, we discovered unauthorized activity on our systems. Let’s Simplify Compliance HIPAA and cybersecurity go hand-in-hand. Learn More! ×

US Department of Health and Human Services 98

US Department of Health and Human Services HIPAA Compliance Licensing 98

HIPAA Journal

FEBRUARY 16, 2023

The Nashville, TN-based health system, Advent Health Partners, has proposed a $500,000 settlement to resolve claims related to a September 2021 data breach involving the protected health information of 61,072 patients. Advent Health Partners detected a breach of its email environment in early September 2021.

HIPAA 107

HIPAA Fraud Licensing Health Insurance 107

HIPAA Journal

DECEMBER 12, 2022

Receivables Performance Management (RPM) in Lynnwood, WA, a business associate of several HIPAA-covered entities, has recently started notifying individuals affected by a 2021 ransomware attack. The incident was detected on May 12, 2021, with the investigation confirming its systems were first breached on April 8, 2021.

HIPAA 120

HIPAA Ransomware Hospitals Licensing 120

HIPAA Journal

FEBRUARY 14, 2023

Hackers gained access to Umass Memorial Health’s email environment between June 24, 2020 and January 7, 2021, as a result of responses to phishing emails. Million Settlement to Resolve Data Breach Lawsuit appeared first on HIPAA Journal. Claims for the benefits or cash payment must be submitted by April 14, 2023.

Fraud 115

Fraud Licensing Health Insurance HIPAA 115

HIPAA Journal

MARCH 30, 2022

LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. The post Law Enforcement Health Benefits and Oklahoma City Indian Clinic Suffer Ransomware Attacks appeared first on HIPAA Journal. Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members.

Ransomware 142

Ransomware Electronic Medical Records HIPAA Licensing 142

HIPAA Journal

SEPTEMBER 8, 2022

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021.

Fraud 114

Fraud Health Insurance Ransomware HIPAA 114