2022, Fraud and HIPAA - Health Care Compliance Brief

HIPAA 2024 Year in Review – Ransomware, Risk Analysis, and Right of Access Remedies

Compliancy Group

DECEMBER 20, 2024

In 2024, the Department of Health and Human Services (HHS) Office for Civil Rights announced a series of enforcement actions against entities that violated, or potentially violated, one or more HIPAA rules. This HIPAA 2024 Year in Review article discusses these actions. Monitor and safeguard its health information systems activity.

Ransomware

Ransomware HIPAA Fraud Electronic Medical Records

2022 Healthcare Data Breach Report

HIPAA Journal

JANUARY 24, 2023

Even with that reduction, 2022 still ranked as the second-worst-ever year in terms of the number of reported breaches. million records in 2022. The theft of protected health information places patients and health plan members at risk of identity theft and fraud, but by far the biggest concern is the threat to patient safety.

HIPAA

HIPAA Ransomware Hospitals Fraud

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA

HIPAA Ransomware Health Insurance Compliance

Webinars

Bridging Innovation & Patient Care: The Growing Role of AI

MORE WEBINARS

Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack

HIPAA Journal

AUGUST 30, 2022

An unauthorized individual had access to the network of Avamere Health Services between January 19, 2022, and March 17, 2022, and exfiltrated files containing protected health information. The breach was detected on or around March 17, 2022, yet Avamere waited until July 13, 2022, to issue notifications to affected individuals.

Nursing Homes

Nursing Homes Fraud Ransomware HIPAA

What is a HIPAA Violation?

HIPAA Journal

DECEMBER 31, 2022

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA compliance violation is, evidence suggests otherwise. What is HIPAA and Who Does It Apply To?

HIPAA

HIPAA Due Diligence Compliance Fraud

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

HIPAA Journal

JANUARY 3, 2023

Attacks in the education sector have remained fairly consistent over the past 4 years with between 84 and 89 attacks conducted each year, as has the number of attacks on state and local governments – 105 in 2022 with an average of 102 attacks a year.

Ransomware

Ransomware Hospitals HIPAA Governance

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware

Ransomware Fraud Health Insurance HIPAA

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

According to the breach report filed with the Maine Attorney General, it took until October 3, 2022, to confirm that an unauthorized third party had accessed the email system, which included sensitive information of its members. Notification letters were sent to affected individuals on October 31, 2022.

HIPAA

HIPAA Licensing Health Insurance Fraud

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

HIPAA Enforcement by State Attorneys General

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). million individuals and for delayed breach notifications.

HIPAA

HIPAA Compliance Ransomware Hospitals

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

HIPAA Journal

OCTOBER 21, 2022

There are – and always have been – gaps in HIPAA and, after more than a quarter of a century, some have yet to be addressed. Most of the gaps in HIPAA are attributable to omissions from the original Act, provisions of HIPAA and HITECH that have never been enacted, and the increasing use of technology in healthcare.

HIPAA

HIPAA Compliance Medicare Medicare

New York Law Firm Pays $200,000 to State AG to Resolve HIPAA Violations

HIPAA Journal

MARCH 28, 2023

A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000 to the New York Attorney General to resolve alleged violations of New York General Business Law and the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA

HIPAA Ransomware Malpractice Health Insurance

Community Health Network reports online tracking data breach affecting 1.5 million

Healthcare It News

DECEMBER 5, 2022

" Community also said that the investigation has not found evidence that misuse or fraud has occurred as a result of the breach, and it "cannot say with certainty what information was involved." ON THE RECORD. Andrea Fox is senior editor of Healthcare IT News. Email: afox@himss.org. Healthcare IT News is a HIMSS publication.

Fraud

Fraud HIPAA Compliance Hospitals

Pharma Sales Rep Pleads Guilty to Healthcare Fraud and Criminal HIPAA Violations

HIPAA Journal

OCTOBER 21, 2022

A pharmaceutical sales rep has pleaded guilty to conspiring to commit healthcare fraud and wrongfully disclosing and obtaining patients’ protected health information in an elaborate healthcare fraud scheme involving criminal HIPAA violations. Ritson identified the patients through the medical practice of Dr. Frank Alario.

Fraud

Fraud HIPAA FDA Health Insurance

Lawsuits Increasing Following HIPAA Breaches

Compliancy Group

MAY 27, 2022

Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches – Facts and Figures. The cybercriminals stole more than 400GB of data before encrypting the organization’s files on March 19, 2022. Let’s Simplify Compliance HIPAA and cybersecurity go hand-in-hand.

HIPAA

HIPAA Ransomware Hospitals Compliance

Judge Questions Whether Website Metadata is Regulated by HIPAA

HIPAA Journal

AUGUST 29, 2023

The HHS’ Office for Civil Rights released guidance in 2022 on HIPAA and website tracking technologies and confirmed disclosures of protected health information to third parties via website tracking technologies is a HIPAA violation unless authorization has been received from patients or if there is a valid business associate agreement in place.

HIPAA

HIPAA Fraud Health Insurance Compliance

Lamoille Health Partners Facing Class Action Lawsuit Over 58K-Record Data Breach

HIPAA Journal

SEPTEMBER 7, 2022

The Morristown, VT-based healthcare provider, Lamoille Health Partners, is facing a class action lawsuit over a June 2022 ransomware attack that affected almost 60,000 of its patients. The attack was detected on June 13, 2022, with the investigation confirming the attackers gained access to its network the previous day.

HIPAA

HIPAA Ransomware Fraud Health Insurance

2021 HIPAA “Wall of Shame” Healthcare Data Breaches Up 7.5%

Compliancy Group

JANUARY 25, 2022

With at least six weeks before final numbers are in, the Department of Health and Human Services HIPAA Breach Reporting Tool website is reporting 713 major healthcare data breaches in 2021, an increase of more than 7.5 Trends of Major Healthcare Data Breaches Continue in 2022. Protected health information (PHI) from more than 45.7

HIPAA

HIPAA Ransomware Governance Fraud

Settlement Agreed to Resolve RIPTA Ransomware Attack Lawsuit

HIPAA Journal

MARCH 11, 2025

State employees who had their data compromised in the incident may submit a claim for up to $1,000 to cover out-of-pocket expenses due to the data breach, up to 4 hours of lost time at $15 per hour, and up to $7,500 as reimbursement of any extraordinary losses such as identity theft and fraud.

Ransomware

Ransomware Fraud HIPAA Health Insurance

Magellan Health Settles Class Action Data Breach Lawsuit for $1.43 Million

HIPAA Journal

SEPTEMBER 30, 2022

Had notifications been issued sooner, the plaintiffs argued that they could have taken steps to protect against identity theft and fraud. Class members that have incurred costs related to credit monitoring and fraud resolution may also be able to claim back those costs. Million appeared first on HIPAA Journal.

Fraud

Fraud HIPAA Health Insurance

Lawsuits Filed Against OakBend Medical Center and Keystone Health Over Data Breaches

HIPAA Journal

NOVEMBER 7, 2022

On September 1, 2022, OakBend Medical Center discovered its systems had been compromised and files had been encrypted. On October 28, 2022, two patients affected by the data breach – Ryan Higgs and Alissa Wojnar – took legal action over the theft of their protected health information. OakBend Medical Center.

HIPAA

HIPAA Fraud

New York Ambulance Service Facing Multiple Class Action Lawsuits over Ransomware Attack

HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. Those files were stolen on July 13, 2022. The breach investigation revealed the ransomware gang first gained access to the network on or around May 26, 2022.

Ransomware

Ransomware HIPAA Fraud

Adaptive Health Integrations Data Breach Affects More than 510,000 Individuals

HIPAA Journal

APRIL 20, 2022

A comprehensive review of affected files was conducted, and that process was concluded on February 23, 2022. The notification letters state that credit monitoring, fraud consultation, and identity theft restoration services are being offered through Kroll for 12 months at no cost.

US Department of Health and Human Services

US Department of Health and Human Services Fraud HIPAA

Class Action Lawsuit Filed Against Shields Health Care Group Over 2 Million-Record Data Breach

HIPAA Journal

JUNE 15, 2022

On May 27, 2022, the Massachusetts-based medical imaging service provider reported the data breach to the HHS’ Office for Civil Rights and confirmed that an unauthorized actor had access to some of its IT systems from March 7 to March 21, 2022.

Fraud

Fraud HIPAA

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

HIPAA Journal

MAY 25, 2022

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020. Lifespan Services Suffers Ransomware Attack.

Ransomware

Ransomware Fraud HIPAA Licensing

Kaiser Permanente Reports Email System Breach and Exposure of 70,000 Individuals’ PHI

HIPAA Journal

JUNE 14, 2022

Kaiser Permanente said it was alerted to a security incident involving its email system on April 5, 2022. Notifications were sent to affected individuals on June 3, 2022, who have been advised to be vigilant for potential fraud. Kaiser Permanente provides healthcare services to more than 12.5

Fraud

Fraud HIPAA

Humana Members Impacted by Choice Health Data Breach

HIPAA Journal

SEPTEMBER 29, 2022

On May 18, 2022, Choice Health learned that a Choice Health database was accessible over the Internet, with the investigation confirming the misconfiguration was caused by a third-party service provider. The exposed database was detected by Choice Health on May 14, 2022, with the theft of database files identified on May 18.

Health Insurance

Health Insurance Medicare Medicare Fraud

First Choice Community Healthcare and Arlington Skin Notify Patients About Cyberattacks

HIPAA Journal

AUGUST 5, 2022

In a substitute breach notification, First Choice explained that unusual activity was detected within its technological environment on March 27, 2022. Affected individuals were notified about the breach by mail on August 1, 2022, and have been offered complimentary identity theft protection services through IDX.

Electronic Medical Records

Electronic Medical Records Health Insurance Fraud HIPAA

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. The post SuperCare Health Sued Over 318,000-Record Data Breach appeared first on HIPAA Journal. The lawsuit, Vickey Angulo v.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Organizations Increasingly Opaque About Cause of Data Breaches

HIPAA Journal

FEBRUARY 1, 2023

When a data breach occurs and sensitive information is disclosed, the HIPAA Breach Notification Rule requires affected individuals to be notified. The 2022 Data Breach Report from the Identity Theft Resource Center (ITRC) has confirmed this trend. The LastPass data breach was a good case in point.

Fraud

Fraud HIPAA Ransomware Compliance

VisionWeb Data Breach Affects Up to 35,900 Individuals

HIPAA Journal

OCTOBER 18, 2022

According to the breach report sent to the HHS on October 3, 2022, unauthorized individuals gained access to its email environment which contained patient information. Suspicious email account activity was detected on June 1, 2022, and immediate action was taken to secure the account. Eventus WholeHealth Announces Email Account Breach.

Fraud

Fraud HIPAA Health Insurance Governance

Healthcare Data Breach Statistics

HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. million records breached, and 2022 was worse with 51.9

HIPAA

HIPAA Ransomware Compliance Hospitals

Patient Data Stolen in July 2021 Cyberattack on Chelan Douglas Health District

HIPAA Journal

MARCH 24, 2022

Notification letters started to be sent to affected individuals on March 15, 2022. Chelan Douglas Health District said it is unaware of any cases of identity fraud or other misuse of patient data. The post Patient Data Stolen in July 2021 Cyberattack on Chelan Douglas Health District appeared first on HIPAA Journal.

Ransomware

Ransomware Fraud Hospitals HIPAA

Data Theft Incidents Reported at Choice Health, MCG Health, & Goodman Campbell Brain and Spine

HIPAA Journal

JUNE 15, 2022

Choice Health discovered on May 14, 2022, that an individual was offering a set of data that had allegedly been stolen from Choice Health. Choice Health determined that the database had been found and certain database files had been copied by an unauthorized individual on May 7, 2022.

Ransomware

Ransomware Health Insurance Fraud HIPAA

Four Californian Medical Groups Sued over Data Breach Affecting 3.3 Million Patients

HIPAA Journal

MARCH 7, 2023

The cyberattack in question occurred on December 1, 2022. Hackers gained access to the medical groups’ IT systems, preventing access to certain servers on December 2, 2022. The attempted fraudulent activity occurred between December 2022 and February 2023, before being informed by the defendants about the data breach.

Fraud

Fraud Health Insurance Doctors HIPAA

BJC Healthcare Settles Data Breach Lawsuit Stemming from 2020 Phishing Attack

HIPAA Journal

JULY 20, 2022

In May 2022, BJC HealthCare reported another email breach to the HHS’ Office for Civil Rights. The post BJC Healthcare Settles Data Breach Lawsuit Stemming from 2020 Phishing Attack appeared first on HIPAA Journal. BJC HealthCare agreed to settle the lawsuit with no admission of liability or wrongdoing.

Fraud

Fraud Licensing HIPAA Health Insurance

Captify Health Suffers 3-Year Breach of its Your Patient Advisor Website

HIPAA Journal

JANUARY 10, 2023

An external investigation into credit card fraud pointed to Captify Health as the source of a data breach. The affected individuals were then identified and contact information was verified, and breach notification letters were sent on December 16, 2022.

HIPAA

HIPAA Doctors Fraud Compliance

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware

Ransomware Fraud Licensing HIPAA

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

HIPAA Journal

OCTOBER 6, 2022

Mon Health announced the security breach on February 28, 2022, and confirmed that the hackers had access to the personal and protected health information of 492,861 individuals , including information about patients, employees, providers, and contractors.

HIPAA

HIPAA Fraud Hospitals Health Insurance

Logan Health Facing Class Action Lawsuit Over Data Breach

HIPAA Journal

MARCH 11, 2022

The data breach in question was reported by Logan Health in February 2022, with its investigation confirming unauthorized individuals had access to its system between November 18, 2021, and November 22, 2021. The post Logan Health Facing Class Action Lawsuit Over Data Breach appeared first on HIPAA Journal.

HIPAA

HIPAA Health Insurance Medical Billing Fraud

The Urology Center of Colorado Agrees to Settle Class Action Data Breach Lawsuit

HIPAA Journal

SEPTEMBER 8, 2022

On November 5, 2021, the urology practice sent notification letters to its patients advising them that some of their protected health information was potentially compromised two months previously, between September 7 and September 8, 2022. Claims must be submitted by November 7, 2022.

Fraud

Fraud HIPAA

Home Care Providers of Texas Announces 124K-Record Data Breach

HIPAA Journal

JANUARY 17, 2023

The security breach was detected on June 29, 2022, when staff members were prevented from accessing files. Leading third-party cybersecurity experts were engaged to investigate the incident and determine the nature and scope of the breach and confirmed that the threat actors had access to its network between June 15, 2022, and June 29, 2022.

Ransomware

Ransomware Fraud HIPAA Licensing

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. As a precaution against identity theft and fraud, complimentary memberships have been offered to a credit monitoring service for 12 months. has recently notified the Montana Attorney General about a cyberattack that was detected on April 11, 2022. appeared first on HIPAA Journal.

Licensing

Licensing Health Insurance Fraud HIPAA

HIPAA 2024 Year in Review – Ransomware, Risk Analysis, and Right of Access Remedies

2022 Healthcare Data Breach Report

Webinars

Trending Sources

Editorial: Lessons from Biggest HIPAA Breaches of 2022

Webinars

Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack

What is a HIPAA Violation?

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Enforcement by State Attorneys General

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

New York Law Firm Pays $200,000 to State AG to Resolve HIPAA Violations

Community Health Network reports online tracking data breach affecting 1.5 million

Pharma Sales Rep Pleads Guilty to Healthcare Fraud and Criminal HIPAA Violations

Lawsuits Increasing Following HIPAA Breaches

Judge Questions Whether Website Metadata is Regulated by HIPAA

Lamoille Health Partners Facing Class Action Lawsuit Over 58K-Record Data Breach

2021 HIPAA “Wall of Shame” Healthcare Data Breaches Up 7.5%

Settlement Agreed to Resolve RIPTA Ransomware Attack Lawsuit

Magellan Health Settles Class Action Data Breach Lawsuit for $1.43 Million

Lawsuits Filed Against OakBend Medical Center and Keystone Health Over Data Breaches

New York Ambulance Service Facing Multiple Class Action Lawsuits over Ransomware Attack

Adaptive Health Integrations Data Breach Affects More than 510,000 Individuals

Class Action Lawsuit Filed Against Shields Health Care Group Over 2 Million-Record Data Breach

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

Kaiser Permanente Reports Email System Breach and Exposure of 70,000 Individuals’ PHI

Humana Members Impacted by Choice Health Data Breach

First Choice Community Healthcare and Arlington Skin Notify Patients About Cyberattacks

SuperCare Health Sued Over 318,000-Record Data Breach

Organizations Increasingly Opaque About Cause of Data Breaches

VisionWeb Data Breach Affects Up to 35,900 Individuals

Healthcare Data Breach Statistics

Patient Data Stolen in July 2021 Cyberattack on Chelan Douglas Health District

Data Theft Incidents Reported at Choice Health, MCG Health, & Goodman Campbell Brain and Spine

Four Californian Medical Groups Sued over Data Breach Affecting 3.3 Million Patients

BJC Healthcare Settles Data Breach Lawsuit Stemming from 2020 Phishing Attack

Captify Health Suffers 3-Year Breach of its Your Patient Advisor Website

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

Logan Health Facing Class Action Lawsuit Over Data Breach

The Urology Center of Colorado Agrees to Settle Class Action Data Breach Lawsuit

Home Care Providers of Texas Announces 124K-Record Data Breach

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Stay Connected