2022, HIPAA and Licensing - Health Care Compliance Brief

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA

HIPAA Ransomware Health Insurance Compliance

235,000 Keystone Health Patients Affected by August 2022 Cyberattack

HIPAA Journal

OCTOBER 18, 2022

Chambersburg, PA-based Keystone Health has recently announced that it fell victim to a cyberattack on August 19, 2022, which caused temporary disruption to its computer systems. The forensic investigation revealed the hackers first gained access to its systems on July 28, 2022, with access terminated on August 19.

HIPAA

HIPAA Health Insurance Licensing Medicaid

What are the Penalties for HIPAA Violations?

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

HIPAA Compliance Hospitals COVID-19

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

According to the breach report filed with the Maine Attorney General, it took until October 3, 2022, to confirm that an unauthorized third party had accessed the email system, which included sensitive information of its members. Notification letters were sent to affected individuals on October 31, 2022.

HIPAA

HIPAA Licensing Health Insurance Fraud

Lifeline Systems Company Notifies Patients About August 2022 Cyberattack

HIPAA Journal

SEPTEMBER 8, 2023

According to the notification letters, unusual network activity was detected on August 6, 2022. The investigation confirmed that an unauthorized individual had access to its systems from July 27, 2022, to August 6, 2022, and accessed certain documents on its systems during that period.

Licensing

Licensing HIPAA

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The email account breaches were detected by the hospital on January 19, 2022. La Casa de Salud, New York.

HIPAA

HIPAA Health Insurance Licensing Hospitals

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

HIPAA Journal

APRIL 21, 2023

One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health said the investigation revealed hackers had access to parts of its network between July 9, 2022, and November 19, 2022, and accessed data intermittently over that period.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

The Most Common HIPAA Violations You Should Avoid

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA

HIPAA Compliance Hospitals Medicare

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware

Ransomware Hospitals HIPAA Licensing

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. According to the notification, the cyberattack was detected on or around March 19, 2022.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

HIPAA Journal

JANUARY 9, 2023

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022.

Licensing

Licensing HIPAA Health Insurance Governance

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

In its March 25, 2022, breach notification letters, SuperCare Health explained that it identified unauthorized activity within its IT systems on July 27, 2021. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Licensing

Licensing HIPAA Health Insurance Hospitals

What is HIPAA Enforcement Discretion?

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA

HIPAA COVID-19 COVID-19 Vaccine Public Health

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

HIPAA Journal

SEPTEMBER 30, 2022

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter.

Licensing

Licensing HIPAA Health Insurance

Four Healthcare Providers Hit with Ransomware Attacks

HIPAA Journal

MARCH 1, 2022

Jax Spine and Pain Centers in Jacksonville, FL has recently announced it was the victim of a ransomware attack that occurred on January 24, 2022. The initial investigation concluded on January 28, 2022, and determined the attackers had gained access to its systems on or around December 15. Jax Spine & Pain Centers.

Ransomware

Ransomware Licensing HIPAA Health Insurance

MaineGeneral hits congestive heart failure readmission rate of 0% using RPM

Healthcare IT News - Telehealth

AUGUST 23, 2022

"In May and June 2022, MaineGeneral has achieved a CMS-CHF readmission rate of 0%, compared with 20% and 26.7% " In an effort to find a video technology that was easy to use for patients, MaineGeneral ended up with HIPAA-compliant Zoom as the video conferencing component for virtual care in outpatient settings.

COVID-19

COVID-19 Licensing Patient Satisfaction Hospitals

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

HIPAA Journal

MARCH 4, 2022

The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022. On January 25, 2022, CVS Pharmacy determined certain accounts had been compromised.

Health Insurance

Health Insurance Licensing HIPAA

Round Up of Recent Hacking Incidents and Email Account Breaches

HIPAA Journal

JANUARY 13, 2023

The attack was detected on November 7, 2022, and steps were taken to contain the attack and secure its systems. Notification letters were mailed to affected individuals on January 6, 2022. Notifications were mailed to affected individuals on December 30, 2022. The Kelberman Center – Email Account Breach.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

HIPAA Journal

MARCH 23, 2022

Notification letters were sent to affected individuals on March 10, 2022. According to a March 10, 2022 data breach notice, Dialyze Direct said it discovered on February 14, 2022, that an unauthorized individual had gained access to an employee email account between January 21, 2021, and March 4, 2021. Highmark Inc.,

HIPAA

HIPAA Licensing Health Insurance Governance

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

HIPAA Journal

MARCH 14, 2022

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated.

COVID-19

COVID-19 HIPAA Licensing Health Insurance

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

HIPAA Journal

MAY 25, 2022

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020. Lifespan Services Suffers Ransomware Attack.

Ransomware

Ransomware Fraud HIPAA Licensing

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database and downloaded files containing plan members’ protected health information, including names, addresses, dates of birth, phone numbers, email addresses, Medicare ID numbers, and Medicaid ID numbers.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

HIPAA Journal

MARCH 10, 2022

The breach was detected on January 20, 2022, and immediate action was taken to secure its systems, and an independent computer forensics company was engaged to conduct a forensic investigation to determine the nature and scope of the breach. Notification letters were sent on January 28, 2022. DataHealth. Dr. Douglas C.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. A limited number of patients also had financial account information exposed.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. appeared first on HIPAA Journal.

Licensing

Licensing Health Insurance Fraud HIPAA

Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

HIPAA Journal

FEBRUARY 16, 2022

The system contained patients’ names, birth dates, insurance card numbers, driver’s license numbers, and copies of patients’ insurance cards and driver’s licenses. The security breach was detected on or around January 9, 2022, when certain systems were rendered inaccessible.

Ransomware

Ransomware Hospitals Licensing HIPAA

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. An employee was discovered to have accessed the medical records of several patients without authorization between October 2021 and May 2022, when there was no legitimate work reason for viewing those records. Patient medical records were not involved.

Hospitals

Hospitals HIPAA Health Insurance Licensing

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

HIPAA Journal

MAY 19, 2022

The settlement has received preliminary approval from the court and a final hearing for the settlement has been scheduled for September 12, 2022. The deadline for submitting a claim is August 8, 2022, and the deadline for objecting to the settlement or requesting to be excluded from the settlement is August 22, 2022.

Licensing

Licensing HIPAA Health Insurance Medicaid

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

HIPAA Journal

APRIL 13, 2022

The theft occurred on or around January 27, 2022, and was discovered by RHD on February 16, 2022. The data was uploaded to the leak site on March 17, 2022. Wellstar Health learned about the security breach on February 7, 2022, with the forensic investigation confirming that the breach was limited to two email accounts.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

HIPAA Journal

JULY 14, 2022

The attack was detected on March 20, 2022, and resulted in computer systems being disabled. The forensic investigation confirmed the breach was limited to a single employee email account, which was breached between January 27, 2022, and February 7, 2022.

Licensing

Licensing Health Insurance Ransomware HIPAA

5 Security Breaches Reported in Which PHI was Potentially Compromised

HIPAA Journal

JUNE 24, 2022

On April 7, 2022, an employee responded to a phishing email and disclosed credentials for an email and messaging account. A limited number of individuals also had their Social Security numbers, driver’s license/state ID numbers, and/or financial account information exposed.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Email Account Breaches Reported by Allaire Healthcare Group and Platinum Hospitalists

HIPAA Journal

JUNE 9, 2022

A programmatic and manual review of the affected email account was completed on March 18, 2022. On March 29, 2022, Platinum Hospitalists discovered an email account had been accessed by an unauthorized individual. Platinum Hospitalists Discovers Phishing Attack and Data Breach.

Licensing

Licensing HIPAA Health Insurance Hospitals

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

HIPAA Journal

DECEMBER 14, 2022

A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between March 17 and March 22, 2022. CFA was informed about the breach on June 23, 2022. Patients started to be notified on November 23, 2022.

Health Insurance

Health Insurance HIPAA Licensing

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

HIPAA Journal

AUGUST 3, 2022

The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. Fast Track Urgent Care said it took until June 6, 2022, 13 months after the initial breach, for PracticeMax to confirm that Fast Track Urgent Care patient data had been accessed.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

On December 26, 2022, an employee’s laptop computer was stolen. Majestic Care – Hacking incident Majestic Care, a provider of community-based skilled nursing throughout Indiana, Ohio, and Michigan, has confirmed that it was the victim of a hacking incident in December 2022 that disrupted access to its information systems.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Amazon Clinic may delay its nationwide telehealth launch

Healthcare IT News - Telehealth

JUNE 27, 2023

They said customers who decline HIPAA consent on the website are prevented from completing their patient registration with Amazon Clinic and are redirected to a third-party provider information page.

HIPAA

HIPAA Telemedicine Licensing

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware

Ransomware Fraud Licensing HIPAA

SuperCare Health Hack Affects 300K Patients

Compliancy Group

APRIL 11, 2022

In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. Let’s Simplify Compliance HIPAA and cybersecurity go hand-in-hand.

US Department of Health and Human Services

US Department of Health and Human Services HIPAA Compliance Licensing

BJC Healthcare Settles Data Breach Lawsuit Stemming from 2020 Phishing Attack

HIPAA Journal

JULY 20, 2022

While data theft could not be determined, the affected email accounts contained the protected health information of patients of 19 of its hospitals, including names, birth dates, health insurance information, Social Security numbers, driver’s license, and healthcare data. The lawsuit, filed in the Circuit Court of the City of St.

Fraud

Fraud Licensing HIPAA Health Insurance

Law Enforcement Health Benefits and Oklahoma City Indian Clinic Suffer Ransomware Attacks

HIPAA Journal

MARCH 30, 2022

That process concluded on February 25, 2022, when it was confirmed that files containing the personal and protected health information of plan members had been exfiltrated from its network. The attack appears to have occurred on or around March 10, 2022 and has affected the automatic refill line and mail order services of its pharmacy.

Ransomware

Ransomware Electronic Medical Records HIPAA Licensing

Email Account Breaches Reported by Newman Regional Health and Contra Costa County

HIPAA Journal

APRIL 18, 2022

The types of information exposed included names, Social Security numbers, driver’s license numbers, state-issued I.D. It is unclear when the breach was detected; however, Contra Costa County said the breach investigation concluded on March 11, 2022, and notification letters were sent to affected individuals on April 15, 2022.

Licensing

Licensing HIPAA Health Insurance Hospitals

Editorial: Lessons from Biggest HIPAA Breaches of 2022

235,000 Keystone Health Patients Affected by August 2022 Cyberattack

Trending Sources

What are the Penalties for HIPAA Violations?

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

Lifeline Systems Company Notifies Patients About August 2022 Cyberattack

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

The Most Common HIPAA Violations You Should Avoid

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

Cyberattack on SuperCare Health Affects 318,000 Patients

What is HIPAA Enforcement Discretion?

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

Four Healthcare Providers Hit with Ransomware Attacks

MaineGeneral hits congestive heart failure readmission rate of 0% using RPM

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

Round Up of Recent Hacking Incidents and Email Account Breaches

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

SuperCare Health Sued Over 318,000-Record Data Breach

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

5 Security Breaches Reported in Which PHI was Potentially Compromised

Email Account Breaches Reported by Allaire Healthcare Group and Platinum Hospitalists

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Amazon Clinic may delay its nationwide telehealth launch

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

SuperCare Health Hack Affects 300K Patients

BJC Healthcare Settles Data Breach Lawsuit Stemming from 2020 Phishing Attack

Law Enforcement Health Benefits and Oklahoma City Indian Clinic Suffer Ransomware Attacks

Email Account Breaches Reported by Newman Regional Health and Contra Costa County

Stay Connected