HIPAA Journal

APRIL 21, 2023

One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health said the investigation revealed hackers had access to parts of its network between July 9, 2022, and November 19, 2022, and accessed data intermittently over that period.

Health Insurance 103

Health Insurance Licensing HIPAA Hospitals 103

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA 107

HIPAA Compliance Hospitals Medicare 107

HIPAA Journal

SEPTEMBER 30, 2022

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter.

Licensing 128

Licensing HIPAA Health Insurance 128

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance 136

Health Insurance Licensing Fraud HIPAA 136

HIPAA Journal

JANUARY 9, 2023

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022.

Licensing 128

Licensing HIPAA Health Insurance Governance 128

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. An employee was discovered to have accessed the medical records of several patients without authorization between October 2021 and May 2022, when there was no legitimate work reason for viewing those records. Patient medical records were not involved.

Hospitals 123

Hospitals HIPAA Health Insurance Licensing 123

HIPAA Journal

JANUARY 13, 2023

The attack was detected on November 7, 2022, and steps were taken to contain the attack and secure its systems. Notification letters were mailed to affected individuals on January 6, 2022. Notifications were mailed to affected individuals on December 30, 2022. The Kelberman Center – Email Account Breach.

Health Insurance 126

Health Insurance Licensing HIPAA Hospitals 126

HIPAA Journal

MAY 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. According to the notification, the cyberattack was detected on or around March 19, 2022.

Ransomware 140

Ransomware Licensing HIPAA Health Insurance 140

HIPAA Journal

APRIL 7, 2022

In its March 25, 2022, breach notification letters, SuperCare Health explained that it identified unauthorized activity within its IT systems on July 27, 2021. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Licensing 137

Licensing HIPAA Health Insurance Hospitals 137

HIPAA Journal

MARCH 23, 2022

Notification letters were sent to affected individuals on March 10, 2022. According to a March 10, 2022 data breach notice, Dialyze Direct said it discovered on February 14, 2022, that an unauthorized individual had gained access to an employee email account between January 21, 2021, and March 4, 2021. Highmark Inc.,

HIPAA 136

HIPAA Licensing Health Insurance Governance 136

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware 120

Ransomware Hospitals HIPAA Licensing 120

HIPAA Journal

MARCH 10, 2022

The breach was detected on January 20, 2022, and immediate action was taken to secure its systems, and an independent computer forensics company was engaged to conduct a forensic investigation to determine the nature and scope of the breach. Notification letters were sent on January 28, 2022. DataHealth. Dr. Douglas C.

Ransomware 140

Ransomware Licensing Health Insurance HIPAA 140

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. appeared first on HIPAA Journal.

Licensing 119

Licensing Health Insurance Fraud HIPAA 119

HIPAA Journal

MARCH 14, 2022

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated.

COVID-19 114

COVID-19 HIPAA Licensing Health Insurance 114

HIPAA Journal

MARCH 29, 2023

On December 26, 2022, an employee’s laptop computer was stolen. Majestic Care – Hacking incident Majestic Care, a provider of community-based skilled nursing throughout Indiana, Ohio, and Michigan, has confirmed that it was the victim of a hacking incident in December 2022 that disrupted access to its information systems.

Hospitals 123

Hospitals Ransomware Licensing Health Insurance 123

HIPAA Journal

OCTOBER 7, 2022

On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database and downloaded files containing plan members’ protected health information, including names, addresses, dates of birth, phone numbers, email addresses, Medicare ID numbers, and Medicaid ID numbers.

HIPAA 114

HIPAA Health Insurance Medicaid Medicaid 114

HIPAA Journal

JULY 5, 2022

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. A limited number of patients also had financial account information exposed.

Licensing 117

Licensing Electronic Medical Records Health Insurance Hospitals 117

HIPAA Journal

MARCH 1, 2022

Jax Spine and Pain Centers in Jacksonville, FL has recently announced it was the victim of a ransomware attack that occurred on January 24, 2022. The initial investigation concluded on January 28, 2022, and determined the attackers had gained access to its systems on or around December 15. Jax Spine & Pain Centers.

Ransomware 145

Ransomware Licensing HIPAA Health Insurance 145

HIPAA Journal

MARCH 20, 2023

The Birmingham, AL, Heart Hospital, Cardiovascular Associates, has recently announced that unauthorized individuals gained access to certain parts of its network between November 28, 2022, and December 5, 2022, and removed files containing patient information.

Licensing 119

Licensing HIPAA Health Insurance Hospitals 119

HIPAA Journal

MAY 25, 2022

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020. Lifespan Services Suffers Ransomware Attack.

Ransomware 137

Ransomware Fraud HIPAA Licensing 137

HIPAA Journal

MARCH 4, 2022

The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022. On January 25, 2022, CVS Pharmacy determined certain accounts had been compromised.

Health Insurance 130

Health Insurance HIPAA Licensing 130

Healthcare IT News - Telehealth

JUNE 27, 2023

They said customers who decline HIPAA consent on the website are prevented from completing their patient registration with Amazon Clinic and are redirected to a third-party provider information page.

HIPAA 170

HIPAA Telemedicine Licensing 170

HIPAA Journal

FEBRUARY 16, 2022

The investigation confirmed its electronic medical record system and other clinical systems were not compromised in the attack; however, on January 13, 2022, Philadelphia FIGHT discovered the attacker had accessed non-clinical systems that housed files containing the protected health information of around 15,000 patients.

Electronic Medical Records 124

Electronic Medical Records Health Insurance Licensing HIPAA 124

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Electronic Medical Records 124

Electronic Medical Records HIPAA Health Insurance Fraud 124

HIPAA Journal

JULY 14, 2022

The attack was detected on March 20, 2022, and resulted in computer systems being disabled. The forensic investigation confirmed the breach was limited to a single employee email account, which was breached between January 27, 2022, and February 7, 2022.

Licensing 117

Licensing Health Insurance Ransomware HIPAA 117

HIPAA Journal

MAY 19, 2022

The settlement has received preliminary approval from the court and a final hearing for the settlement has been scheduled for September 12, 2022. The deadline for submitting a claim is August 8, 2022, and the deadline for objecting to the settlement or requesting to be excluded from the settlement is August 22, 2022.

Licensing 124

Licensing HIPAA Health Insurance Medicaid 124

Healthcare IT News - Telehealth

AUGUST 23, 2022

"In May and June 2022, MaineGeneral has achieved a CMS-CHF readmission rate of 0%, compared with 20% and 26.7% " In an effort to find a video technology that was easy to use for patients, MaineGeneral ended up with HIPAA-compliant Zoom as the video conferencing component for virtual care in outpatient settings.

COVID-19 192

COVID-19 Licensing Patient Satisfaction Hospitals 192

HIPAA Journal

FEBRUARY 16, 2022

The system contained patients’ names, birth dates, insurance card numbers, driver’s license numbers, and copies of patients’ insurance cards and driver’s licenses. The security breach was detected on or around January 9, 2022, when certain systems were rendered inaccessible.

Ransomware 132

Ransomware Hospitals Licensing HIPAA 132

HIPAA Journal

JUNE 9, 2022

A programmatic and manual review of the affected email account was completed on March 18, 2022. On March 29, 2022, Platinum Hospitalists discovered an email account had been accessed by an unauthorized individual. Platinum Hospitalists Discovers Phishing Attack and Data Breach.

HIPAA 133

HIPAA Licensing Health Insurance Hospitals 133

HIPAA Journal

APRIL 18, 2022

The types of information exposed included names, Social Security numbers, driver’s license numbers, state-issued I.D. It is unclear when the breach was detected; however, Contra Costa County said the breach investigation concluded on March 11, 2022, and notification letters were sent to affected individuals on April 15, 2022.

Licensing 129

Licensing HIPAA Health Insurance Hospitals 129

HIPAA Journal

JULY 20, 2022

While data theft could not be determined, the affected email accounts contained the protected health information of patients of 19 of its hospitals, including names, birth dates, health insurance information, Social Security numbers, driver’s license, and healthcare data. The lawsuit, filed in the Circuit Court of the City of St.

Fraud 128

Fraud Licensing HIPAA Health Insurance 128

HIPAA Journal

MARCH 30, 2022

That process concluded on February 25, 2022, when it was confirmed that files containing the personal and protected health information of plan members had been exfiltrated from its network. The attack appears to have occurred on or around March 10, 2022 and has affected the automatic refill line and mail order services of its pharmacy.

Ransomware 142

Ransomware Electronic Medical Records HIPAA Licensing 142

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA 70

HIPAA COVID-19 COVID-19 Vaccine Public Health 70

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware 122

Ransomware Fraud Licensing HIPAA 122

HIPAA Journal

MAY 2, 2023

No Social Security numbers, financial information, or driver’s license numbers were exposed. Suspicious activity was detected within its email environment on August 31, 2022. The forensic investigation confirmed the accounts were accessed between May 5, 2022, and September 8, 2022.

Licensing 114

Licensing Health Insurance Hospitals HIPAA 114

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The post San Juan Regional Medical Center Settles Data Breach Lawsuit appeared first on HIPAA Journal. All claims must be submitted by February 8, 2023.

Licensing 110

Licensing HIPAA Ransomware Health Insurance 110

HIPAA Journal

DECEMBER 14, 2022

A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between March 17 and March 22, 2022. CFA was informed about the breach on June 23, 2022. Patients started to be notified on November 23, 2022.

Health Insurance 120

Health Insurance HIPAA Licensing 120