Health Insurance, HIPAA and Licensing - Health Care Compliance Brief

Medical Express Ambulance Service Data Breach Affects 118K Individuals

HIPAA Journal

APRIL 16, 2025

The data potentially obtained by the threat actor included names, demographic information, dates of birth, Social Security numbers, drivers license numbers, medical information, financial information, health insurance information, usernames and passwords, and for some individuals, passport numbers.

Licensing

Licensing Health Insurance HIPAA Ransomware

Indiana Dental Practice Experiences Ransomware Attack That Exposed PHI

Compliancy Group

DECEMBER 9, 2024

Patient files, clinical and treatment information, and information related to insurance or claim information, constitute electronic protected health information (ePHI) under the Health Insurance Portability and Accountability Act (HIPAA). Mitigate risk through a risk management plan.

Ransomware

Ransomware Licensing HIPAA Compliance

Atrium Health responds to new social engineering attack

Healthcare It News

SEPTEMBER 17, 2024

Driver’s license or state-issued identification number. Health insurance and/or treatment cost information, such as patient identification numbers and health insurance account or policy numbers. Social Security number. Date of birth. Medical record number. Bank or financial account numbers or information.

Electronic Medical Records

Electronic Medical Records Health Insurance Payment Systems Licensing

Webinars

Bridging Innovation & Patient Care: The Growing Role of AI

MORE WEBINARS

Colorado Eye Clinic Investigating Suspected Ransomware Attack

HIPAA Journal

MARCH 25, 2025

The file review was completed on February 24, 2025, and confirmed that the types of data compromised included names plus some or all of the following: date of birth, Social Security number, drivers license or state identification number, medical information, and health insurance information.

Ransomware

Ransomware Licensing Electronic Medical Records Health Insurance

173,000 Patients Affected by Chord Specialty Dental Partners Email Data Breach

HIPAA Journal

APRIL 1, 2025

A comprehensive and time-intensive review of the affected accounts was recently concluded, and it was confirmed that names, addresses, Social Security numbers, drivers license numbers, bank account information, payment card information, dates of birth, medical information, and health insurance information were stored in the accounts.

Licensing

Licensing HIPAA Health Insurance

Beacon Health System Affected by Two Business Associate Email Breaches

HIPAA Journal

MARCH 28, 2025

The account was reviewed, and on January 24, 2025, it was confirmed that emails in the account contained the protected health information of patients of Beacon Health Systems Three Rivers Health Hospital in Michigan. Restorix sent notification letters to the affected patients on December 18, 2024.

Licensing

Licensing Health Insurance HIPAA Medicaid

Laboratory Services Cooperative Breach Impacts 1.6 Million People

HIPAA Journal

APRIL 11, 2025

Health insurance information such as plan names, plan types, insurance companies, and member/group ID numbers. Additional identifiers such as Social Security Numbers, driver’s license/state ID numbers, passport numbers, dates of birth, demographic data, student ID numbers, and other government identifiers.

Ransomware

Ransomware Fraud HIPAA Licensing

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. La Casa de Salud, New York. Valley View Hospital, Colorado.

HIPAA

HIPAA Health Insurance Licensing Hospitals

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

The review of the compromised email accounts confirmed they contain information such as names, addresses, dates of birth, driver’s license numbers, state identification card numbers, financial account numbers, usernames and passwords, payment card information, medical histories, and health insurance information.

HIPAA

HIPAA Licensing Health Insurance Fraud

What are the Penalties for HIPAA Violations?

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

HIPAA Compliance Hospitals COVID-19

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

Cyberattack on Sunflower Medical Group Affects 221,000 Patients

HIPAA Journal

MARCH 11, 2025

The file review confirmed that the types of data compromised in the cyberattack included names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information. It is currently unclear which hacking group is behind the attack, and if patient data was compromised.

Department of Veterans Affairs

Department of Veterans Affairs Licensing Ransomware Fraud

Numotion Reports Email Data Breach Affecting Almost 500,000 Individuals

HIPAA Journal

MARCH 25, 2025

A minority of the affected individuals had their Social Security numbers and/or drivers license numbers exposed.Individual notification letters are now being mailed to the affected individuals, and complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security numbers were involved.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

HIPAA Journal

APRIL 16, 2025

The hackers encrypted files and stole data such as names, addresses, telephone numbers, email addresses, dates of birth, demographic information, Social Security numbers, drivers license numbers, medical record numbers, health information, payment information, and health insurance information.

Ransomware

Ransomware Fraud Licensing HIPAA

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 million patients and health plan members.

HIPAA

HIPAA Ransomware Health Insurance Compliance

SimonMed Imaging Confirms January 2025 Cyberattack

HIPAA Journal

APRIL 2, 2025

The post SimonMed Imaging Confirms January 2025 Cyberattack appeared first on The HIPAA Journal. At least one class action lawsuit has already been filed against SimonMed over the incident.At present, no data breach is displayed on the HHS Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Total HIPAA

MAY 23, 2022

What is Protected Health Information (PHI)? The Health Insurance Portability and Accountability Act ( HIPAA ) is a 1996 federal law that regulates privacy standards in the healthcare sector. Since 1996, Congress has passed additional laws to adapt HIPAA in accordance with new technological advancements.

HIPAA

HIPAA Due Diligence Health Insurance Compliance

Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty

HIPAA Journal

DECEMBER 30, 2022

Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws with the Oregon and Utah Attorneys General that were uncovered during an investigation of a 2019 breach of the personal and protected health information of 14,500 of its employees and patients.

HIPAA

HIPAA Compliance Compliance Officers Licensing

The Most Common HIPAA Violations You Should Avoid

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules.

HIPAA

HIPAA Compliance Hospitals Medicare

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

HIPAA Journal

AUGUST 10, 2023

The Ottumwa Fire Department in Iowa has recently fired employees for alleged violations of the HIPAA Rules and other misconduct. The post Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations appeared first on HIPAA Journal. The information involved varied from individual to individual.

HIPAA

HIPAA Ransomware Licensing Health Insurance

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

The exposed information included names, dates of birth, Social Security numbers, driver’s license numbers, clinical/diagnosis information, health insurance member ID numbers, medical record numbers, and Medicare or Medicaid numbers. No evidence of data theft or misuse of information has been detected.

Health Insurance

Health Insurance Licensing Fraud HIPAA

Who’s Liable for Bad Medical Advice in the Age of ChatGPT?

Bill of Health

JUNE 5, 2023

medical licensing exam , diagnose illnesses , and even outshine human doctors on measures of perceived empathy , raising many questions about how AI will reshape health care as we know it. In the field of medicine, ChatGPT already has been reported to ace the U.S. But what happens when AI gets things wrong?

Malpractice

Malpractice FDA HIPAA Doctors

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

HIPAA Journal

MARCH 10, 2022

The files exfiltrated from its systems included the protected health information of patients. Individuals whose Social Security number, driver’s license, state identification number, or financial account information may have been involved have been offered complimentary credit monitoring services.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Logan Health Medical Center Cyberattack Affects More Than 213,000 Patients

HIPAA Journal

FEBRUARY 23, 2022

A review of the files on the affected server revealed they contained patient information including names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, insurance claim information, date(s) of service, treating/referring physician, medical bill account number, and/or health insurance information.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Medical Billing

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. According to the hospital operator, Tower Health, the unauthorized access was discovered during a routine audit of medical record access logs. Some of the accessed records included partial Social Security numbers and health insurance information.

Hospitals

Hospitals HIPAA Health Insurance Licensing

Preventing Non-Compliance Consequences in Healthcare

Verisys

MARCH 6, 2025

Department of Health and Human Services (HHS) Enforces regulations like the Health Insurance Portability and Accountability Act (HIPAA) to ensure patient data privacy and security. In another case, Californias Providence Medical Institute was fined $240,000 for violating HIPAA Security Rules, which led to a data breach.

Compliance

Compliance HIPAA Licensing Governance

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

HIPAA Journal

APRIL 25, 2024

The exposed and stolen data included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information.

Fraud

Fraud Health Insurance HIPAA Licensing

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

HIPAA Journal

FEBRUARY 16, 2022

The information potentially compromised in the attack included names, dates of birth, Social Security numbers, medical diagnoses, treatment information, and health insurance information. Vendor Email Account Breach Affects Over 6,000 Memorial Hermann Health System Patients.

Electronic Medical Records

Electronic Medical Records Health Insurance Licensing HIPAA

Eastern Ozarks Regional Health Sued by Arkansas AG for Failure to Secure Patient Data

HIPAA Journal

MARCH 18, 2022

Country Medical Services had run the hospital for 9 years; however, an investigation by the state Department of Health identified almost 3 dozen potential violations of the Emergency Medical Treatment and Labor Act, as the hospital was unable to provide emergency services. I am holding the hospital and its owners accountable.”.

Licensing

Licensing HIPAA Hospitals Health Insurance

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

The post Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack appeared first on HIPAA Journal. A class action lawsuit has already been filed on behalf of individuals affected by the breach.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Regulating the DTC Telehealth Boom: How Policies Are Shaping the Future of Prescription Fulfillment

Healthcare IT Today

MARCH 26, 2025

As the sector adapts, telehealth providers must navigate new compliance challenges, particularly regarding controlled substances, data privacy, and multi-state licensing. While telehealth is federally recognized, each state maintains its own set of rules governing online prescribing , provider licensing, and telehealth modalities.

FDA

FDA Compliance Licensing Fraud

Hillcrest Convalescent Center Announces 106K-Record Data Breach

HIPAA Journal

MARCH 11, 2025

The data review was completed on February 13, 2025, and confirmed that names, dates of birth, Social Security numbers, medical information, treatment information, healthcare provider information, and health insurance information had been exposed.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

Individuals who had their Social Security numbers or driver’s license numbers exposed have been offered complimentary credit monitoring and identity theft protection services. The post Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care appeared first on HIPAA Journal.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

AHA discovered the email breach in early September 2021 and determined on December 2, 2021, that files containing the protected health information of its healthcare provider clients had been accessed. UMC was a victim of a REvil ransomware attack in June 2021 that resulted in the theft of the protected health information of 1.3

Health Insurance

Health Insurance Licensing Ransomware Fraud

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

HIPAA Journal

MARCH 14, 2022

CRMC said at this stage of the investigation it does not appear that the attackers gained access to its electronic medical record database; however, the files accessed or potentially accessed by the attackers included information such as patient names, addresses, birth dates, medical information, and health insurance information.

Electronic Medical Records

Electronic Medical Records Health Insurance HIPAA Licensing

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

HIPAA Journal

JULY 14, 2022

The affected email accounts included names, Social Security numbers, driver’s licenses, financial account information, usernames and passwords, passport numbers, biometric data, medical information, health insurance information, electronic/digital signatures, and employer-assigned identification numbers.

Licensing

Licensing Health Insurance Ransomware HIPAA

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

The incident involved the exposure and potential theft of the protected health information of 318,400 patients, including names, addresses, birth dates patient account numbers, medical record numbers, health insurance information, testing, diagnostic, treatment, and claims information.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

While there have been no reported instances of misuse of patient data, OU Health could not rule out unauthorized access to patient data. The post Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals appeared first on HIPAA Journal.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. The post Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Licensing

Licensing Health Insurance Fraud HIPAA

San Juan Regional Medical Center Settles Data Breach Lawsuit

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The post San Juan Regional Medical Center Settles Data Breach Lawsuit appeared first on HIPAA Journal. All claims must be submitted by February 8, 2023.

Licensing

Licensing HIPAA Ransomware Health Insurance

Round Up of Recent Hacking Incidents and Email Account Breaches

HIPAA Journal

JANUARY 13, 2023

Quality Behavioral Health in Washington has recently reported a hacking incident to the HHS’ Office for Civil Rights that has affected 500 individuals – a number often used as a placeholder until the full extent of a data breach is known in order to meet the HIPAA Breach Notification Rule reporting requirements.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed. SuperCare Health said the security breach prompted a review of its security safeguards and additional security measures have now been implemented to better protect the personal and protected health information of its patients.

Licensing

Licensing HIPAA Health Insurance Hospitals

Protected Health Information Stolen in HealthEquity SharePoint Breach

HIPAA Journal

JULY 5, 2024

A review was conducted to determine the types of data involved and confirmed that the downloaded data included names, insurance identification numbers, claims/coverage information, and health information. No Social Security numbers, driver’s license numbers, or financial account information were accessed or downloaded.

Licensing

Licensing HIPAA Health Insurance

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

HIPAA Journal has not yet been able to establish exactly how many Anthem Blue Cross members have been affected. No financial information, Social Security numbers, or driver’s license numbers were taken. The post PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon appeared first on HIPAA Journal.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Medical Express Ambulance Service Data Breach Affects 118K Individuals

Indiana Dental Practice Experiences Ransomware Attack That Exposed PHI

Webinars

Trending Sources

Atrium Health responds to new social engineering attack

Webinars

Colorado Eye Clinic Investigating Suspected Ransomware Attack

173,000 Patients Affected by Chord Specialty Dental Partners Email Data Breach

Beacon Health System Affected by Two Business Associate Email Breaches

Laboratory Services Cooperative Breach Impacts 1.6 Million People

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

What are the Penalties for HIPAA Violations?

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

Cyberattack on Sunflower Medical Group Affects 221,000 Patients

Numotion Reports Email Data Breach Affecting Almost 500,000 Individuals

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

Editorial: Lessons from Biggest HIPAA Breaches of 2022

SimonMed Imaging Confirms January 2025 Cyberattack

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty

The Most Common HIPAA Violations You Should Avoid

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

Who’s Liable for Bad Medical Advice in the Age of ChatGPT?

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

Logan Health Medical Center Cyberattack Affects More Than 213,000 Patients

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

Preventing Non-Compliance Consequences in Healthcare

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

Eastern Ozarks Regional Health Sued by Arkansas AG for Failure to Secure Patient Data

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

Regulating the DTC Telehealth Boom: How Policies Are Shaping the Future of Prescription Fulfillment

Hillcrest Convalescent Center Announces 106K-Record Data Breach

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

SuperCare Health Sued Over 318,000-Record Data Breach

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

San Juan Regional Medical Center Settles Data Breach Lawsuit

Round Up of Recent Hacking Incidents and Email Account Breaches

Cyberattack on SuperCare Health Affects 318,000 Patients

Protected Health Information Stolen in HealthEquity SharePoint Breach

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

Stay Connected