Billing Information of 12,331 Inova Health System Patients Compromised

Inova Health System based in Falls Church, VA is informing 12,331 patients that there has been a breach of some of their protected health information (PHI).

Law enforcement contacted Inova Health System on September 5, 2018 regarding a suspected breach of billing information. An investigation was launched and a leading computer forensics company was called in to provide assistance.

According to the investigation, an unauthorized person accessed the billing system in January 2017 and again between July and October 2017. The hacker used an Inova employee’s login credentials to access the system.

Inova also reported that the same individual accessed the paper billing records of a few patients in December 2016, which suggests the person responsible had access to Inova facilities. However, no information about the individual responsible for the breach has been disclosed by Inova.

The compromised information included patient names, addresses, dates of birth, Social Security numbers and medical record numbers. The treatment information of a limited number of patients was also potentially compromised.

Inova has now enhanced its security policies and procedures, implemented monitoring tools to detect unauthorized access, updated its password policies to improve password complexity, and has limited data transmission. Employees have received extra training on securing sensitive data, password security, and steps to take before leaving their workstations unattended.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Inova began sending breach notification letters by mail to patients affected by the breach on November 2. Inova has offered all patients impacted by the breach 12 months of credit monitoring and identity theft protection services free of charge.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: