Compassionate Care Hospice Data Breach Impacts 1,128 Patients

Data Breach

An unauthorized person accessed the network and server of Compassionate Care Hospice Las Vegas (CCHLV). The protected health information of 1,128 patients was potentially exposed. CCHLV discovered the data breach on October 28, 2017. Hired third-party computer forensics experts investigated the incident to know the nature of the breach and to know all the patients whose PHI had been exposed.

According to the investigative report, there was a possibility of accessed data, but there was no sign that the attacker viewed or stole sensitive information. But it cannot be 100% ruled out that there was no data theft or access. The stored information in the CCHLV network that could have been viewed include the patients’ names, birth dates, addresses, medical treatment data, Medicare numbers, health insurance information and archived digital health records. There was no financial information stored on the compromised network, so all patients’ financial data were secured.

After CCHLV discovered the data breach, access to the network and server were blocked. Steps to identify vulnerabilities of the network system involved a comprehensive risk analysis. The security policies were also reviewed and revised. CCHLV installed tools to detect intrusions and keep monitoring systems. These corrective actions will help keep the confidentiality, integrity and availability of PHI and mitigate cyberattacks quickly.

All affected patients already received notification letters by mail from CCHLV on December 14, 2017. They were also offered free complimentary credit monitoring and identity theft restoration services for one year via Kroll.  The incident had been reported to the Department of Health and Human Services’ Office for Civil Rights and the law enforcement which assisted them in the investigation.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/