Indiana Settles Schneck Medical Center Data Breach Lawsuit for $250,000
The Indiana Attorney General has agreed to a $250,000 settlement with Schneck Medical Center. The settlement [...]
The HIPAA Guide - Celebrating 15 Years Online
HIPAA Breaches, Violations, and Fines
California and Kaiser Agree $49 Million Settlement to Resolve Improper Disposal Lawsuit
The California Attorney General and the district attorneys general from Alameda, San Bernardino, San [...]
Los Angeles Health Plan Fined $1,300,000 by OCR for Alleged HIPAA Violations
The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with the nation’s [...]
OCR and FTC Publish Tracking Technology Warning Letters Sent to Hospitals and Telehealth Providers
In July 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the [...]
UnitedHealthcare to Pay $80,000 to Settle Potential HIPAA Right of Access Violation
Last week, HHS’ Office for Civil Rights (OCR) announced the settlement of its latest HIPAA right of access [...]
Advocate Aurora Health Proposes $12.25 Million Settlement to Resolve Meta Pixel Lawsuit
Advocate Aurora Health has agreed to settle a consolidated class action lawsuit over its use of Meta Pixel [...]
HCA Healthcare Data Breach Impacts 11 Million Patients
HCA Healthcare, one of the largest health systems in the United States, has suffered a major data breach that [...]
$75,000 Settlement Agreed by iHealth Solutions to Resolve OCR HIPAA Case
The HHS’ Office for Civil Rights has agreed to settle a HIPAA case with the business associate iHealth [...]
Security Guards Snoop on Medical Records; Hospital Pays a $240,000 Penalty
The HHS’ Office for Civil Rights has announced its second HIPAA enforcement action of the month. Yakima [...]
OCR Fines New Jersey Psychiatry Practice for Google Review Responses
Manasa Health Center in New Jersey has agreed to pay $30,000 to resolve alleged HIPAA violations stemming [...]
Almost 9 Million Individuals Affected by Ransomware Attack on Dental Insurer
Managed Care of North America (MCNA) Dental has reported one of the largest ever breaches of protected health [...]
NY AG Slaps Medical Management Company with $550,000 HIPAA Penalty
New York Attorney General, Letitia James, has agreed to settle a compliance investigation with Professional [...]
PharMerica Cyberattack and Data Breach Affects 5.8 Million Patients
PharMerica, one of the largest pharmacy service providers in the United States, has recently confirmed that [...]
EyeMed Settles Multistate Data Brach Investigation for $2.5 Million
The Luxottica Group PIVA-owned vision benefits provider, EyeMed, has agreed to settle potential violations of [...]
MedEvolve Fined $350,000 for Storing PHI on an Unsecured Server
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been [...]
OCR Announces 44th Fine Under its HIPAA Right of Access Initiative
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is continuing to crack down [...]
Virtually All Hospitals Used Website Tracking Code that Transmits Website Visitors’ Data to Third Parties
Tracking code has been used on virtually all hospital websites, according to a new study conducted by [...]
OCR: HIPAA Violation Complaints Increased in 2021 as Breaches Fell
The HHS’ Office for Civil Rights has sent annual reports to Congress on reported data breaches and its [...]
HHS Fines Banner Health $1.25M for HIPAA Security Rule Violations
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced that the [...]
FTC Announces First Health Breach Notification Rule Enforcement Action
The Federal Trade Commission (FTC) has announced its first enforcement action over noncompliance with the [...]
Georgia Laboratory Fined €16,500 for Non-Compliance with HIPAA Right of Access
The HHS’ Office for Civil Rights (OCR) has announced that a diagnostic laboratory in Georgia – Life [...]
OCR Announces 42nd Financial Penalty for a HIPAA Right of Access Violation
The Right of Access provision of the HIPAA Privacy Rule permits patients to obtain a copy of their medical [...]
Dental Practice Fined $23,000 for Impermissible Disclosures of PHI on Yelp
HIPAA does not prohibit medical practices from responding to online reviews and feedback on platforms such as [...]
Aveanna Healthcare Resolves Alleged HIPAA Violations with $425,000 Settlement
Just a few weeks after settling a class action lawsuit over a 2019 data breach that affected 166,077 [...]
Advocate Aurora Health: PHI of up to 3 Million Patients Impermissibly Disclosed
Advocate Aurora Health says code snippets on its websites may have transmitted the protected health [...]
Cyberattack Causing Disruption at Second Largest Non-Profit U.S. Health System
A major cyberattack and IT outage are causing considerable disruption at one of the largest healthcare [...]
Dental Practices Pay Price for HIPAA Right of Access Noncompliance
The HIPAA Right of Access provides individuals with the right to obtain a copy of the medical records held by [...]
Are HIPAA Violations Common?
It is impossible to accurately answer the question are HIPAA violations common because there is no way of [...]
Improper PHI Disposal Leads to $300,000 HIPAA Penalty for Massachusetts Dermatology Practice
The HHS’ Office for Civil Rights (OCR) has announced its 17th financial penalty of the year to resolve [...]
Meta Pixel Code on Novant Health Website Disclosed Data of 1.3 Million Patients to Meta
Novant Health has notified more than 1.3 million patients that some of their protected health information has [...]
Oklahoma State University Settles HIPAA Investigation and Pays $875,000 Penalty
An investigation conducted by the HHS’ Office for Civil Rights (OCR) of a hacking incident at Oklahoma [...]
Massive Data Breach at Business Associate Affects 657 Healthcare Provider Clients
Cyberattacks on business associates of HIPAA-covered entities have the potential to affect many covered [...]
Patient Data Sent to Meta Without Consent by Hospitals via Meta Pixel Tool on Websites
An investigation into the use of the Meta Pixel tool on hospital websites has revealed one-third of the top [...]
2 Million-record Data Breach Reported by Massachusetts Medical Imaging Services Provider
A data breach affecting 2 million individuals has been reported to the Department of Health and Human [...]
Ransomware Attacks Increased by 13% in 2021
Ransomware attacks are increasing at an alarming rate. Attacks increased by 13% in 2021, which is a bigger [...]
Hacking Incident at Cloud EHR Vendor Impacts Multiple Eye Care Practices
Eye Care Leaders, a vendor of cloud-based electronic health record and practice management solutions for eye [...]
Financial Penalties Imposed for HIPAA Right of Access Violations and Impermissible PHI Disclosures
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced that four [...]
Texas Dental Clinic Operator Announces Breach Affecting 1 Million Texans
A major data breach has recently been reported by a dental clinic operator in Texas that has affected more [...]
Monongalia Health Data Breach Affects Almost 500,000 Patients
Monongalia Health System in West Virginia (Mon Health) has recently announced it fell victim to a cyberattack [...]
Settlements Proposed to Resolve Class Action Lawsuits Against Inmediata and CaptureRx
Settlements have been proposed to resolve class action lawsuits filed against the healthcare clearinghouse [...]
RIPTA and UnitedHealthcare Investigated Over Breach of 22,000 State Employee Records
On December 21, 2021, the Rhode Island Public Transport Authority (RIPTA), a quasi-public agency, reported a [...]
Over 1.3 Million Individuals Affected by Cyberattack and Data Theft Incident at Broward Health
On January 1, 2021, Broward Health announced it was the victim of a cyberattack involving data exfiltration [...]
New Jersey Companies Settle State HIPAA Investigation and Pay $425,000 Penalty
The New Jersey attorney general has been the most active enforcer of compliance with the Health Insurance [...]
Half a Million Records Potentially Stolen in 2 Healthcare Ransomware Attacks
The healthcare industry in the United States continues to be targeted by ransomware gangs. Recently, the [...]
EHR Vendor Reports Breach of PHI of Nearly 320,000 Patients
The protected health information of almost 320,000 patients has potentially been compromised in an August [...]
$495,000 HIPAA Settlement Reached Between New Jersey and Fertility Clinic
An investigation by the state of New Jersey into a cyberattack on a fertility clinic has uncovered multiple [...]
Ransomware Attack on Massachusetts Fertility Testing Laboratory Affects 350,000 Patients
The Marlborough, MA-based fertility-related medical laboratory ReproSource Fertility Diagnostics has started [...]
Lawsuit: Baby Died as a Consequence of Hospital Ransomware Attack
A lawsuit has been filed on behalf of a mother of a baby who is alleged to have died as a consequence of a [...]
OCR Imposes $80,000 Fine on Nebraska Hospital for HIPAA Right of Action Violation
Children’s Hospital & Medical Center (CHMC) has agreed to settle a HIPAA Right of Access [...]
Scripps Health Ransomware Attack Cost Increases to $112.7 Million
The 2021 IBM Security/Ponemon Institute Cost of a Data Breach Study determined the average cost of a data [...]
PHI of 447,000 Patients Potentially Compromised in Phishing Attack
Ransomware gangs have increased attacks on the healthcare industry. Data from Emsisoft show 560 healthcare [...]
Average Healthcare Data Breach Cost Increases to $9.23 Million
According to the 2021 IBM Security Cost of a Data Breach report, the average cost of a data breach has risen [...]
Data Breach Affects up to 2.4 Million Forefront Dermatology Patients
A major data breach has occurred at Wisconsin-based Forefront Dermatology. The protected health information [...]
California has Updated its Medical Data Breach Notification Regulations and Administrative Penalties
California has updated its data breach reporting requirements for healthcare facilities and has also [...]
€2.6 Million GDPR Violation Penalty Imposed on Italian Food Delivery Company
The Italian Data Protection Authority Garante has announced the food delivery company Foodinho has been fined [...]
Ohio Care Coordinator Accessed Patient Records Without Authorization for Almost 12 Years
Accessing the medical records of patients when there is no legitimate work reason for doing is a violation of [...]
Ransomware Attack on Eye Clinic Network Affects Half a Million Patients
On February 8, 2021, Wolfe Eye Clinic in Iowa suffered a ransomware attack that resulted in widespread [...]
PHI of 3,253,822 Individuals Potentially Stolen and Deleted from 20/20 Hearing Care Network’s AWS Environment
The protected health information (PHI) of 3,253,822 current and former members of the 20/20 Hearing Care [...]
OCR Announces 19th HIPAA Right of Access Settlement
The U.S. Department of Health and Human Services’ Office for Civil Rights has fined an endocrine disorder [...]
Multiple HIPAA Security Rule Failures Result in $25,000 HIPAA Fine for Clinical Laboratory
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 7th HIPAA [...]
UHS Data Breach Lawsuit Proceeds for Plaintiff Whose Surgery was Delayed
It is now common for the victims of healthcare data breaches to take legal action against a healthcare [...]
Montefiore Staff Member Fired for HIPAA Breach; Belden Facing Class Action Suit
Another staff member at New York’s Montefiore Medical Center has been found to have been illegally [...]
PHI of Almost 3.5 Million Individuals was Compromised in the Accellion Cyberattack
The number of healthcare organizations known to have been affected by the Accellion cyberattack has been [...]
OCR Announces 18th Settlement Under HIPAA Right of Access Enforcement Initiative
The U.S. Department of Health and Human Services’ Office for Civil Rights has announced its 18th settlement [...]
Massachusetts Hospital Pays $65,000 Penalty to Settle HIPAA Right of Access Case
The HHS’ Office for Civil Rights has fined Arbour Hospital $65,000 for failing to provide a patient with [...]
Medical Debt Collection Firm Settles Data Breach Case with Coalition of 41 State AGs
In 2019, the largest reported healthcare data breach was at American Medical Collection Agency (AMCA), a debt [...]
What is the Proper Response to an Accidental HIPAA Violation?
The HIPAA compliance rules must be followed by HIPAA covered entities, business associates and all healthcare [...]
Georgia Man Jailed for Attempting to Frame Nurse for Fake HIPAA Violations
This month, a U.S District Court judge for the Southern District of Georgia has sentenced a man for making [...]
OCR Announces $70,000 Settlement with Sharpe Healthcare to Resolve HIPAA Right of Access Case
Sharpe Healthcare has agreed to settle a HIPAA violation case with the Department of Health and Human [...]
Florida Health Insurer Discovers Breach of the PHI of 3.5 Million Individuals
One of the largest ever healthcare data breaches has recently been reported by the Florida-based health [...]
OCR Announces Fifteenth Settlement Under its HIPAA Right of Access Enforcement Initiative
The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA Right of Access enforcement action [...]
FTC Finalizes Settlement with SkyMed International to Resolve Allegations of Security and Data Breach Response Failures
The Federal Trade Commission (FTC) has announced the settlement with SkyMed International has been finalized [...]
$4.3 Million HIPAA Penalty for MD Anderson Cancer Center Vacated by Court of Appeals
The 5th Circuit U.S. Court of Appeals in Louisiana has vacated the civil monetary penalties imposed on the [...]
Excellus Health Plan Hit with $5.1 Million Penalty for 10 Million-Record Data Breach
Excellus Health Plan has settled a HIPAA violation case with the HHS’ Office for Civil Rights and has [...]
HHS Announces Largest Ever Financial Penalty for HIPAA Right of Access Failure
The U.S. Department of Health and Human Services has issued its largest ever HIPAA fine for noncompliance [...]
OCR Announces 13th HIPAA Right of Access Settlement
In 2019, the Department of Health and Human Services’ Office for Civil Rights announced a new HIPAA [...]
Dental Care Alliance Cyberattack Impacts More Than 1 Million Patients
The protected health information of more than a million dental patients has potentially been obtained by [...]
OCR Fines University of Cincinnati Medical Center $65,000 for Failure to Provide Patient’s Medical Records
The University of Cincinnati Medical Center (UCMC) has been fined $65,000 by the HHS’ Office for Civil [...]
OCR Announces 11th Financial Penalty under HIPAA Right of Access Enforcement Initiative
A Regal Park, NY-based private otolaryngology practitioner has been issued with a $15,000 financial penalty [...]
10th Financial Penalty Announced Under OCR’s HIPAA Right of Access Enforcement Initiative
The HHS’ Office for Civil Rights has made good on its promise to step up enforcement of compliance with the [...]
ShopRite Data Breach Results in $235,000 HIPAA Penalty for Wakefern Food Corporation
New Jersey Attorney General General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs have [...]
Aetna Pays $1,000,000 Penalty to Resolve Multiple Violations of the HIPAA Rules
The health plan Aetna, part of the Aetna Life Insurance Company, has agreed to pay a $1 million penalty to [...]
$100,000 Financial Penalty Imposed on NY Spine for HIPAA Right of Access Failure
In 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights launched its HIPAA Right [...]
Community Health Systems Settles Data Breach Case with 28 State Attorneys General for $5 Million
Tennessee Attorney General Herbert H. Slatery III has announced a $5 million settlement has been reached with [...]
OCR Issues 8th HIPAA Penalty Under HIPAA Right of Access Enforcement Initiative
The Department of Health and Human Services’ Office for Civil Rights has imposed its 8th HIPAA penalty on a [...]
Anthem Settles Multi-State Action with State Attorneys General Over 2014 Data Breach
A multi-state investigation by attorneys general in 42 states and Washington D.C. over the 78.8 million [...]
Premera Blue Cross to Pay $6.8 Million OCR HIPAA Fine for 2014 Data Breach
The HHS’ Office for Civil Rights (OCR) has imposed its second largest ever HIPAA violation penalty – [...]
$2.3 Million HIPAA Penalty for Business Associate for 6 Million-Record Data Breach
The Community Health Systems business associate, CHSPSC LLC, has settled its HIPAA violation case with the [...]
Athens Orthopedic Clinic Agrees to Pay $1.5 Million to Settle OCR HIPAA Violation Case
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled another HIPAA [...]
OCR Settles 5 More HIPAA Right of Access Cases
In 2019, the HHS’ Office for Civil Rights launched an enforcement initiative targeting organizations that [...]
Medical Data Being Exposed via Public GitHub Repositories
Research recently published in a collaborative report by security researcher Jelle Ursem and DataBreaches has [...]
$25,000 Penalty for Small Healthcare Provider for HIPAA Security Rule Failures
The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA [...]
914,000 Patients Impacted by Hacking of Florida Orthopedic Institute and Benefit Recovery Specialists
The protected health information of 914,000 patients has potentially been compromised in two hacking [...]
At Least 365K Patients Impacted by Magellan Health Ransomware Attack
In April 2020, the Fortune 500 firm Magellan Health experienced a ransomware attack that resulted in [...]
Episcopal Health Services Data Breach Lawsuit Sent Back to State Court for Further Proceedings
A lawsuit filed against Episcopal Health Services following a phishing attack that exposed the protected [...]
PHI of 170,000 Patients Potentially Compromised in Recent Phishing Attacks
Monthly breach reports show that email is the most common location of breached protected health information. [...]
$100,000 HIPAA Fine Imposed on Physician Practice for Security Rule Violations
A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures [...]
Analysis of 2019 Healthcare Data Breaches
A recent analysis of 2019 healthcare data breaches by Protenus has confirmed that 2019 was a particularly bad [...]
Widespread E1 Transactions Violations Discovered by HHS’ Office of Inspector General
A recent audit of a mail-order pharmacy and 29 other healthcare provides by the Department of Health and [...]
HIPAA Compliance Failures Result in $65,000 Fine for Georgia Ambulance Company
West Georgia Ambulance, Inc., an ambulance company serving Carroll County in Georgia, has agreed to settle a [...]
OCR Issues Second Fine for Noncompliance with HIPAA Right of Access
The Department of Health and Human Services’ Office for Civil Rights has announced another settlement has [...]
Breach Notification Rule Failure Leads to $2.175 Million HIPAA Settlement
A breach notification failure and the lack of a business associate agreement has led to a $2.175 million [...]
OCR Imposes $1.6 Million Civil Monetary Penalty on Texas Health and Human Services Commission for HIPAA Violations
The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined another HIPAA-covered [...]
9 Unsecured Medical Databases Found Containing Millions of Patient Records
Security researchers at Wizecase have discovered 9 medical databases containing millions of patient records [...]
Jackson Health System Pays $2.15 Million Penalty for Widespread Noncompliance with HIPAA Rules
Jackson Health System (JHS) has paid a $2.15 million civil monetary penalty to the HHS’ Office for Civil [...]
Dental Practice Gets $10,000 HIPAA Penalty for PHI Disclosures on Social Media
A dental practice has been fined $10,000 by the HHS’ Office for Civil Rights for violating Health Insurance [...]
HIPAA Right of Access Failure Attracts $85,000 Financial Penalty
The HHS’ Office for Civil Rights has announced the first HIPAA settlement under its HIPAA Right of Access [...]
400 Million Medical Images Found to Be Freely Accessible Over the Internet
A recent investigation by ProPublica, Greenbone Networks, and the German public broadcaster Bayerischer [...]
Summary of July 2019 Healthcare Data Breaches
It has been another terrible month for healthcare data breaches – The worst of the year to date in terms of [...]
51% of Healthcare Providers Are Not Fully Compliant with HIPAA Right of Access
Healthcare providers are providing patients with copies of their medical records, but a majority have been [...]
$74 Million Premera Blue Cross Settlement Gets Preliminary Approval
A consolidated class action lawsuit against Premera Blue Cross over its 2014 data breach of 10.6 million [...]
$145 Settlement Proposed by Allscripts to Resolve HIPAA and Anti-Kickback Case
Allscripts Healthcare Solutions has proposed a settlement of $145 million to resolve alleged violations of [...]
AMCA Breach Victim Count Nears $24 Million
Over the past 10 days, several more healthcare providers have announced that they have been affected by the [...]
Premera Blue Cross Settles HIPAA Case for $10 Million
Premera Blue Cross has agreed to settle its HIPAA violation lawsuit and pay a $10 million penalty to resolve [...]
Unauthorized Medical Record Access and Disclosure Results in 1 Year Jail Term
The penalties for HIPAA violations are usually restricted to fines for the covered entity or business [...]
Almost 2 Million Records Exposed in May 2019 Healthcare Data Breaches
It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of [...]
AMCA Files for Bankruptcy Following Massive Data Breach
After 42 years in business, the parent company of American Medical Collections Agency (AMCA) has sought [...]
More Than 20 Million Individuals Impacted by AMCA Data Breach
The number of individuals affected by the data breach at American Medical Collections Agency (AMCA) continues [...]
PHI of 11.9 Million Quest Diagnostics Patients Compromised in AMCA Data Breach
Quest Diagnostics, one of the largest medical laboratory chains in the United States, has announced that [...]
EHR Provider to Pay $900,000 to Resolve Multi-State HIPAA Case
Just a few days after the HHS’ Office for Civil Rights announced a settlement had been reached with Medical [...]
HHS Confirms When Business Associates Can be Held Directly Liable for HIPAA Violations
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, and the subsequent [...]
Medical Informatics Engineering Issued with $100,000 HIPAA Violation Penalty
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been [...]
April 2019 Was the Worst Ever Month for Healthcare Data Breaches
April was a record-breaking month for healthcare data breaches. More data breaches were reported by [...]
Multiple HIPAA Violations at Medical Imaging Services Company Result in $3 Million Penalty
Touchstone Medical Imaging, a Franklin, Tennessee-based provider of medical imaging services, has agreed to [...]
912,992 Records Exposed in Healthcare Data Breaches in March 2019
February was a particularly bad month for healthcare data breaches, so it is no surprise there was a fall in [...]
PHI of 12,000 Baystate Health Patients Exposed Due to Phishing Attack
A phishing attack on Baystate Health in Massachusetts has exposed the protected health information (PHI) of [...]
1,600 Ohio Patients Impacted by Impermissible Disclosures of PHI
993 Ohio residents who are beneficiaries of Medicaid or have received services from the Ohio Department of [...]
PHI Compromised Due to Emotet Malware Attack on Oregon Endodontic Group and Humana Web Portal Breach
An office computer used by Oregon Endodontic Group has been infected with malware, which may have allowed [...]
PHI of 14,305 Patients Exposed Due to a Phishing Attack on Main Line Endoscopy Centers
Main Line Endoscopy Centers, a network of outpatient endoscopy clinics in the Malvern, Media and Bala Cynwyd [...]
Sharp Grossmont Hospital Faces Lawsuit For Video Recording Patients During Gynecology Procedures
Sharp HealthCare and Sharp Grossmont Hospital have been accused of covertly recording videos in an area of [...]
National Board of Examiners in Optometry to Pay $3.25 Million to Settle 2016 Data Breach Lawsuit
A class action lawsuit that was filed on behalf of victims of a 2016 data breach at the National Board of [...]
Michigan Practice to Close Down Due to Ransomware Attack
A ransomware attack on Brookside ENT and Hearing Center located in Battle Creek prompted the Michigan [...]
Security Breaches Reported by DePaul and Southern Hills Eye Care
DePaul is informing a number of its behavioral health program patients about the exposure of their protected [...]
PHI of 67,493 Burrell Behavioral Health Patients Exposed Due to Business Associate Breach
Burrell Behavioral Health is informing 67,493 patients about the accidental exposure of their healthcare [...]
Class Action Lawsuit Filed Against UnityPoint Health for February 2018 Data Breach
A class action lawsuit has been filed against UnityPoint Health over a data breach that exposed 16,429 [...]
Texas Department of Aging and Disability Services To Pay $1.6 Million Settlement Over 2015 Data Breach
The Department of Health and Human Services’ Office for Civil Rights and the Texas Department of Aging and [...]
PHI Exposure of Superior Dental Care Patients and L.A. Care Health Plan Members
The dental insurance provider, Superior Dental Care, based in Centerville, Ohio, has discovered an [...]
UCLA Health to Pay $7.5 Million to Settle Class Action Data Breach Lawsuit
UCLA Health has agreed to pay a $7.5 million settlement to resolve a class action lawsuit that was filed on [...]
PHI of 14,894 Patients Impacted by Third Verity Health System Phishing Attack in 3 Months
Verity Health system encountered its third phishing attack in January 2019 in three months, which impacted [...]
Email Archiving Solution Exposed PHI of 277,319 Patients
ZOLL Medical Corporation, a medical device manufacturer and software developer in Pennsylvania, is informing [...]
Healthcare Data Breach Report in February 2019
February 2019 saw healthcare data breaches reported at a ate of more than one a day, as was the case in [...]
70,000 People Impacted By Three Healthcare Ransomware Attacks
Three new ransomware attacks have recently been reported by healthcare companies and their business [...]
Over 5000 People Impacted by Two Breaches Due to Laptop Theft and Mailing Error
A Massachusetts business associate has reported a breach of the electronic protected health information [...]
Dozens of Employees Fired for Snooping on Jussie Smollett’s Medical Records
Dozen of healthcare employees at Northwestern Memorial Hospital in Chicago have been terminated for snooping [...]
7,858 Patients’ PHI Potentially Exposed Due to Covenant Care Email Account Breach
Covenant Care in Aliso Viejo, CA, a network of residential care and skilled nursing facilities, found that an [...]
Former Patient Care Coordinator Pleads Guilty to Wrongfully Disclosing PHI with Intent to Cause Harm
Ms. Linda Sue Kalina, 61, of Butler, PA, a former employee of Tri Rivers Musculoskeletal (TRM) and Allegheny [...]
St. Francis Physicians Services Notifies Patients of Milestone Family Medicine Data Breach
Bon Secours St. Francis Health System is informing patients that some of their protected health information [...]
Summary of January 2019 Healthcare Data Breaches
After a quiet month in terms of healthcare data breaches, breach reports rose again to more normal levels [...]
New Bill Seeks to Expand the Data Breach Notification Law in California
California already has tough data breach notification laws, but there is a loophole which could soon be [...]
Kentucky Counseling Center Insider Breach Affects 16,440 Patients
A list of 16,440 Kentucky Counseling Center (KCC) patients was stolen and shared with another person. The [...]
Cottage Health to Pay $3 Million to Resolve HIPAA Violation Case
The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA [...]
Almost 1 Million Patients of UW Medicine Have PHI Exposed Online
The accidental removal of protections on a UW Medicine website server resulted in the protected health [...]
Business Associate Notified Patients of PHI Theft 8 Months After Discovery of a Data Breach
Sharecare Health Data Services (SHDS) provides secure healthcare records management services to healthcare [...]
PHI of 30,000 Memorial Hospital Patients and 5,524 AZ Plastic Surgery Center Patients Breached
Memorial Hospital at Gulfport, Mississippi, is informing around 30,000 patients that unauthorized persons [...]
42,000 Patients Impacted by 16-Month Malware Attack on Florida Pulmonary & Sleep Medicine Center
The AdventHealth Medical Group Pulmonary & Sleep Medicine in Tavares, Florida, previously called Lake [...]
March 1, 2019 is the Last Day for Submitting Small Healthcare Data Breach Reports
The deadline for submitting 2018 data breach reports for breaches that have affected fewer than 500 [...]
Massive Annual Increase in Exposed Healthcare Records
2018 saw a massive increase in the number of exposed healthcare records according to the 2019 Breach [...]
Theft of Patient Schedules Results in Potential Exposure of PHI of 3,472 Anesthesia Associates of Kansas City Patients
Paperwork containing information on patients has been stolen from an Anesthesia Associates of Kansas City [...]
Malware Attack on Pawnee County Memorial Hospital Impacts 7,000 Patients
Pawnee County Memorial Hospital located in Pawnee City, Nebraska, is notifying 7,038 patients that a hacker [...]
PHI of 24,000 Georgia Eye Associates Patients Exposed Due to EyeSouth Partners Email Account Breach
A hacker accessed the email account of an employee of EyeSouth Partners and potentially viewed or acquired [...]
24,500 Patients’ PHI Exposed Due to Cyberattacks on Connecticut Eye Clinic and Chaplaincy Health Care
A ransomware attack on Dr. DeLuca Dr. Marciano & Associates, P.C., an eye care clinic located in [...]
Data Breaches at Valley Professionals Community Health Center and Sunflower State Health Plan Impact 13,625 Patients
Valley Professionals Community Health Center in Indiana has experienced a phishing attack that has resulted [...]
Aetna Pays $935,000 to California AG to Settle HIV Status Breach Case
The Connecticut health insurer Aetna has agreed to pay a financial penalty of $935,000 to the California [...]
Illinois Biometric Information Privacy Act Allows Legal Action Over Violations Even Without Actual Harm
The Illinois Supreme Court has decided that state residents can file a lawsuit against a private entity when [...]
Ransomware Attack on FABEN Obstetrics and Gynecology Results in Patient Data Loss
FABEN Obstetrics and Gynecology in Jacksonville, FL has suffered a ransomware attack which has resulted in [...]
2018 Healthcare Data Breaches Analysis
Since October 2009, the Department of Health and Human Services’ office for civil Rights (OCR) has been [...]
PHI of 7,200 Integrity House Patients Stored on Stolen Computers
A break-in at the offices of addiction treatment services provider Integrity House had potentially resulted [...]
Critical Care, Pulmonary & Sleep Associates Email-Related Breach Impacts 23,300 Patients
A data breach at Critical Care, Pulmonary & Sleep Associates (CCPSA) in Colorado has impacted over 23,300 [...]
Alaska Department of Health and Social Services Breach Impacted 87,000 More Patients Than Previously Thought
In April 2018, the Alaska Department of Health and Social Services (ADHSS) discovered that malware had been [...]
All-Star Orthopaedics and Dermacare Brickell Data Breaches Impact 77,800 Patients
All-Star Orthopaedics has notified patients of Las Colinas Orthopedic Surgery & Sports Medicine in [...]
Healthcare Data Breach Report for December 2018
December was the second-best month of 2018 for healthcare data breaches with only 23 healthcare data breaches [...]
Tougher Data Breach Notification Laws in North Carolina Sought By State AG
With the increasing number of data breaches impacting North Carolina residents in 2017, state representative [...]
Valley Hope Association Alerts Patients About Email-Related Breach
Valley Hope Association has discovered that an unauthorized individual has gained access to an [...]
Doctor Gets Probation for Criminal HIPAA Violation Instead of a Jail Term
A doctor pleaded guilty to committing a criminal violation of HIPAA Rules for wrongfully disclosing the PHI [...]
Email-Related Breach at Lebanon VA Medical Center Exposed the PHI of 1,000 Patients
Lebanon VA Medical Center based in Pennsylvania found out that the protected health information (PHI) of [...]
New Data Breach Notification Law in Massachusetts Enacted
A new data breach notification law in Massachusetts was enacted on January 10, 2019. The new law was signed [...]
BenefitMall Email Security Breach: PHI of 111K Individuals Compromised
Centerstone Insurance and Financial Services, doing business as BenefitMall, has sent notifications to over [...]
Boston Children’s Hospital DDoS Attacker Sentenced to 10 Years in Jail
Martin Gottesfeld, 34, of Somerville, MA, the hacker responsible for a Distributed Denial of Service (DDoS) [...]
PHI of Sacred Heart Rehabilitation Center Patients Exposed Due to Phishing Attack
Sacred Heart Rehabilitation Center in Memphis, MI, provides substance abuse treatment and care services for [...]
Multiple Cybersecurity Failures Led to SingHealth’s 1.5-Million Records Breach
A healthcare data breach investigation revealed that failing to implement basic cybersecurity best practices [...]
Phishing Attack on Kent County Community Mental Health Authority Exposed Patient PHI
A targeted phishing attack on Kent County Community Mental Health Authority, dba Network180, began on October [...]
500 Patients of Solis Mammography Informed of Laptop Theft and PHI Exposure
Ben-Ora, Hansen, Vanesian Imaging Ltd, has announced that an unencrypted laptop computer used by a Solis [...]
Ransomware Attack on Business Associate of Blue Cross Blue Shield of Michigan
A ransomware attack on a business associate of Blue Cross Blue Shield of Michigan has potentially compromised [...]
Breaches at Podiatric Offices of Bobby Yee and Humana Impact 580,000 People
The Podiatric Offices of Bobby Yee experienced a ransomware attack on October 29, 2018. The attack resulted [...]
Phishing Attack on Orlando Family Physicians Group Impacts 8,400 Patients
Family Physicians Group in Orlando has informed 8,400 patients that a phishing attack has allowed hackers to [...]
2018 HIPAA Fines and Settlements Summary
This post is a summary of the 2018 HIPAA fines and settlements that have been agreed with either the [...]
4,309 Choice Rehabilitation Residents Impacted by Email Account Breach
Choice Rehabilitation of Creve Coeur, MO has announced that an unauthorized person has gained access to an [...]
PHI of Dental Center of Northwest Ohio Patients Exposed Due to Ransomware Attack
The Dental Center of Northwest Ohio located in Toledo, OH, has notified present and past patients that some [...]
Flowers Hospital to Pay $150,000 to Settle Data Breach Lawsuit
Flowers Hospital in Dothan, AL has agreed to settle a class action data breach lawsuit that was filed against [...]
Blue Cross Blue Shield of Michigan Informs 15,000 Customers About Data Breach
Blue Cross Blue Shield of Michigan has advised around 15,000 customers that some of their private and [...]
Summary of the Biggest Healthcare Data Breaches of 2018
This is a summary of the biggest healthcare data breaches of 2018. The healthcare data breaches referred to [...]
San Diego School District Phishing Attack Exposed the Data of Over 500,000 Staff and Students
The San Diego School District has announced that a phishing attack resulted in the exposure of the private [...]
Lawsuit Filed Against LifeBridge Health Over Theft of PHI of 530,000 Patients
A lawsuit has been filed against LifeBridge Health over a breach of the protected health information (PHI) of [...]
McLean Hospital to Pay $75,000 HIPAA Violation Fine
Massachusetts Attorney General Maura Healey has fined McLean Hospital $75,000 for a data breach in 2015 that [...]
Court Ruled in Favor of Patient In Impermissible PHI Disclosure Lawsuit
An 11-year legal case filed after a woman’s healthcare records were released to her ex-boyfriend has at [...]
Healthcare Data Breach Report in November 2018
In November, 34 healthcare data breaches were reported to OCR, which makes it the second worst month of 2018 [...]
32,000 Patients’ PHI Potentially Exposed in Elizabethtown Community Hospital Email Breach
Around 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital have [...]
Credit Card Breach at BJC Healthcare and PHI Breach at CCRM Dallas-Fort Worth
BJC HealthCare, a large not-for-profit healthcare network in the U.S., has discovered hackers uploaded [...]
Contra Costa Health Plan and Ramsey County Social Services PHI Breaches Reported
Contra Costa Health Plan (CCHP) is sending notifications to patients to alert them that some of their [...]
PHI of 16,000 Mind & Motion Patients Potentially Compromised Due to Ransomware Attack
Mind & Motion Developmental Centers of Georgia has discovered hackers installed malware and ransomware on [...]
EmblemHealth Fined $100,000 for HIPAA Violations
The New Jersey state attorney general’s office has fined the health insurance company [...]
Colorado Hospital to Pay $111,400 for Failure to Deactivate PHI Access of Former Employee
A Colorado hospital is to pay OCR $111,400 for failing to terminate the access of a former employee to its [...]
Frisco Medical Center Breach: Payment Information of 48,000 Patients Exposed
Baylor Scott & White Medical Center, located in Frisco, TX, has learned about a potential compromise of [...]
Malware Attack on the University of Maryland Medical System Successfully Thwarted
The University of Maryland Medical System discovered on December 9, 2018, that an unauthorized person [...]
Prairie Fields Family Medicine’s Email-Related Privacy Breach Impacts 6,450 Patients
Prairie Fields Family Medicine, based in Fremont, NE, is notifying 6,450 patients about the potential [...]
18,000 People Affected by Three Separate Healthcare Security Breaches
Redwood Eye Center Ransomware Attack IT Lighthouse, the managed service provider hosting the electronic [...]
Summary of Ransomware Attacks on Healthcare Providers in Illinois and Rhode Island
This is a summary of healthcare ransomware attacks, security incidents and privacy breaches that have been [...]
PHI of 41,000 Cancer Treatment Centers of America Patients Potentially Exposed
Cancer Treatment Centers of America’s Western Regional Medical Center located in Bullhead City, AZ has [...]
Advanced Care Hospitalists Pays $500,000 to Settle Multiple HIPAA Violations
The HHS’ Office for Civil Rights (OCR) has investigated a case of impermissible disclosure of PHI by a [...]
PHI of 7,000 Georgia Spine and Orthopaedics of Atlanta Patients Exposed Due to Phishing Attack
Georgia Spine and Orthopaedics of Atlanta (GSOA) is notifying certain patients about the potential theft of [...]
Partial Closure of Emergency Rooms at Two Hospitals Due to Ransomware Attack
East Ohio Regional Hospital (EORH) in Martins Ferry, OH and Ohio Valley Medical Center (OVMC) in Wheeling, WV [...]
Pennsylvania Supreme Court Reinstates UPMC Data Breach Lawsuit
The employees affected by a data breach at University of Pennsylvania Medical Center (UPMC) took legal action [...]
PHI of 7,000 Patients Exposed Due to Tandigm Health Website Vulnerability
Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The [...]
Over Half Of Healthcare Data Breaches Caused By Insiders
The healthcare industry is a target for hackers but while there have been many hacks and IT incidents, [...]
Allergy Practice in Hartford Fined $125,000 for Impermissible PHI Disclosure
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled potential HIPAA [...]
Healthcare Data Breach Report for October 2018
HIPAA Journal’s healthcare data breach report for October 2018 shows an increase in healthcare data [...]
Key Dental Group Notifies Patients of Potential HIPAA Violation
Key Dental Group in Pembroke Pines, FL is notifying patients about a possible HIPAA violation that could [...]
PHI of 4,458 Patients Stored on Stolen FHN Healthcare Laptop
FHN Healthcare, which manages FHN Memorial Hospital located in Freeport, IL and other family healthcare [...]
Episcopal Health Services Patients Impacted by Email Hacking Incident
St. John’s Episcopal Hospital and Episcopal Health Services in New York have notified past and present [...]
Phishing Attack on Southwest Washington Regional Surgery Center Affects 2,393 Patients
A phishing attack on Southwest Washington Regional Surgery Center located in Vancouver, WA, resulted in the [...]
Upstate University Hospital Breach Impacts PHI of 1,216 Patients
Upstate University Hospital in Syracuse, NY, has informed 1,216 of its patients that a former hospital worker [...]
PHI of 94,000 People Exposed Due to HealthCare.gov Data Breach
The Centers for Medicare & Medicaid Services (CMS) reported last month that the HealthCare.gov website [...]
Ransomware Attack on May Eye Care Center Impacts 30,000 Patients
On July 29, 2018, May Eye Care Center, located in Hanover, PA, was attacked with ransomware. The ransomware [...]
Phishing Attack on Health First Compromised 42,000 Customers’ PHI
Health First Inc., a health system with four hospitals based in Florida, experienced a hacking/IT incident [...]
Former Chilton Medical Center Employee Sentenced for Theft of Computer Equipment
Sergiu Jitcu of Saddle Brook, NJ was a former IT employee of Chilton Medical Center in New Jersey. He was [...]
Healthcare Security Breaches from 2015 to 2017
The last three years have seen 955 major healthcare security breaches that resulted in the exposure and/or [...]
Billing Information of 12,331 Inova Health System Patients Compromised
Inova Health System based in Falls Church, VA is informing 12,331 patients that there has been a breach of [...]
Healthcare Data Breach Report for Q3 2018
The Q3 Breach Barometer Report from Protenus shows a drop in the number of healthcare data breaches in Q3 [...]
The Most Common HIPAA Violations Healthcare Organizations Should be Aware Of
The most common HIPAA violations committed by healthcare organizations that have resulted in financial [...]
566,217 Customers of Bankers Life Impacted by Data Breach
Bankers Life, based in Chicago, is a health insurance company and the largest division of CNO Financial Group [...]
Business Associate Pays $200,000 to New Jersey for Virtua Medical Data Breach
Best Medical Transcription agreed to pay a $200,000 settlement to the New Jersey Attorney’s office to [...]
Medicaid Data Breach Report for 2016 Published by OIG
The Department of Health and Human Services’ Office of Inspector General (OIG) has released a new report [...]
Potential Exposure of PHI of 10,000 Raley’s Pharmacy Patients Due to Stolen Laptop
Raley’s Pharmacy is sending notifications to around 10,000 patients about the possible exposure of some of [...]
MHSS Business Associate Improperly Retained PHI of 10,400 Patients
The Missouri Department of Health and Senior Services (MHSS) is informing 10,400 patients about a recently [...]
Ransomware Attack on Sioux City Eye Clinic Potentially Exposed the PHI of 40,000 Patients
The Jones Eye Clinic and CJ Elmwood Partners, L.P, located in Sioux City, IA, have discovered the protected [...]
Catawba Valley Medical Center and Byram Healthcare Breaches Impact Over 20,000 Patients
Catawba Valley Medical Center (CVMC) located in Hickory, NC, found out on August 13, 2018 that an [...]
FirstCare Health Plans Informs 8,000+ Members of Accidental PHI Disclosure
FirstCare Health Plans in Texas is informing over 8,000 plan members about the impermissible disclosure of [...]
Healthcare Data Breach Report for September 2018
September saw 25 healthcare data breaches of more than 500 records reported to the Department of Health and [...]
Employees Retirement System of Texas Data Breach Affects Up to 1.25 Million Individuals
The Employees Retirement System of Texas (ERS) has discovered a problem with its ERS OnLine portal. When some [...]
16,000 National Ambulatory Hernia Institute Patients Impacted by Ransomware Attack
California’s National Ambulatory Hernia Institute experienced a ransomware attack on September 13, 2018 [...]
$640,000 Paid by Aetna to Settle HIPAA Violation Case with State Attorneys General
Two mailing errors in 2017 resulted in the impermissible disclosure of Aetna plan members’ protected [...]
Biomarin Pharmaceutical and Envision Healthcare Corporation Report Email-Related Breaches
Biomarin Pharmaceutical and Envision Healthcare Corporation have both recently announced that they have [...]
PHI of 21,000 Patients of Minnesota DHS Potentially Compromised
Two recent phishing attacks on the Minnesota Department of Human Services (DHS) have resulted in a potential [...]
Round Up of Recent Healthcare Data Breaches
Here’s a summary of the healthcare data breaches reported to OCR by healthcare providers and business [...]
Phishing Attack on Gold Coast Health Plan: PHI of 37,000 Members Potentially Compromised
Gold Coast Health Plan based in Camarillo, CA is alerting 37,000 plan members that hackers have potentially [...]
KHOU Employee Found Abandoned Paper Records Containing PHI in Houston Street
An employee of KHOU 11, a CBS-affiliated TV station, discovered abandoned paperwork that contained the [...]
Phishing Attack on Aspire Health Resulted in PHI Theft
Aspire Health is a Nashville, TN in-home services provider for patients diagnosed with critical illnesses. [...]
Gynecologist Lost Her License But Did Not Get Jail Time and Fine for Criminal HIPAA Violation
In April 2018, 65-year old former Massachusetts gynecologist Rita Luthra was found guilty of a criminal [...]
Ex-Employee of Brooklyn’s Kings County Hospital Accused of Stealing and Selling Patients’ PHI
An employee of the emergency unit in Brooklyn’s Kings County Hospital has been charged with stealing [...]
Rising Incidences of HIPAA Violations on Social Media
Posting protected health information (PHI) on social media sites, including closed Facebook groups, violates [...]
Copyright © 2007-2023 The HIPAA Guide Site Map Privacy Policy About The HIPAA Guide