HIPAA Breaches

April was a record-breaking month for healthcare data breaches. More data breaches were reported by [...]

A phishing attack on Baystate Health in Massachusetts has exposed the protected health information (PHI) of [...]

993 Ohio residents who are beneficiaries of Medicaid or have received services from the Ohio Department of [...]

An office computer used by Oregon Endodontic Group has been infected with malware, which may have allowed [...]

Main Line Endoscopy Centers, a network of outpatient endoscopy clinics in the Malvern, Media and Bala Cynwyd [...]

Sharp HealthCare and Sharp Grossmont Hospital have been accused of covertly recording videos in an area of [...]

A class action lawsuit that was filed on behalf of victims of a 2016 data breach at the National Board of [...]

A ransomware attack on Brookside ENT and Hearing Center located in Battle Creek prompted the Michigan [...]

DePaul is informing a number of its behavioral health program patients about the exposure of their protected [...]

Burrell Behavioral Health is informing 67,493 patients about the accidental exposure of their healthcare [...]

A class action lawsuit has been filed against UnityPoint Health over a data breach that exposed 16,429 [...]

The Department of Health and Human Services’ Office for Civil Rights and the Texas Department of Aging and [...]

The dental insurance provider, Superior Dental Care, based in Centerville, Ohio, has discovered an [...]

UCLA Health has agreed to pay a $7.5 million settlement to resolve a class action lawsuit that was filed on [...]

Verity Health system encountered its third phishing attack in January 2019 in three months, which impacted [...]

ZOLL Medical Corporation, a medical device manufacturer and software developer in Pennsylvania, is informing [...]

February 2019 saw healthcare data breaches reported at a ate of more than one a day, as was the case in [...]

Three new ransomware attacks have recently been reported by healthcare companies and their business [...]

A Massachusetts business associate has reported a breach of the electronic protected health information [...]

Dozen of healthcare employees at Northwestern Memorial Hospital in Chicago have been terminated for snooping [...]

Covenant Care in Aliso Viejo, CA, a network of residential care and skilled nursing facilities, found that an [...]

Ms. Linda Sue Kalina, 61, of Butler, PA, a former employee of Tri Rivers Musculoskeletal (TRM) and Allegheny [...]

Bon Secours St. Francis Health System is informing patients that some of their protected health information [...]

After a quiet month in terms of healthcare data breaches, breach reports rose again to more normal levels [...]

California already has tough data breach notification laws, but there is a loophole which could soon be [...]

A list of 16,440 Kentucky Counseling Center (KCC) patients was stolen and shared with another person. The [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA [...]

The accidental removal of protections on a UW Medicine website server resulted in the protected health [...]

Sharecare Health Data Services (SHDS) provides secure healthcare records management services to healthcare [...]

Memorial Hospital at Gulfport, Mississippi, is informing around 30,000 patients that unauthorized persons [...]

The AdventHealth Medical Group Pulmonary & Sleep Medicine in Tavares, Florida, previously called Lake [...]

The deadline for submitting 2018 data breach reports for breaches that have affected fewer than 500 [...]

Paperwork containing information on patients has been stolen from an Anesthesia Associates of Kansas City [...]

Pawnee County Memorial Hospital located in Pawnee City, Nebraska, is notifying 7,038 patients that a hacker [...]

A hacker accessed the email account of an employee of EyeSouth Partners and potentially viewed or acquired [...]

A ransomware attack on Dr. DeLuca Dr. Marciano & Associates, P.C., an eye care clinic located in [...]

Valley Professionals Community Health Center in Indiana has experienced a phishing attack that has resulted [...]

The Connecticut health insurer Aetna has agreed to pay a financial penalty of $935,000 to the California [...]

The Illinois Supreme Court has decided that state residents can file a lawsuit against a private entity when [...]

FABEN Obstetrics and Gynecology in Jacksonville, FL has suffered a ransomware attack which has resulted in [...]

Since October 2009, the Department of Health and Human Services’ office for civil Rights (OCR) has been [...]

A break-in at the offices of addiction treatment services provider Integrity House had potentially resulted [...]

A data breach at Critical Care, Pulmonary & Sleep Associates (CCPSA) in Colorado has impacted over 23,300 [...]

In April 2018, the Alaska Department of Health and Social Services (ADHSS) discovered that malware had been [...]

All-Star Orthopaedics has notified patients of Las Colinas Orthopedic Surgery & Sports Medicine in [...]

December was the second-best month of 2018 for healthcare data breaches with only 23 healthcare data breaches [...]

With the increasing number of data breaches impacting North Carolina residents in 2017, state representative [...]

Valley Hope Association has discovered that an unauthorized individual has gained access to an [...]

A doctor pleaded guilty to committing a criminal violation of HIPAA Rules for wrongfully disclosing the PHI [...]

Lebanon VA Medical Center based in Pennsylvania found out that the protected health information (PHI) of [...]

A new data breach notification law in Massachusetts was enacted on January 10, 2019. The new law was signed [...]

Centerstone Insurance and Financial Services, doing business as BenefitMall, has sent notifications to over [...]

Martin Gottesfeld, 34, of Somerville, MA, the hacker responsible for a Distributed Denial of Service (DDoS) [...]

Sacred Heart Rehabilitation Center in Memphis, MI, provides substance abuse treatment and care services for [...]

A healthcare data breach investigation revealed that failing to implement basic cybersecurity best practices [...]

A targeted phishing attack on Kent County Community Mental Health Authority, dba Network180, began on October [...]

Ben-Ora, Hansen, Vanesian Imaging Ltd, has announced that an unencrypted laptop computer used by a Solis [...]

A ransomware attack on a business associate of Blue Cross Blue Shield of Michigan has potentially compromised [...]

The Podiatric Offices of Bobby Yee experienced a ransomware attack on October 29, 2018. The attack resulted [...]

Family Physicians Group in Orlando has informed 8,400 patients that a phishing attack has allowed hackers to [...]

This post is a summary of the 2018 HIPAA fines and settlements that have been agreed with either the [...]

Choice Rehabilitation of Creve Coeur, MO has announced that an unauthorized person has gained access to an [...]

The Dental Center of Northwest Ohio located in Toledo, OH, has notified present and past patients that some [...]

Flowers Hospital in Dothan, AL has agreed to settle a class action data breach lawsuit that was filed against [...]

Blue Cross Blue Shield of Michigan has advised around 15,000 customers that some of their private and [...]

This is a summary of the biggest healthcare data breaches of 2018. The healthcare data breaches referred to [...]

The San Diego School District has announced that a phishing attack resulted in the exposure of the private [...]

A lawsuit has been filed against LifeBridge Health over a breach of the protected health information (PHI) of [...]

Massachusetts Attorney General Maura Healey has fined McLean Hospital $75,000 for a data breach in 2015 that [...]

An 11-year legal case filed after a woman’s healthcare records were released to her ex-boyfriend has at [...]

In November, 34 healthcare data breaches were reported to OCR, which makes it the second worst month of 2018 [...]

Around 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital have [...]

BJC HealthCare, a large not-for-profit healthcare network in the U.S., has discovered hackers uploaded [...]

Contra Costa Health Plan (CCHP) is sending notifications to patients to alert them that some of their [...]

Mind & Motion Developmental Centers of Georgia has discovered hackers installed malware and ransomware on [...]

The New Jersey state attorney general’s office has fined the health insurance company [...]

Baylor Scott & White Medical Center, located in Frisco, TX, has learned about a potential compromise of [...]

The University of Maryland Medical System discovered on December 9, 2018, that an unauthorized person [...]

Redwood Eye Center Ransomware Attack IT Lighthouse, the managed service provider hosting the electronic [...]

This is a summary of healthcare ransomware attacks, security incidents and privacy breaches that have been [...]

Cancer Treatment Centers of America’s Western Regional Medical Center located in Bullhead City, AZ has [...]

Georgia Spine and Orthopaedics of Atlanta (GSOA) is notifying certain patients about the potential theft of [...]

East Ohio Regional Hospital (EORH) in Martins Ferry, OH and Ohio Valley Medical Center (OVMC) in Wheeling, WV [...]

The employees affected by a data breach at University of Pennsylvania Medical Center (UPMC) took legal action [...]

Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The [...]

The healthcare industry is a target for hackers but while there have been many hacks and IT incidents, [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled potential HIPAA [...]

HIPAA Journal’s healthcare data breach report for October 2018 shows an increase in healthcare data [...]

Key Dental Group in Pembroke Pines, FL is notifying patients about a possible HIPAA violation that could [...]

FHN Healthcare, which manages FHN Memorial Hospital located in Freeport, IL and other family healthcare [...]

St. John’s Episcopal Hospital and Episcopal Health Services in New York have notified past and present [...]

A phishing attack on Southwest Washington Regional Surgery Center located in Vancouver, WA, resulted in the [...]

Upstate University Hospital in Syracuse, NY, has informed 1,216 of its patients that a former hospital worker [...]

The Centers for Medicare & Medicaid Services (CMS) reported last month that the HealthCare.gov website [...]

On July 29, 2018, May Eye Care Center, located in Hanover, PA, was attacked with ransomware. The ransomware [...]

Health First Inc., a health system with four hospitals based in Florida, experienced a hacking/IT incident [...]

Sergiu Jitcu of Saddle Brook, NJ was a former IT employee of Chilton Medical Center in New Jersey. He was [...]

The last three years have seen 955 major healthcare security breaches that resulted in the exposure and/or [...]

Inova Health System based in Falls Church, VA is informing 12,331 patients that there has been a breach of [...]

The Q3 Breach Barometer Report from Protenus shows a drop in the number of healthcare data breaches in Q3 [...]

Bankers Life, based in Chicago, is a health insurance company and the largest division of CNO Financial Group [...]

Best Medical Transcription agreed to pay a $200,000 settlement to the New Jersey Attorney’s office to [...]

The Department of Health and Human Services’ Office of Inspector General (OIG) has released a new report [...]

Raley’s Pharmacy is sending notifications to around 10,000 patients about the possible exposure of some of [...]

The Missouri Department of Health and Senior Services (MHSS) is informing 10,400 patients about a recently [...]

The Jones Eye Clinic and CJ Elmwood Partners, L.P, located in Sioux City, IA, have discovered the protected [...]

Catawba Valley Medical Center (CVMC) located in Hickory, NC, found out on August 13, 2018 that an [...]

FirstCare Health Plans in Texas is informing over 8,000 plan members about the impermissible disclosure of [...]

The Employees Retirement System of Texas (ERS) has discovered a problem with its ERS OnLine portal. When some [...]

California’s National Ambulatory Hernia Institute experienced a ransomware attack on September 13, 2018 [...]

Two mailing errors in 2017 resulted in the impermissible disclosure of Aetna plan members’ protected [...]

Biomarin Pharmaceutical and Envision Healthcare Corporation have both recently announced that they have [...]

Two recent phishing attacks on the Minnesota Department of Human Services (DHS) have resulted in a potential [...]

Here’s a summary of the healthcare data breaches reported to OCR by healthcare providers and business [...]

Gold Coast Health Plan based in Camarillo, CA is alerting 37,000 plan members that hackers have potentially [...]

An employee of KHOU 11, a CBS-affiliated TV station, discovered abandoned paperwork that contained the [...]

Aspire Health is a Nashville, TN in-home services provider for patients diagnosed with critical illnesses. [...]

In April 2018, 65-year old former Massachusetts gynecologist Rita Luthra was found guilty of a criminal [...]

An employee of the emergency unit in Brooklyn’s Kings County Hospital has been charged with stealing [...]

Posting protected health information (PHI) on social media sites, including closed Facebook groups, violates [...]

Independence Blue Cross in Philadelphia has notified 17,000 of its plan members that their protected health [...]

Hopebridge, a healthcare organization that operates a network of 28 autism treatment centers across the [...]

A nurse employed at Texas Children’s Hospital has lost her job as a result of sharing protected health [...]

Lafayette, Louisiana-based Acadiana Computer Services Inc., provides software and business solutions to the [...]

In August, 28 healthcare data breaches were reported to the HHS’ Office for Civil Rights which represents a [...]

Reliable Respiratory, a respiratory care provider located in Norwood, MA, has experienced a phishing attack [...]

The New Mexico Department of Health is conducting an investigation into how the confidential medical files of [...]

Authentic Recovery Center, a drug and alcohol treatment center based in West Los Angeles, recently [...]

An error in a Missouri Care mailing reminding parents to book well-child appointments has resulted in the [...]

Dennis and Wayne Russell’s adopted two-year old son Keon died in a tragic swimming pool [...]

Central Colorado Dermatology (CCD) has informed more than 4,000 patients that hackers have potentially [...]

Legacy Health has discovered an unauthorized individual has accessed its email system and potentially viewed [...]

The Gordon Schanzlin New Vision Institute located in La Jolla, CA, has informed thousands of patients that [...]

Anthem Inc. proposed a $115 million settlement in 2017 to resolve the class action lawsuits filed by the [...]

The mental health and substance abuse treatment provider InterAct of Michigan has announced that [...]

A data security breach has occurred in Adams County, Wisconsin where the personal identification information, [...]

Augusta University Health has announced it has experienced a data breach that has affected approximately [...]

Three Democrat lawmakers have accused the Oklahoma Department of Veteran Affairs of violating Health [...]

MedSpring Urgent Care, a network of emergency care clinics located in Austin, Atlanta, Chicago, Houston, Fort [...]

Approximately 300,000 patients of SSM Health St. Mary’s Hospital in Jefferson City, Missouri have been [...]

This is a summary of data breaches that have recently to the Department of Health and Human Services’ [...]

A phishing attack on UnityPoint Health has allowed hackers to gain access to the protected health information [...]

The protected health information (PHI) of over 19,000 patients was exposed due to an error by a transcription [...]

A data breach has been reported by Confluence Health, a non-profit health system managing Wenatchee Valley [...]

The medical records of more than 17,000 patients have been exposed in two data breaches in Oregon and [...]

A class action lawsuit filed in the aftermath of a data breach at Flowers Hospital in Dothan, Alabama in 2014 [...]

Boys Town National Research Hospital (Boys Town) in Omaha, NE has discovered that an employee was fooled by a [...]

Blue Springs Family Care in Missouri was attacked with ransomware resulting in the encryption of [...]

Ruben U. Carvajal, MD, a doctor in New York, has started informing his patients that unauthorized individuals [...]

Thompson Health’s M.M. Ewing Continuing Care Center, a nursing home in Canandaigua, NY, has discovered that [...]

Reported healthcare data breaches in June 2018 increased by 13.8% month-over-month although there were 42.48% [...]

Golden Heart Administrative Professionals based in Fairbanks, AK is a billing company that serves as a [...]

Two more healthcare companies have announced they have been victims of phishing attacks that have allowed [...]

LabCorp, a major network of clinical laboratories in the U.S., experienced a cyberattack that potentially [...]

Alive Hospice in Tennessee has discovered the email accounts of two employees were compromised after the [...]

The email account of a doctor at UMC Physicians in Texas was hacked, which resulted to the potential exposure [...]

The protected health information (PHI) of 8,400 patients contained in the email account of an employee of [...]

According to a report published in The Tennessean, a Metro Health employee made an error that resulted in the [...]

The Ponemon Institute and IBM have explained several factors that impact the cost of data breaches in the [...]

The Ponemon Institute has conducted its annual Cost of a Data Breach Study on behalf of IBM Security, which [...]

An FTP server used by MedEvolve, a provider of billing and medical record services to healthcare providers, [...]

A lawsuit has been filed against Children’s Mercy Hospital following a phishing attack that resulted in the [...]

Law enforcement is investigating a former employee of Arkansas Children’s Hospital for being involved in [...]

The UK’s National Health Service (NHS) has informed 150,000 patients that their health data was shared for [...]

In 2016, Main Line Health Inc. based in Radnor, PA dismissed an employee named Gloria Terrell for a violation [...]

Cass Regional Medical Center in Harrisonville, MO has announced it suffered a ransomware attack at 11 am on [...]

Manitowoc County in Wisconsin fell victim to a phishing attack resulting in the theft of protected health [...]

Humana is informing members about a “sophisticated spoofing attack” which potentially resulted in [...]

A former patient information coordinator at the University of Pittsburgh Medical Center has been indicted by [...]

The Alaska Department of Health and Social Services (ADHSS) is informing ‘over 500’ persons that hackers [...]

Michigan Medicine has informed 870 of its patients that an unencrypted laptop computer has been stolen, [...]

A breach of physical protected health information (PHI) has been reported by Associated Dermatology & [...]

OhioHealth’s Grant Medical Center sent faxes containing the protected health information (PHI) of a [...]

Outdated pager systems have now been replaced by secure messaging systems in many healthcare organizations. [...]

Washington Health System has suspended a number of its employees after discovering they inappropriately [...]

In April 2018, 41 healthcare data breaches were reported to the HHS’ Office for Civil Rights. The 29 [...]

Med Associates in Latham, NY is a health billing company that provides claims services to over 70 healthcare [...]

The Department of Health and Human Services’ Office for Civil Rights recently issued its fourth largest [...]

An ex-employee of Veteran Affairs Medical Center in Long Beach, CA named Albert Torres, 51, was sentenced to [...]

Patients of two HIPAA-covered entities received notification that their protected health information (PHI) [...]

HealthEquity Inc based in Draper, UT, suffered a phishing attack which resulted in the protected health [...]

An employee working for Terros Health in Phoenix, AZ fell for a phishing scam and inadvertently disclosed [...]

Rise Wisconsin is notifying over 3,700 plan members of an incident that has potentially resulted in an [...]

A nurse practitioner has had her license to practice suspended for 12 months by the New York State Education [...]

Hacking incidents continue to dominate healthcare data breach reports. One such incident has recently been [...]

Blue Cross Blue Shield of Illinois has discovered the the protected health information (PHI) of a number of [...]

Former employees of two HIPAA-covered entities accessed and stole patients’ protected health information [...]

Kathy Raymond from Roane County, TN, is considering taking legal action against an EMS worker over a Facebook [...]

Two lawsuits have recently been filed over violations of HIPAA Rules. One case involved a former employee of [...]

Another lawsuit has been filed by Aetna in an attempt to recover the costs incurred due to a 2017 privacy [...]

Purdue University’s security team discovered two security breaches in April that potentially allowed [...]

Dignity Health reported multiple data breaches and HIPAA violations to the Department of Health and Human [...]

Aultman Health Foundation is informing around 42,600 patients that their protected health information (PHI) [...]

The Associates in Psychiatry and Psychology (APP) based in Rochester, MN had a ransomware attack which [...]

In the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, there’s a [...]

LifeBridge Health in Baltimore experienced a data breach which was mentioned in a press release on May 16, [...]

MEDantex, a transcription company, inadvertently left patient healthcare information unsecured and openly [...]

Florida Hospital utilizes three websites that were attacked by malware. Due to the malware attack, it is very [...]

Steward Healthcare System in Boston fired Dr. Alexander Lipin, a psychiatrist, for allegedly violating HIPAA [...]

Part of Allied Physicians Group of Michiana’s network was down because of a ransomware attack. This [...]

Lincare Inc, a respiratory therapy supplier company, agreed to pay $875,000 as settlement for a class-action [...]

In a recent Government Accountability Office (GAO) audit as required by the 21st Century Cures Act, the [...]

April was a bad month for the healthcare industry because of the higher number of data breaches and the [...]

Nuance Communications based in Burlington, MA filed with the U.S. Securities and Exchange Commission about [...]

Eye Care Surgery Center, Inc, which is located in Baton Rouge, LA, discovered on February 26, 2018 that one [...]

Cerebral Palsy Research Foundation of Kansas (CPRF) discovered on March 10, 2018 that the security protection [...]

UnityPoint Health discovered a data breach on February 15, 2018 that resulted to the exposure of the [...]

Capital Digestive Care, an MD-based gastroenterology group in Silver Spring, discovered the error that its [...]

The Protenus’ quarterly breach barometer report is a compilation of data breach information provided by [...]

The University of Arkansas Medical Sciences (UAMS) fired three employees because of an alleged violation of [...]

It’s not very common for HIPAA violations to get criminal penalties, but there are cases when the [...]

Patients consulting with the Center for Orthopaedic Specialists received warning that some of their protected [...]

An employee of Texas Health and Human Services Commission (HHSC) has the protected health information (PHI) [...]

Scenic Bluffs Community Health Centers discovered on March 1, 2018 an email account breach, which resulted to [...]

Maximus Inc is a business process management and technology solutions company providing their services to [...]

The HIPAA Rules must be followed by HIPAA covered entities, business associates and healthcare employees. [...]

The physiatry group Integrated Rehab Consultants (IRC) based in Chicago, IL sent notification letters to some [...]

Chesapeake Regional Healthcare discovered on February 6, 2018 that two hard drives from the Chesapeake [...]

The protected health information of 42,000 patients of a New York medical practice was exposed online because [...]

The patients of CVS Caremark filed a lawsuit against CVS and its mailing vendor, Fiserve, on March 21, 2018 [...]

Employees can be severely penalized for violating HIPAA rules especially if they are involved in the theft of [...]

Protenus’ Healthcare Breach Barometer Report for February 2018 has been published. The report talks about [...]

February may have the least number of days in a month, but the number of reported healthcare data breaches [...]

An electronic device used by ShopRite Pharmacy in Millville, New Jersey for capturing customer signature was [...]

EmblemHealth had a mailing error in 2016 that resulted in the disclosure of 81,122 Health Insurance claim [...]

A professional hacker accessed the healthcare records of about 1,900 patients of the University of Virginia [...]

Medical University of South Carolina (MUSC) demonstrated how seriously it takes protected health information [...]

A study published in the American Journal of Managed Care looked into the typical characteristics of hospital [...]

Hancock Health in Indiana, Greenfield experienced a ransomware attack which compelled hospital personnel to [...]

CarePlus Health Plans in Miami, Florida had a privacy breach incident. The protected health information of [...]

Westminster Ingleside King Farm Presbyterian Retirement Communities had a malware infection potentially [...]

Protenus published its summary and analysis of 2017’s healthcare data breaches using data from [...]

Pedes Orange County Inc is a healthcare provider in California that specializes in vascular disease [...]

DJO Global provides medical devices to help patients maintain and regain natural motion. A data breach [...]

Charles River Medical Associates in Framingham, MA discovered the danger of failing to encrypt protected [...]

An unauthorized person accessed the network and server of Compassionate Care Hospice Las Vegas (CCHLV). The [...]

Kaiser Permanente reported two data breaches to the Department of Health and Human Services’ Office for [...]