PHI of 3,253,822 Individuals Potentially Stolen and Deleted from 20/20 Hearing Care Network’s AWS Environment
The protected health information (PHI) of 3,253,822 current and former members of the 20/20 Hearing Care [...]
HIPAA Breaches
OCR Announces 19th HIPAA Right of Access Settlement
The U.S. Department of Health and Human Services’ Office for Civil Rights has fined an endocrine disorder [...]
Multiple HIPAA Security Rule Failures Result in $25,000 HIPAA Fine for Clinical Laboratory
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 7th HIPAA [...]
UHS Data Breach Lawsuit Proceeds for Plaintiff Whose Surgery was Delayed
It is now common for the victims of healthcare data breaches to take legal action against a healthcare [...]
Montefiore Staff Member Fired for HIPAA Breach; Belden Facing Class Action Suit
Another staff member at New York’s Montefiore Medical Center has been found to have been illegally [...]
PHI of Almost 3.5 Million Individuals was Compromised in the Accellion Cyberattack
The number of healthcare organizations known to have been affected by the Accellion cyberattack has been [...]
OCR Announces 18th Settlement Under HIPAA Right of Access Enforcement Initiative
The U.S. Department of Health and Human Services’ Office for Civil Rights has announced its 18th settlement [...]
Massachusetts Hospital Pays $65,000 Penalty to Settle HIPAA Right of Access Case
The HHS’ Office for Civil Rights has fined Arbour Hospital $65,000 for failing to provide a patient with [...]
Medical Debt Collection Firm Settles Data Breach Case with Coalition of 41 State AGs
In 2019, the largest reported healthcare data breach was at American Medical Collection Agency (AMCA), a debt [...]
What is the Proper Response to an Accidental HIPAA Violation?
The HIPAA Rules must be followed by HIPAA covered entities, business associates and healthcare employees. [...]
OCR Announces $70,000 Settlement with Sharpe Healthcare to Resolve HIPAA Right of Access Case
Sharpe Healthcare has agreed to settle a HIPAA violation case with the Department of Health and Human [...]
Florida Health Insurer Discovers Breach of the PHI of 3.5 Million Individuals
One of the largest ever healthcare data breaches has recently been reported by the Florida-based health [...]
OCR Announces Fifteenth Settlement Under its HIPAA Right of Access Enforcement Initiative
The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA Right of Access enforcement action [...]
$4.3 Million HIPAA Penalty for MD Anderson Cancer Center Vacated by Court of Appeals
The 5th Circuit U.S. Court of Appeals in Louisiana has vacated the civil monetary penalties imposed on the [...]
Excellus Health Plan Hit with $5.1 Million Penalty for 10 Million-Record Data Breach
Excellus Health Plan has settled a HIPAA violation case with the HHS’ Office for Civil Rights and has [...]
HHS Announces Largest Ever Financial Penalty for HIPAA Right of Access Failure
The U.S. Department of Health and Human Services has issued its largest ever HIPAA fine for noncompliance [...]
OCR Announces 13th HIPAA Right of Access Settlement
In 2019, the Department of Health and Human Services’ Office for Civil Rights announced a new HIPAA [...]
Dental Care Alliance Cyberattack Impacts More Than 1 Million Patients
The protected health information of more than a million dental patients has potentially been obtained by [...]
OCR Fines University of Cincinnati Medical Center $65,000 for Failure to Provide Patient’s Medical Records
The University of Cincinnati Medical Center (UCMC) has been fined $65,000 by the HHS’ Office for Civil [...]
OCR Announces 11th Financial Penalty under HIPAA Right of Access Enforcement Initiative
A Regal Park, NY-based private otolaryngology practitioner has been issued with a $15,000 financial penalty [...]
ShopRite Data Breach Results in $235,000 HIPAA Penalty for Wakefern Food Corporation
New Jersey Attorney General General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs have [...]
Community Health Systems Settles Data Breach Case with 28 State Attorneys General for $5 Million
Tennessee Attorney General Herbert H. Slatery III has announced a $5 million settlement has been reached with [...]
OCR Settles 5 More HIPAA Right of Access Cases
In 2019, the HHS’ Office for Civil Rights launched an enforcement initiative targeting organizations that [...]
Medical Data Being Exposed via Public GitHub Repositories
Research recently published in a collaborative report by security researcher Jelle Ursem and DataBreaches.net [...]
914,000 Patients Impacted by Hacking of Florida Orthopedic Institute and Benefit Recovery Specialists
The protected health information of 914,000 patients has potentially been compromised in two hacking [...]
At Least 365K Patients Impacted by Magellan Health Ransomware Attack
In April 2020, the Fortune 500 firm Magellan Health experienced a ransomware attack that resulted in [...]
Episcopal Health Services Data Breach Lawsuit Sent Back to State Court for Further Proceedings
A lawsuit filed against Episcopal Health Services following a phishing attack that exposed the protected [...]
PHI of 170,000 Patients Potentially Compromised in Recent Phishing Attacks
Monthly breach reports show that email is the most common location of breached protected health information. [...]
$100,000 HIPAA Fine Imposed on Physician Practice for Security Rule Violations
A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures [...]
Analysis of 2019 Healthcare Data Breaches
A recent analysis of 2019 healthcare data breaches by Protenus has confirmed that 2019 was a particularly bad [...]
HIPAA Compliance Failures Result in $65,000 Fine for Georgia Ambulance Company
West Georgia Ambulance, Inc., an ambulance company serving Carroll County in Georgia, has agreed to settle a [...]
OCR Issues Second Fine for Noncompliance with HIPAA Right of Access
The Department of Health and Human Services’ Office for Civil Rights has announced another settlement has [...]
Breach Notification Rule Failure Leads to $2.175 Million HIPAA Settlement
A breach notification failure and the lack of a business associate agreement has led to a $2.175 million [...]
OCR Imposes $1.6 Million Civil Monetary Penalty on Texas Health and Human Services Commission for HIPAA Violations
The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined another HIPAA-covered [...]
9 Unsecured Medical Databases Found Containing Millions of Patient Records
Security researchers at Wizecase have discovered 9 medical databases containing millions of patient records [...]
HIPAA Right of Access Failure Attracts $85,000 Financial Penalty
The HHS’ Office for Civil Rights has announced the first HIPAA settlement under its HIPAA Right of Access [...]
400 Million Medical Images Found to Be Freely Accessible Over the Internet
A recent investigation by ProPublica, Greenbone Networks, and the German public broadcaster Bayerischer [...]
Summary of July 2019 Healthcare Data Breaches
It has been another terrible month for healthcare data breaches – The worst of the year to date in terms of [...]
AMCA Breach Victim Count Nears $24 Million
Over the past 10 days, several more healthcare providers have announced that they have been affected by the [...]
Premera Blue Cross Settles HIPAA Case for $10 Million
Premera Blue Cross has agreed to settle its HIPAA violation lawsuit and pay a $10 million penalty to resolve [...]
Almost 2 Million Records Exposed in May 2019 Healthcare Data Breaches
It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of [...]
AMCA Files for Bankruptcy Following Massive Data Breach
After 42 years in business, the parent company of American Medical Collections Agency (AMCA) has sought [...]
More Than 20 Million Individuals Impacted by AMCA Data Breach
The number of individuals affected by the data breach at American Medical Collections Agency (AMCA) continues [...]
PHI of 11.9 Million Quest Diagnostics Patients Compromised in AMCA Data Breach
Quest Diagnostics, one of the largest medical laboratory chains in the United States, has announced that [...]
EHR Provider to Pay $900,000 to Resolve Multi-State HIPAA Case
Just a few days after the HHS’ Office for Civil Rights announced a settlement had been reached with Medical [...]
HHS Confirms When Business Associates Can be Held Directly Liable for HIPAA Violations
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, and the subsequent [...]
Medical Informatics Engineering Issued with $100,000 HIPAA Violation Penalty
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been [...]
April 2019 Was the Worst Ever Month for Healthcare Data Breaches
April was a record-breaking month for healthcare data breaches. More data breaches were reported by [...]
Multiple HIPAA Violations at Medical Imaging Services Company Result in $3 Million Penalty
Touchstone Medical Imaging, a Franklin, Tennessee-based provider of medical imaging services, has agreed to [...]
912,992 Records Exposed in Healthcare Data Breaches in March 2019
February was a particularly bad month for healthcare data breaches, so it is no surprise there was a fall in [...]
PHI of 12,000 Baystate Health Patients Exposed Due to Phishing Attack
A phishing attack on Baystate Health in Massachusetts has exposed the protected health information (PHI) of [...]
1,600 Ohio Patients Impacted by Impermissible Disclosures of PHI
993 Ohio residents who are beneficiaries of Medicaid or have received services from the Ohio Department of [...]
PHI Compromised Due to Emotet Malware Attack on Oregon Endodontic Group and Humana Web Portal Breach
An office computer used by Oregon Endodontic Group has been infected with malware, which may have allowed [...]
PHI of 14,305 Patients Exposed Due to a Phishing Attack on Main Line Endoscopy Centers
Main Line Endoscopy Centers, a network of outpatient endoscopy clinics in the Malvern, Media and Bala Cynwyd [...]
Sharp Grossmont Hospital Faces Lawsuit For Video Recording Patients During Gynecology Procedures
Sharp HealthCare and Sharp Grossmont Hospital have been accused of covertly recording videos in an area of [...]
National Board of Examiners in Optometry to Pay $3.25 Million to Settle 2016 Data Breach Lawsuit
A class action lawsuit that was filed on behalf of victims of a 2016 data breach at the National Board of [...]
Michigan Practice to Close Down Due to Ransomware Attack
A ransomware attack on Brookside ENT and Hearing Center located in Battle Creek prompted the Michigan [...]
Security Breaches Reported by DePaul and Southern Hills Eye Care
DePaul is informing a number of its behavioral health program patients about the exposure of their protected [...]
PHI of 67,493 Burrell Behavioral Health Patients Exposed Due to Business Associate Breach
Burrell Behavioral Health is informing 67,493 patients about the accidental exposure of their healthcare [...]
Class Action Lawsuit Filed Against UnityPoint Health for February 2018 Data Breach
A class action lawsuit has been filed against UnityPoint Health over a data breach that exposed 16,429 [...]
Texas Department of Aging and Disability Services To Pay $1.6 Million Settlement Over 2015 Data Breach
The Department of Health and Human Services’ Office for Civil Rights and the Texas Department of Aging and [...]
PHI Exposure of Superior Dental Care Patients and L.A. Care Health Plan Members
The dental insurance provider, Superior Dental Care, based in Centerville, Ohio, has discovered an [...]
UCLA Health to Pay $7.5 Million to Settle Class Action Data Breach Lawsuit
UCLA Health has agreed to pay a $7.5 million settlement to resolve a class action lawsuit that was filed on [...]
PHI of 14,894 Patients Impacted by Third Verity Health System Phishing Attack in 3 Months
Verity Health system encountered its third phishing attack in January 2019 in three months, which impacted [...]
Email Archiving Solution Exposed PHI of 277,319 Patients
ZOLL Medical Corporation, a medical device manufacturer and software developer in Pennsylvania, is informing [...]
Healthcare Data Breach Report in February 2019
February 2019 saw healthcare data breaches reported at a ate of more than one a day, as was the case in [...]
70,000 People Impacted By Three Healthcare Ransomware Attacks
Three new ransomware attacks have recently been reported by healthcare companies and their business [...]
Over 5000 People Impacted by Two Breaches Due to Laptop Theft and Mailing Error
A Massachusetts business associate has reported a breach of the electronic protected health information [...]
Dozens of Employees Fired for Snooping on Jussie Smollett’s Medical Records
Dozen of healthcare employees at Northwestern Memorial Hospital in Chicago have been terminated for snooping [...]
7,858 Patients’ PHI Potentially Exposed Due to Covenant Care Email Account Breach
Covenant Care in Aliso Viejo, CA, a network of residential care and skilled nursing facilities, found that an [...]
Former Patient Care Coordinator Pleads Guilty to Wrongfully Disclosing PHI with Intent to Cause Harm
Ms. Linda Sue Kalina, 61, of Butler, PA, a former employee of Tri Rivers Musculoskeletal (TRM) and Allegheny [...]
St. Francis Physicians Services Notifies Patients of Milestone Family Medicine Data Breach
Bon Secours St. Francis Health System is informing patients that some of their protected health information [...]
Summary of January 2019 Healthcare Data Breaches
After a quiet month in terms of healthcare data breaches, breach reports rose again to more normal levels [...]
New Bill Seeks to Expand the Data Breach Notification Law in California
California already has tough data breach notification laws, but there is a loophole which could soon be [...]
Kentucky Counseling Center Insider Breach Affects 16,440 Patients
A list of 16,440 Kentucky Counseling Center (KCC) patients was stolen and shared with another person. The [...]
Cottage Health to Pay $3 Million to Resolve HIPAA Violation Case
The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA [...]
Almost 1 Million Patients of UW Medicine Have PHI Exposed Online
The accidental removal of protections on a UW Medicine website server resulted in the protected health [...]
Business Associate Notified Patients of PHI Theft 8 Months After Discovery of a Data Breach
Sharecare Health Data Services (SHDS) provides secure healthcare records management services to healthcare [...]
PHI of 30,000 Memorial Hospital Patients and 5,524 AZ Plastic Surgery Center Patients Breached
Memorial Hospital at Gulfport, Mississippi, is informing around 30,000 patients that unauthorized persons [...]
42,000 Patients Impacted by 16-Month Malware Attack on Florida Pulmonary & Sleep Medicine Center
The AdventHealth Medical Group Pulmonary & Sleep Medicine in Tavares, Florida, previously called Lake [...]
March 1, 2019 is the Last Day for Submitting Small Healthcare Data Breach Reports
The deadline for submitting 2018 data breach reports for breaches that have affected fewer than 500 [...]
Massive Annual Increase in Exposed Healthcare Records
2018 saw a massive increase in the number of exposed healthcare records according to the 2019 Breach [...]
Theft of Patient Schedules Results in Potential Exposure of PHI of 3,472 Anesthesia Associates of Kansas City Patients
Paperwork containing information on patients has been stolen from an Anesthesia Associates of Kansas City [...]
Malware Attack on Pawnee County Memorial Hospital Impacts 7,000 Patients
Pawnee County Memorial Hospital located in Pawnee City, Nebraska, is notifying 7,038 patients that a hacker [...]
PHI of 24,000 Georgia Eye Associates Patients Exposed Due to EyeSouth Partners Email Account Breach
A hacker accessed the email account of an employee of EyeSouth Partners and potentially viewed or acquired [...]
24,500 Patients’ PHI Exposed Due to Cyberattacks on Connecticut Eye Clinic and Chaplaincy Health Care
A ransomware attack on Dr. DeLuca Dr. Marciano & Associates, P.C., an eye care clinic located in [...]
Data Breaches at Valley Professionals Community Health Center and Sunflower State Health Plan Impact 13,625 Patients
Valley Professionals Community Health Center in Indiana has experienced a phishing attack that has resulted [...]
Aetna Pays $935,000 to California AG to Settle HIV Status Breach Case
The Connecticut health insurer Aetna has agreed to pay a financial penalty of $935,000 to the California [...]
Illinois Biometric Information Privacy Act Allows Legal Action Over Violations Even Without Actual Harm
The Illinois Supreme Court has decided that state residents can file a lawsuit against a private entity when [...]
Ransomware Attack on FABEN Obstetrics and Gynecology Results in Patient Data Loss
FABEN Obstetrics and Gynecology in Jacksonville, FL has suffered a ransomware attack which has resulted in [...]
2018 Healthcare Data Breaches Analysis
Since October 2009, the Department of Health and Human Services’ office for civil Rights (OCR) has been [...]
PHI of 7,200 Integrity House Patients Stored on Stolen Computers
A break-in at the offices of addiction treatment services provider Integrity House had potentially resulted [...]
Critical Care, Pulmonary & Sleep Associates Email-Related Breach Impacts 23,300 Patients
A data breach at Critical Care, Pulmonary & Sleep Associates (CCPSA) in Colorado has impacted over 23,300 [...]
Alaska Department of Health and Social Services Breach Impacted 87,000 More Patients Than Previously Thought
In April 2018, the Alaska Department of Health and Social Services (ADHSS) discovered that malware had been [...]
All-Star Orthopaedics and Dermacare Brickell Data Breaches Impact 77,800 Patients
All-Star Orthopaedics has notified patients of Las Colinas Orthopedic Surgery & Sports Medicine in [...]
Healthcare Data Breach Report for December 2018
December was the second-best month of 2018 for healthcare data breaches with only 23 healthcare data breaches [...]
Tougher Data Breach Notification Laws in North Carolina Sought By State AG
With the increasing number of data breaches impacting North Carolina residents in 2017, state representative [...]
Valley Hope Association Alerts Patients About Email-Related Breach
Valley Hope Association has discovered that an unauthorized individual has gained access to an [...]
Doctor Gets Probation for Criminal HIPAA Violation Instead of a Jail Term
A doctor pleaded guilty to committing a criminal violation of HIPAA Rules for wrongfully disclosing the PHI [...]
Email-Related Breach at Lebanon VA Medical Center Exposed the PHI of 1,000 Patients
Lebanon VA Medical Center based in Pennsylvania found out that the protected health information (PHI) of [...]
New Data Breach Notification Law in Massachusetts Enacted
A new data breach notification law in Massachusetts was enacted on January 10, 2019. The new law was signed [...]
BenefitMall Email Security Breach: PHI of 111K Individuals Compromised
Centerstone Insurance and Financial Services, doing business as BenefitMall, has sent notifications to over [...]
Boston Children’s Hospital DDoS Attacker Sentenced to 10 Years in Jail
Martin Gottesfeld, 34, of Somerville, MA, the hacker responsible for a Distributed Denial of Service (DDoS) [...]
PHI of Sacred Heart Rehabilitation Center Patients Exposed Due to Phishing Attack
Sacred Heart Rehabilitation Center in Memphis, MI, provides substance abuse treatment and care services for [...]
Multiple Cybersecurity Failures Led to SingHealth’s 1.5-Million Records Breach
A healthcare data breach investigation revealed that failing to implement basic cybersecurity best practices [...]
Phishing Attack on Kent County Community Mental Health Authority Exposed Patient PHI
A targeted phishing attack on Kent County Community Mental Health Authority, dba Network180, began on October [...]
500 Patients of Solis Mammography Informed of Laptop Theft and PHI Exposure
Ben-Ora, Hansen, Vanesian Imaging Ltd, has announced that an unencrypted laptop computer used by a Solis [...]
Ransomware Attack on Business Associate of Blue Cross Blue Shield of Michigan
A ransomware attack on a business associate of Blue Cross Blue Shield of Michigan has potentially compromised [...]
Breaches at Podiatric Offices of Bobby Yee and Humana Impact 580,000 People
The Podiatric Offices of Bobby Yee experienced a ransomware attack on October 29, 2018. The attack resulted [...]
Phishing Attack on Orlando Family Physicians Group Impacts 8,400 Patients
Family Physicians Group in Orlando has informed 8,400 patients that a phishing attack has allowed hackers to [...]
2018 HIPAA Fines and Settlements Summary
This post is a summary of the 2018 HIPAA fines and settlements that have been agreed with either the [...]
4,309 Choice Rehabilitation Residents Impacted by Email Account Breach
Choice Rehabilitation of Creve Coeur, MO has announced that an unauthorized person has gained access to an [...]
PHI of Dental Center of Northwest Ohio Patients Exposed Due to Ransomware Attack
The Dental Center of Northwest Ohio located in Toledo, OH, has notified present and past patients that some [...]
Flowers Hospital to Pay $150,000 to Settle Data Breach Lawsuit
Flowers Hospital in Dothan, AL has agreed to settle a class action data breach lawsuit that was filed against [...]
Blue Cross Blue Shield of Michigan Informs 15,000 Customers About Data Breach
Blue Cross Blue Shield of Michigan has advised around 15,000 customers that some of their private and [...]
Summary of the Biggest Healthcare Data Breaches of 2018
This is a summary of the biggest healthcare data breaches of 2018. The healthcare data breaches referred to [...]
San Diego School District Phishing Attack Exposed the Data of Over 500,000 Staff and Students
The San Diego School District has announced that a phishing attack resulted in the exposure of the private [...]
Lawsuit Filed Against LifeBridge Health Over Theft of PHI of 530,000 Patients
A lawsuit has been filed against LifeBridge Health over a breach of the protected health information (PHI) of [...]
McLean Hospital to Pay $75,000 HIPAA Violation Fine
Massachusetts Attorney General Maura Healey has fined McLean Hospital $75,000 for a data breach in 2015 that [...]
Court Ruled in Favor of Patient In Impermissible PHI Disclosure Lawsuit
An 11-year legal case filed after a woman’s healthcare records were released to her ex-boyfriend has at [...]
Healthcare Data Breach Report in November 2018
In November, 34 healthcare data breaches were reported to OCR, which makes it the second worst month of 2018 [...]
32,000 Patients’ PHI Potentially Exposed in Elizabethtown Community Hospital Email Breach
Around 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital have [...]
Credit Card Breach at BJC Healthcare and PHI Breach at CCRM Dallas-Fort Worth
BJC HealthCare, a large not-for-profit healthcare network in the U.S., has discovered hackers uploaded [...]
Contra Costa Health Plan and Ramsey County Social Services PHI Breaches Reported
Contra Costa Health Plan (CCHP) is sending notifications to patients to alert them that some of their [...]
PHI of 16,000 Mind & Motion Patients Potentially Compromised Due to Ransomware Attack
Mind & Motion Developmental Centers of Georgia has discovered hackers installed malware and ransomware on [...]
EmblemHealth Fined $100,000 for HIPAA Violations
The New Jersey state attorney general’s office has fined the health insurance company [...]
Frisco Medical Center Breach: Payment Information of 48,000 Patients Exposed
Baylor Scott & White Medical Center, located in Frisco, TX, has learned about a potential compromise of [...]
Malware Attack on the University of Maryland Medical System Successfully Thwarted
The University of Maryland Medical System discovered on December 9, 2018, that an unauthorized person [...]
18,000 People Affected by Three Separate Healthcare Security Breaches
Redwood Eye Center Ransomware Attack IT Lighthouse, the managed service provider hosting the electronic [...]
Summary of Ransomware Attacks on Healthcare Providers in Illinois and Rhode Island
This is a summary of healthcare ransomware attacks, security incidents and privacy breaches that have been [...]
PHI of 41,000 Cancer Treatment Centers of America Patients Potentially Exposed
Cancer Treatment Centers of America’s Western Regional Medical Center located in Bullhead City, AZ has [...]
Advanced Care Hospitalists Pays $500,000 to Settle Multiple HIPAA Violations
The HHS’ Office for Civil Rights (OCR) has investigated a case of impermissible disclosure of PHI by a [...]
PHI of 7,000 Georgia Spine and Orthopaedics of Atlanta Patients Exposed Due to Phishing Attack
Georgia Spine and Orthopaedics of Atlanta (GSOA) is notifying certain patients about the potential theft of [...]
Partial Closure of Emergency Rooms at Two Hospitals Due to Ransomware Attack
East Ohio Regional Hospital (EORH) in Martins Ferry, OH and Ohio Valley Medical Center (OVMC) in Wheeling, WV [...]
Pennsylvania Supreme Court Reinstates UPMC Data Breach Lawsuit
The employees affected by a data breach at University of Pennsylvania Medical Center (UPMC) took legal action [...]
PHI of 7,000 Patients Exposed Due to Tandigm Health Website Vulnerability
Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The [...]
Over Half Of Healthcare Data Breaches Caused By Insiders
The healthcare industry is a target for hackers but while there have been many hacks and IT incidents, [...]
Allergy Practice in Hartford Fined $125,000 for Impermissible PHI Disclosure
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled potential HIPAA [...]
Healthcare Data Breach Report for October 2018
HIPAA Journal’s healthcare data breach report for October 2018 shows an increase in healthcare data [...]
Key Dental Group Notifies Patients of Potential HIPAA Violation
Key Dental Group in Pembroke Pines, FL is notifying patients about a possible HIPAA violation that could [...]
PHI of 4,458 Patients Stored on Stolen FHN Healthcare Laptop
FHN Healthcare, which manages FHN Memorial Hospital located in Freeport, IL and other family healthcare [...]
Episcopal Health Services Patients Impacted by Email Hacking Incident
St. John’s Episcopal Hospital and Episcopal Health Services in New York have notified past and present [...]
Phishing Attack on Southwest Washington Regional Surgery Center Affects 2,393 Patients
A phishing attack on Southwest Washington Regional Surgery Center located in Vancouver, WA, resulted in the [...]
Upstate University Hospital Breach Impacts PHI of 1,216 Patients
Upstate University Hospital in Syracuse, NY, has informed 1,216 of its patients that a former hospital worker [...]
PHI of 94,000 People Exposed Due to HealthCare.gov Data Breach
The Centers for Medicare & Medicaid Services (CMS) reported last month that the HealthCare.gov website [...]
Ransomware Attack on May Eye Care Center Impacts 30,000 Patients
On July 29, 2018, May Eye Care Center, located in Hanover, PA, was attacked with ransomware. The ransomware [...]
Phishing Attack on Health First Compromised 42,000 Customers’ PHI
Health First Inc., a health system with four hospitals based in Florida, experienced a hacking/IT incident [...]
Former Chilton Medical Center Employee Sentenced for Theft of Computer Equipment
Sergiu Jitcu of Saddle Brook, NJ was a former IT employee of Chilton Medical Center in New Jersey. He was [...]
Healthcare Security Breaches from 2015 to 2017
The last three years have seen 955 major healthcare security breaches that resulted in the exposure and/or [...]
Billing Information of 12,331 Inova Health System Patients Compromised
Inova Health System based in Falls Church, VA is informing 12,331 patients that there has been a breach of [...]
Healthcare Data Breach Report for Q3 2018
The Q3 Breach Barometer Report from Protenus shows a drop in the number of healthcare data breaches in Q3 [...]
The Most Common HIPAA Violations Healthcare Organizations Should be Aware Of
The most common HIPAA violations committed by healthcare organizations that have resulted in financial [...]
566,217 Customers of Bankers Life Impacted by Data Breach
Bankers Life, based in Chicago, is a health insurance company and the largest division of CNO Financial Group [...]
Business Associate Pays $200,000 to New Jersey for Virtua Medical Data Breach
Best Medical Transcription agreed to pay a $200,000 settlement to the New Jersey Attorney’s office to [...]
Medicaid Data Breach Report for 2016 Published by OIG
The Department of Health and Human Services’ Office of Inspector General (OIG) has released a new report [...]
Potential Exposure of PHI of 10,000 Raley’s Pharmacy Patients Due to Stolen Laptop
Raley’s Pharmacy is sending notifications to around 10,000 patients about the possible exposure of some of [...]
MHSS Business Associate Improperly Retained PHI of 10,400 Patients
The Missouri Department of Health and Senior Services (MHSS) is informing 10,400 patients about a recently [...]
Ransomware Attack on Sioux City Eye Clinic Potentially Exposed the PHI of 40,000 Patients
The Jones Eye Clinic and CJ Elmwood Partners, L.P, located in Sioux City, IA, have discovered the protected [...]
Catawba Valley Medical Center and Byram Healthcare Breaches Impact Over 20,000 Patients
Catawba Valley Medical Center (CVMC) located in Hickory, NC, found out on August 13, 2018 that an [...]
FirstCare Health Plans Informs 8,000+ Members of Accidental PHI Disclosure
FirstCare Health Plans in Texas is informing over 8,000 plan members about the impermissible disclosure of [...]
Healthcare Data Breach Report for September 2018
September saw 25 healthcare data breaches of more than 500 records reported to the Department of Health and [...]
Employees Retirement System of Texas Data Breach Affects Up to 1.25 Million Individuals
The Employees Retirement System of Texas (ERS) has discovered a problem with its ERS OnLine portal. When some [...]
16,000 National Ambulatory Hernia Institute Patients Impacted by Ransomware Attack
California’s National Ambulatory Hernia Institute experienced a ransomware attack on September 13, 2018 [...]
$640,000 Paid by Aetna to Settle HIPAA Violation Case with State Attorneys General
Two mailing errors in 2017 resulted in the impermissible disclosure of Aetna plan members’ protected [...]
Biomarin Pharmaceutical and Envision Healthcare Corporation Report Email-Related Breaches
Biomarin Pharmaceutical and Envision Healthcare Corporation have both recently announced that they have [...]
PHI of 21,000 Patients of Minnesota DHS Potentially Compromised
Two recent phishing attacks on the Minnesota Department of Human Services (DHS) have resulted in a potential [...]
Round Up of Recent Healthcare Data Breaches
Here’s a summary of the healthcare data breaches reported to OCR by healthcare providers and business [...]
Phishing Attack on Gold Coast Health Plan: PHI of 37,000 Members Potentially Compromised
Gold Coast Health Plan based in Camarillo, CA is alerting 37,000 plan members that hackers have potentially [...]
KHOU Employee Found Abandoned Paper Records Containing PHI in Houston Street
An employee of KHOU 11, a CBS-affiliated TV station, discovered abandoned paperwork that contained the [...]
Phishing Attack on Aspire Health Resulted in PHI Theft
Aspire Health is a Nashville, TN in-home services provider for patients diagnosed with critical illnesses. [...]
Gynecologist Lost Her License But Did Not Get Jail Time and Fine for Criminal HIPAA Violation
In April 2018, 65-year old former Massachusetts gynecologist Rita Luthra was found guilty of a criminal [...]
Ex-Employee of Brooklyn’s Kings County Hospital Accused of Stealing and Selling Patients’ PHI
An employee of the emergency unit in Brooklyn’s Kings County Hospital has been charged with stealing [...]
Rising Incidences of HIPAA Violations on Social Media
Posting protected health information (PHI) on social media sites, including closed Facebook groups, violates [...]
PHI of 17,000 Independence Blue Cross Members Was Exposed Online
Independence Blue Cross in Philadelphia has notified 17,000 of its plan members that their protected health [...]
CMS Investigates Fairview Southdale Hospital Patient Privacy Violation
The HHS’ Centers for Medicare and Medicaid Services (CMS) has investigated Fairview Southdale Hospital in [...]
Email-Related Breaches Reported by Hopebridge and United Methodist Homes
Hopebridge, a healthcare organization that operates a network of 28 autism treatment centers across the [...]
Texas Nurse Fired for Sharing PHI on Social Media
A nurse employed at Texas Children’s Hospital has lost her job as a result of sharing protected health [...]
Acadiana Computer Systems Phishing Attack Impacts 31,000 Individuals
Lafayette, Louisiana-based Acadiana Computer Services Inc., provides software and business solutions to the [...]
Healthcare Data Breach Report for August 2018
In August, 28 healthcare data breaches were reported to the HHS’ Office for Civil Rights which represents a [...]
Over 21,000 Patients’ PHI Potentially Exposed Due to Reliable Respiratory Phishing Attack
Reliable Respiratory, a respiratory care provider located in Norwood, MA, has experienced a phishing attack [...]
New Mexico Hospital Health Records Found Scattered in the Street
The New Mexico Department of Health is conducting an investigation into how the confidential medical files of [...]
HIPAA Violation Cases: 2013 – 2017
This page contains a summary of HIPAA violation cases which led to settlements with the Department of Health [...]
1,790 Patients Impacted by Phishing Attack on Drug and Alcohol Treatment Center in Los Angeles
Authentic Recovery Center, a drug and alcohol treatment center based in West Los Angeles, recently [...]
PHI of 19,570 Missouri Care Members Exposed Due to Mailing Error
An error in a Missouri Care mailing reminding parents to book well-child appointments has resulted in the [...]
McAlester Hospital Sued Over Impermissible Disclosure of PHI and HIPAA Violation
Dennis and Wayne Russell’s adopted two-year old son Keon died in a tragic swimming pool [...]
Healthcare Data Breach Report for July 2018
July 2018 is by far the worst month in 2018 with respect to healthcare data breaches. There were 33 [...]
PHI of 4,000 Patients of Colorado Dermatology Potentially Accessed
Central Colorado Dermatology (CCD) has informed more than 4,000 patients that hackers have potentially [...]
Legacy Health Phishing Attack Exposed 38,000 Patients’ PHI
Legacy Health has discovered an unauthorized individual has accessed its email system and potentially viewed [...]
9,350 Patients of Gordon Schanzlin New Vision Institute Warned About Data Breach
The Gordon Schanzlin New Vision Institute located in La Jolla, CA, has informed thousands of patients that [...]
Anthem’s $115 Million Data Breach Settlement Finally Approved
Anthem Inc. proposed a $115 million settlement in 2017 to resolve the class action lawsuits filed by the [...]
InterAct of Michigan Email Account Compromised Exposing 1,290 Patients’ PHI
The mental health and substance abuse treatment provider InterAct of Michigan has announced that [...]
Adams County Government Data Breach Impacts 258,000 People
A data security breach has occurred in Adams County, Wisconsin where the personal identification information, [...]
Augusta University Health Phishing Attacks Affected 417,000 People
Augusta University Health has announced it has experienced a data breach that has affected approximately [...]
Did the Oklahoma Department of Veteran Affairs Violate HIPAA Rules?
Three Democrat lawmakers have accused the Oklahoma Department of Veteran Affairs of violating Health [...]
13,034 Patients Affected by MedSpring Urgent Care Breach
MedSpring Urgent Care, a network of emergency care clinics located in Austin, Atlanta, Chicago, Houston, Fort [...]
More Than 3.14 Million Healthcare Records Were Exposed in Q2, 2018
Protenus has released its Q2 2018 Breach Barometer Report – A summary and analysis of healthcare data [...]
PHI of 300,000 SSM Health Patients Exposed
Approximately 300,000 patients of SSM Health St. Mary’s Hospital in Jefferson City, Missouri have been [...]
Four Healthcare Data Breaches Exposed the PHI of 9,400 Patients
This is a summary of data breaches that have recently to the Department of Health and Human Services’ [...]
UnityPoint Health Phishing Attack Affects 1.4 Million Patients
A phishing attack on UnityPoint Health has allowed hackers to gain access to the protected health information [...]
19,000 Patients of Orlando Orthopaedic Center Affected by Transcription Service Provider Breach
The protected health information (PHI) of over 19,000 patients was exposed due to an error by a transcription [...]
Confluence Health Discovers Phishing Attack Resulted in PHI Exposure
A data breach has been reported by Confluence Health, a non-profit health system managing Wenatchee Valley [...]
17,000 Patients’ PHI Exposed in Oregon and Massachusetts
The medical records of more than 17,000 patients have been exposed in two data breaches in Oregon and [...]
$150,000 Settlement Proposed by Flowers Hospital for 2014 Data Breach
A class action lawsuit filed in the aftermath of a data breach at Flowers Hospital in Dothan, Alabama in 2014 [...]
More than 105,000 Individuals Affected by Healthcare Phishing Attack
Boys Town National Research Hospital (Boys Town) in Omaha, NE has discovered that an employee was fooled by a [...]
Malware and Ransomware Attack on Blue Springs Family Care Affects Almost 45,000 Patients
Blue Springs Family Care in Missouri was attacked with ransomware resulting in the encryption of [...]
3,775 Patients Informed of Unauthorized Access to a New York Physician’s Computer
Ruben U. Carvajal, MD, a doctor in New York, has started informing his patients that unauthorized individuals [...]
M.M. Ewing Continuing Care Center Employees Fired Over Snapchat Photo Sharing
Thompson Health’s M.M. Ewing Continuing Care Center, a nursing home in Canandaigua, NY, has discovered that [...]
Healthcare Data Breach Report for June 2018
Reported healthcare data breaches in June 2018 increased by 13.8% month-over-month although there were 42.48% [...]
44,600 Patients Affected by Golden Heart Administrative Professionals Ransomware Attack
Golden Heart Administrative Professionals based in Fairbanks, AK is a billing company that serves as a [...]
Phishing Attacks on Sunspire Health and UPMC Cole Compromised Several Employee Email Accounts
Two more healthcare companies have announced they have been victims of phishing attacks that have allowed [...]
LabCorp Attacked with Ransomware But PHI Access Still Not Confirmed
LabCorp, a major network of clinical laboratories in the U.S., experienced a cyberattack that potentially [...]
Phishing Attack on Alive Hospice Compromised Patients’ PHI
Alive Hospice in Tennessee has discovered the email accounts of two employees were compromised after the [...]
UMC Physicians and MSK Group Notify Patients of PHI Breach
The email account of a doctor at UMC Physicians in Texas was hacked, which resulted to the potential exposure [...]
Billings Clinic Employee’s Email Account Hacked Exposing 8,400 Patients’ PHI
The protected health information (PHI) of 8,400 patients contained in the email account of an employee of [...]
PHI of HIV Patients Exposed Because Metro Health Employee Made a Mistake
According to a report published in The Tennessean, a Metro Health employee made an error that resulted in the [...]
Factors that Increase the Cost of Resolving a Data Breach
The Ponemon Institute and IBM have explained several factors that impact the cost of data breaches in the [...]
Healthcare Data Breach Costs Now $408 Per Record
The Ponemon Institute has conducted its annual Cost of a Data Breach Study on behalf of IBM Security, which [...]
Lack of Authentication Controls on MedEvolve FTP Server Exposed Patients’ PHI
An FTP server used by MedEvolve, a provider of billing and medical record services to healthcare providers, [...]
Lawsuit Filed Against Children’s Mercy Hospital for Data Breach of 63,000 Patients’ PHI
A lawsuit has been filed against Children’s Mercy Hospital following a phishing attack that resulted in the [...]
Arkansas Children’s Hospital Employee Terminated For PHI Theft Involvement
Law enforcement is investigating a former employee of Arkansas Children’s Hospital for being involved in [...]
EHR Vendor’s Coding Error Caused the Impermissible Sharing of Patient Health Data
The UK’s National Health Service (NHS) has informed 150,000 patients that their health data was shared for [...]
Main Line Health Wins Age Discrimination Case Filed By Terminated Employee
In 2016, Main Line Health Inc. based in Radnor, PA dismissed an employee named Gloria Terrell for a violation [...]
Ransomware Attack on Cass Regional Medical Center Shuts Down EHR System
Cass Regional Medical Center in Harrisonville, MO has announced it suffered a ransomware attack at 11 am on [...]
Manitowoc County Phishing Attack Resulted in PHI Theft
Manitowoc County in Wisconsin fell victim to a phishing attack resulting in the theft of protected health [...]
Humana Notifies Members About Sophisticated Cyber Spoofing Attack That Exposed PHI
Humana is informing members about a “sophisticated spoofing attack” which potentially resulted in [...]
Healthcare Employee Indicted for Criminal HIPAA Violations
A former patient information coordinator at the University of Pittsburgh Medical Center has been indicted by [...]
Potential Theft of PHI from Alaska DHSS Due to Zeus Trojan Infection
The Alaska Department of Health and Social Services (ADHSS) is informing ‘over 500’ persons that hackers [...]
PHI of 870 Patients of Michigan Medicine Potentially Exposed Due to Laptop Theft
Michigan Medicine has informed 870 of its patients that an unencrypted laptop computer has been stolen, [...]
PHI Breach at Associated Dermatology & Skin Cancer Clinic of Helena Impacts 1,254 Patients
A breach of physical protected health information (PHI) has been reported by Associated Dermatology & [...]
Grant Medical Center Repeatedly Sent Faxes with PHI to the Wrong Recipient
OhioHealth’s Grant Medical Center sent faxes containing the protected health information (PHI) of a [...]
PHI Breach Due to Interception of Unencrypted Hospital Pages
Outdated pager systems have now been replaced by secure messaging systems in many healthcare organizations. [...]
Washington Health System Employees Suspended for Unauthorized PHI Access
Washington Health System has suspended a number of its employees after discovering they inappropriately [...]
Healthcare Data Breach Report for May 2018
In April 2018, 41 healthcare data breaches were reported to the HHS’ Office for Civil Rights. The 29 [...]
Med Associates Breach Potentially Affected 270,000 Patients
Med Associates in Latham, NY is a health billing company that provides claims services to over 70 healthcare [...]
University of Texas MD Anderson Cancer Center Ordered to Pay $4.3 Million HIPAA Violation Penalty
The Department of Health and Human Services’ Office for Civil Rights recently issued its fourth largest [...]
Employee Guilty of PHI Theft Jailed: Snooping Employees Fired
An ex-employee of Veteran Affairs Medical Center in Long Beach, CA named Albert Torres, 51, was sentenced to [...]
Burglaries in Corpus Christi and San Francisco Resulted in PHI Breach
Patients of two HIPAA-covered entities received notification that their protected health information (PHI) [...]
Phishing Attack on HealthEquity Potentially Compromised Members’ PHI
HealthEquity Inc based in Draper, UT, suffered a phishing attack which resulted in the protected health [...]
Phishing Attack on Terros Health Potentially Exposed 1,600 Patients’ PHI
An employee working for Terros Health in Phoenix, AZ fell for a phishing scam and inadvertently disclosed [...]
Ransomware Attack on Rise Wisconsin Potentially Impacted 3,700 Plan Members
Rise Wisconsin is notifying over 3,700 plan members of an incident that has potentially resulted in an [...]
Nurse Faces 12-Months Suspension for Disclosing Patient Information to New Employer
A nurse practitioner has had her license to practice suspended for 12 months by the New York State Education [...]
Server and Email Hacking Potentially Compromised PHI of Patients
Hacking incidents continue to dominate healthcare data breach reports. One such incident has recently been [...]
Impostor and Burglar Obtained the PHI of Patients
Blue Cross Blue Shield of Illinois has discovered the the protected health information (PHI) of a number of [...]
Healthcare Employees Stole Patients’ PHI to Take to New Employers
Former employees of two HIPAA-covered entities accessed and stole patients’ protected health information [...]
Potential Legal Action Over EMS Worker Due to Facebook Post
Kathy Raymond from Roane County, TN, is considering taking legal action against an EMS worker over a Facebook [...]
Two Lawsuits Filed Over Alleged HIPAA Violations
Two lawsuits have recently been filed over violations of HIPAA Rules. One case involved a former employee of [...]
Aetna Attempts to Recover Privacy Breach Settlement Costs By Filing Further Lawsuit
Another lawsuit has been filed by Aetna in an attempt to recover the costs incurred due to a 2017 privacy [...]
Purdue University Discovered Two Security Breaches Potentially Compromising PHI
Purdue University’s security team discovered two security breaches in April that potentially allowed [...]
Dignity Health Reported to OCR Multiple Data Breaches
Dignity Health reported multiple data breaches and HIPAA violations to the Department of Health and Human [...]
Aultman Health Foundation Phishing Attack Potentially Impacts 42,600 Patients
Aultman Health Foundation is informing around 42,600 patients that their protected health information (PHI) [...]
Copyright © 2007-2021 The HIPAA Guide Site Map Privacy Policy About The HIPAA Guide