This section of The HIPAA Guide provides insights into HIPAA breaches, offering up-to-date reports on data violations within the healthcare sector. Readers can explore real-world case studies, breach penalties, and guidance on how healthcare organizations can improve data security. It also covers the consequences of non-compliance, breach notification requirements, and the latest cybersecurity threats affecting patient health information (PHI). Stay informed and learn how to prevent breaches to ensure both compliance and the protection of sensitive patient data.
The San Diego School District has announced that a phishing attack resulted in the exposure of the private
[...]
A lawsuit has been filed against LifeBridge Health over a breach of the protected health information (PHI) of
[...]
Massachusetts Attorney General Maura Healey has fined McLean Hospital $75,000 for a data breach in 2015 that
[...]
An 11-year legal case filed after a woman’s healthcare records were released to her ex-boyfriend has at
[...]
In November, 34 healthcare data breaches were reported to OCR, which makes it the second worst month of 2018
[...]
Around 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital have
[...]
BJC HealthCare, a large not-for-profit healthcare network in the U.S., has discovered hackers uploaded
[...]
Contra Costa Health Plan (CCHP) is sending notifications to patients to alert them that some of their
[...]
Mind & Motion Developmental Centers of Georgia has discovered hackers installed malware and ransomware on
[...]
The New Jersey state attorney general’s office has fined the health insurance company
[...]
A Colorado hospital is to pay OCR $111,400 for failing to terminate the access of a former employee to its
[...]
Baylor Scott & White Medical Center, located in Frisco, TX, has learned about a potential compromise of
[...]
The University of Maryland Medical System discovered on December 9, 2018, that an unauthorized person
[...]
Prairie Fields Family Medicine, based in Fremont, NE, is notifying 6,450 patients about the potential
[...]
Redwood Eye Center Ransomware Attack IT Lighthouse, the managed service provider hosting the electronic
[...]
This is a summary of healthcare ransomware attacks, security incidents and privacy breaches that have been
[...]
Cancer Treatment Centers of America’s Western Regional Medical Center located in Bullhead City, AZ has
[...]
The HHS’ Office for Civil Rights (OCR) has investigated a case of impermissible disclosure of PHI by a
[...]
Georgia Spine and Orthopaedics of Atlanta (GSOA) is notifying certain patients about the potential theft of
[...]
East Ohio Regional Hospital (EORH) in Martins Ferry, OH and Ohio Valley Medical Center (OVMC) in Wheeling, WV
[...]
The employees affected by a data breach at University of Pennsylvania Medical Center (UPMC) took legal action
[...]
Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The
[...]
The healthcare industry is a target for hackers but while there have been many hacks and IT incidents,
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled potential HIPAA
[...]
HIPAA Journal’s healthcare data breach report for October 2018 shows an increase in healthcare data
[...]
Key Dental Group in Pembroke Pines, FL is notifying patients about a possible HIPAA violation that could
[...]
FHN Healthcare, which manages FHN Memorial Hospital located in Freeport, IL and other family healthcare
[...]
St. John’s Episcopal Hospital and Episcopal Health Services in New York have notified past and present
[...]
A phishing attack on Southwest Washington Regional Surgery Center located in Vancouver, WA, resulted in the
[...]
Upstate University Hospital in Syracuse, NY, has informed 1,216 of its patients that a former hospital worker
[...]
The Centers for Medicare & Medicaid Services (CMS) reported last month that the HealthCare.gov website
[...]
On July 29, 2018, May Eye Care Center, located in Hanover, PA, was attacked with ransomware. The ransomware
[...]
Health First Inc., a health system with four hospitals based in Florida, experienced a hacking/IT incident
[...]
Sergiu Jitcu of Saddle Brook, NJ was a former IT employee of Chilton Medical Center in New Jersey. He was
[...]
The last three years have seen 955 major healthcare security breaches that resulted in the exposure and/or
[...]
Inova Health System based in Falls Church, VA is informing 12,331 patients that there has been a breach of
[...]
The Q3 Breach Barometer Report from Protenus shows a drop in the number of healthcare data breaches in Q3
[...]
The most common HIPAA violations committed by healthcare organizations that have resulted in financial
[...]
Bankers Life, based in Chicago, is a health insurance company and the largest division of CNO Financial Group
[...]
Best Medical Transcription agreed to pay a $200,000 settlement to the New Jersey Attorney’s office to
[...]
The Department of Health and Human Services’ Office of Inspector General (OIG) has released a new report
[...]
Raley’s Pharmacy is sending notifications to around 10,000 patients about the possible exposure of some of
[...]
The Missouri Department of Health and Senior Services (MHSS) is informing 10,400 patients about a recently
[...]
The Jones Eye Clinic and CJ Elmwood Partners, L.P, located in Sioux City, IA, have discovered the protected
[...]
Catawba Valley Medical Center (CVMC) located in Hickory, NC, found out on August 13, 2018 that an
[...]
FirstCare Health Plans in Texas is informing over 8,000 plan members about the impermissible disclosure of
[...]
September saw 25 healthcare data breaches of more than 500 records reported to the Department of Health and
[...]
The Employees Retirement System of Texas (ERS) has discovered a problem with its ERS OnLine portal. When some
[...]
California’s National Ambulatory Hernia Institute experienced a ransomware attack on September 13, 2018
[...]
Two mailing errors in 2017 resulted in the impermissible disclosure of Aetna plan members’ protected
[...]
Biomarin Pharmaceutical and Envision Healthcare Corporation have both recently announced that they have
[...]
Two recent phishing attacks on the Minnesota Department of Human Services (DHS) have resulted in a potential
[...]
Here’s a summary of the healthcare data breaches reported to OCR by healthcare providers and business
[...]
Gold Coast Health Plan based in Camarillo, CA is alerting 37,000 plan members that hackers have potentially
[...]
An employee of KHOU 11, a CBS-affiliated TV station, discovered abandoned paperwork that contained the
[...]
Aspire Health is a Nashville, TN in-home services provider for patients diagnosed with critical illnesses.
[...]
In April 2018, 65-year old former Massachusetts gynecologist Rita Luthra was found guilty of a criminal
[...]
An employee of the emergency unit in Brooklyn’s Kings County Hospital has been charged with stealing
[...]
Posting protected health information (PHI) on social media sites, including closed Facebook groups, violates
[...]
Independence Blue Cross in Philadelphia has notified 17,000 of its plan members that their protected health
[...]
The HHS’ Centers for Medicare and Medicaid Services (CMS) has investigated Fairview Southdale Hospital in
[...]
Hopebridge, a healthcare organization that operates a network of 28 autism treatment centers across the
[...]
A nurse employed at Texas Children’s Hospital has lost her job as a result of sharing protected health
[...]
Lafayette, Louisiana-based Acadiana Computer Services Inc., provides software and business solutions to the
[...]
In August, 28 healthcare data breaches were reported to the HHS’ Office for Civil Rights which represents a
[...]
Reliable Respiratory, a respiratory care provider located in Norwood, MA, has experienced a phishing attack
[...]
The New Mexico Department of Health is conducting an investigation into how the confidential medical files of
[...]
This page contains a summary of HIPAA violation cases between 2013 and 2017 which led to civil monetary
[...]
Authentic Recovery Center, a drug and alcohol treatment center based in West Los Angeles, recently
[...]
An error in a Missouri Care mailing reminding parents to book well-child appointments has resulted in the
[...]
Dennis and Wayne Russell’s adopted two-year old son Keon died in a tragic swimming pool
[...]
July 2018 is by far the worst month in 2018 with respect to healthcare data breaches. There were 33
[...]
Central Colorado Dermatology (CCD) has informed more than 4,000 patients that hackers have potentially
[...]
Legacy Health has discovered an unauthorized individual has accessed its email system and potentially viewed
[...]
The Gordon Schanzlin New Vision Institute located in La Jolla, CA, has informed thousands of patients that
[...]
Anthem Inc. proposed a $115 million settlement in 2017 to resolve the class action lawsuits filed by the
[...]
The mental health and substance abuse treatment provider InterAct of Michigan has announced that
[...]
A data security breach has occurred in Adams County, Wisconsin where the personal identification information,
[...]
Augusta University Health has announced it has experienced a data breach that has affected approximately
[...]
Three Democrat lawmakers have accused the Oklahoma Department of Veteran Affairs of violating Health
[...]
MedSpring Urgent Care, a network of emergency care clinics located in Austin, Atlanta, Chicago, Houston, Fort
[...]
Protenus has released its Q2 2018 Breach Barometer Report – A summary and analysis of healthcare data
[...]
Approximately 300,000 patients of SSM Health St. Mary’s Hospital in Jefferson City, Missouri have been
[...]
This is a summary of data breaches that have recently to the Department of Health and Human Services’
[...]
A phishing attack on UnityPoint Health has allowed hackers to gain access to the protected health information
[...]
The protected health information (PHI) of over 19,000 patients was exposed due to an error by a transcription
[...]
A data breach has been reported by Confluence Health, a non-profit health system managing Wenatchee Valley
[...]
The medical records of more than 17,000 patients have been exposed in two data breaches in Oregon and
[...]
A class action lawsuit filed in the aftermath of a data breach at Flowers Hospital in Dothan, Alabama in 2014
[...]
Boys Town National Research Hospital (Boys Town) in Omaha, NE has discovered that an employee was fooled by a
[...]
Blue Springs Family Care in Missouri was attacked with ransomware resulting in the encryption of
[...]
Ruben U. Carvajal, MD, a doctor in New York, has started informing his patients that unauthorized individuals
[...]
Thompson Health’s M.M. Ewing Continuing Care Center, a nursing home in Canandaigua, NY, has discovered that
[...]
Reported healthcare data breaches in June 2018 increased by 13.8% month-over-month although there were 42.48%
[...]
Golden Heart Administrative Professionals based in Fairbanks, AK is a billing company that serves as a
[...]
Two more healthcare companies have announced they have been victims of phishing attacks that have allowed
[...]
LabCorp, a major network of clinical laboratories in the U.S., experienced a cyberattack that potentially
[...]
Alive Hospice in Tennessee has discovered the email accounts of two employees were compromised after the
[...]
The email account of a doctor at UMC Physicians in Texas was hacked, which resulted to the potential exposure
[...]
The protected health information (PHI) of 8,400 patients contained in the email account of an employee of
[...]
According to a report published in The Tennessean, a Metro Health employee made an error that resulted in the
[...]
The Ponemon Institute and IBM have explained several factors that impact the cost of data breaches in the
[...]
The Ponemon Institute has conducted its annual Cost of a Data Breach Study on behalf of IBM Security, which
[...]
An FTP server used by MedEvolve, a provider of billing and medical record services to healthcare providers,
[...]
A lawsuit has been filed against Children’s Mercy Hospital following a phishing attack that resulted in the
[...]
Law enforcement is investigating a former employee of Arkansas Children’s Hospital for being involved in
[...]
The UK’s National Health Service (NHS) has informed 150,000 patients that their health data was shared for
[...]
In 2016, Main Line Health Inc. based in Radnor, PA dismissed an employee named Gloria Terrell for a violation
[...]
Cass Regional Medical Center in Harrisonville, MO has announced it suffered a ransomware attack at 11 am on
[...]
Manitowoc County in Wisconsin fell victim to a phishing attack resulting in the theft of protected health
[...]
Humana is informing members about a “sophisticated spoofing attack” which potentially resulted in
[...]
A former patient information coordinator at the University of Pittsburgh Medical Center has been indicted by
[...]
The Alaska Department of Health and Social Services (ADHSS) is informing ‘over 500’ persons that hackers
[...]
Michigan Medicine has informed 870 of its patients that an unencrypted laptop computer has been stolen,
[...]
A breach of physical protected health information (PHI) has been reported by Associated Dermatology &
[...]
OhioHealth’s Grant Medical Center sent faxes containing the protected health information (PHI) of a
[...]
Outdated pager systems have now been replaced by secure messaging systems in many healthcare organizations.
[...]
Washington Health System has suspended a number of its employees after discovering they inappropriately
[...]
In April 2018, 41 healthcare data breaches were reported to the HHS’ Office for Civil Rights. The 29
[...]
Med Associates in Latham, NY is a health billing company that provides claims services to over 70 healthcare
[...]
The Department of Health and Human Services’ Office for Civil Rights recently issued its fourth largest
[...]
An ex-employee of Veteran Affairs Medical Center in Long Beach, CA named Albert Torres, 51, was sentenced to
[...]
Patients of two HIPAA-covered entities received notification that their protected health information (PHI)
[...]
SendGrid is a platform that companies use for email marketing. It makes communicating marketing messages to
[...]
HealthEquity Inc based in Draper, UT, suffered a phishing attack which resulted in the protected health
[...]
An employee working for Terros Health in Phoenix, AZ fell for a phishing scam and inadvertently disclosed
[...]
Rise Wisconsin is notifying over 3,700 plan members of an incident that has potentially resulted in an
[...]
A nurse practitioner has had her license to practice suspended for 12 months by the New York State Education
[...]
Hacking incidents continue to dominate healthcare data breach reports. One such incident has recently been
[...]
Blue Cross Blue Shield of Illinois has discovered the the protected health information (PHI) of a number of
[...]
Former employees of two HIPAA-covered entities accessed and stole patients’ protected health information
[...]
Kathy Raymond from Roane County, TN, is considering taking legal action against an EMS worker over a Facebook
[...]
Two lawsuits have recently been filed over violations of HIPAA Rules. One case involved a former employee of
[...]
Another lawsuit has been filed by Aetna in an attempt to recover the costs incurred due to a 2017 privacy
[...]
Purdue University’s security team discovered two security breaches in April that potentially allowed
[...]
Dignity Health reported multiple data breaches and HIPAA violations to the Department of Health and Human
[...]
Aultman Health Foundation is informing around 42,600 patients that their protected health information (PHI)
[...]
The Associates in Psychiatry and Psychology (APP) based in Rochester, MN had a ransomware attack which
[...]
In the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, there’s a
[...]
LifeBridge Health in Baltimore experienced a data breach which was mentioned in a press release on May 16,
[...]
MEDantex, a transcription company, inadvertently left patient healthcare information unsecured and openly
[...]
Florida Hospital utilizes three websites that were attacked by malware. Due to the malware attack, it is very
[...]
Steward Healthcare System in Boston fired Dr. Alexander Lipin, a psychiatrist, for allegedly violating HIPAA
[...]
Part of Allied Physicians Group of Michiana’s network was down because of a ransomware attack. This
[...]
Lincare Inc, a respiratory therapy supplier company, agreed to pay $875,000 as settlement for a class-action
[...]
In a recent Government Accountability Office (GAO) audit as required by the 21st Century Cures Act, the
[...]
April was a bad month for the healthcare industry because of the higher number of data breaches and the
[...]
Nuance Communications based in Burlington, MA filed with the U.S. Securities and Exchange Commission about
[...]
Eye Care Surgery Center, Inc, which is located in Baton Rouge, LA, discovered on February 26, 2018 that one
[...]
Cerebral Palsy Research Foundation of Kansas (CPRF) discovered on March 10, 2018 that the security protection
[...]
UnityPoint Health discovered a data breach on February 15, 2018 that resulted to the exposure of the
[...]
Capital Digestive Care, an MD-based gastroenterology group in Silver Spring, discovered the error that its
[...]
The Protenus’ quarterly breach barometer report is a compilation of data breach information provided by
[...]
The University of Arkansas Medical Sciences (UAMS) fired three employees because of an alleged violation of
[...]
It’s not very common for HIPAA violations to get criminal penalties, but there are cases when the
[...]
Patients consulting with the Center for Orthopaedic Specialists received warning that some of their protected
[...]
An employee of Texas Health and Human Services Commission (HHSC) has the protected health information (PHI)
[...]
Scenic Bluffs Community Health Centers discovered on March 1, 2018 an email account breach, which resulted to
[...]
Maximus Inc is a business process management and technology solutions company providing their services to
[...]
The physiatry group Integrated Rehab Consultants (IRC) based in Chicago, IL sent notification letters to some
[...]
Chesapeake Regional Healthcare discovered on February 6, 2018 that two hard drives from the Chesapeake
[...]
The protected health information of 42,000 patients of a New York medical practice was exposed online because
[...]
The patients of CVS Caremark filed a lawsuit against CVS and its mailing vendor, Fiserve, on March 21, 2018
[...]
Employees can be severely penalized for violating HIPAA rules especially if they are involved in the theft of
[...]
Protenus’ Healthcare Breach Barometer Report for February 2018 has been published. The report talks about
[...]
February may have the least number of days in a month, but the number of reported healthcare data breaches
[...]
An electronic device used by ShopRite Pharmacy in Millville, New Jersey for capturing customer signature was
[...]
EmblemHealth had a mailing error in 2016 that resulted in the disclosure of 81,122 Health Insurance claim
[...]
A professional hacker accessed the healthcare records of about 1,900 patients of the University of Virginia
[...]
Jemison Internal Medicine of Alabama had a ransomware attack on December 20, 2017. Electronic health records
[...]
Medical University of South Carolina (MUSC) demonstrated how seriously it takes protected health information
[...]
A study published in the American Journal of Managed Care looked into the typical characteristics of hospital
[...]
The protected health information of 925 patients was compromised because of a ransomware attack on Coastal
[...]
Hancock Health in Indiana, Greenfield experienced a ransomware attack which compelled hospital personnel to
[...]
Decatur County General Hospital in Tennessee discovered on November 27, 2017 that its server housing the
[...]
CarePlus Health Plans in Miami, Florida had a privacy breach incident. The protected health information of
[...]
Westminster Ingleside King Farm Presbyterian Retirement Communities had a malware infection potentially
[...]
Protenus published its summary and analysis of 2017’s healthcare data breaches using data from
[...]
Pedes Orange County Inc is a healthcare provider in California that specializes in vascular disease
[...]
DJO Global provides medical devices to help patients maintain and regain natural motion. A data breach
[...]
Charles River Medical Associates in Framingham, MA discovered the danger of failing to encrypt protected
[...]
An unauthorized person accessed the network and server of Compassionate Care Hospice Las Vegas (CCHLV). The
[...]
Kaiser Permanente reported two data breaches to the Department of Health and Human Services’ Office for
[...]
An employee of Colorado Mental Health Institute at Pueblo became a victim of a phishing scam that allowed the
[...]
A potential breach of health data occurred at MidMichigan Medical Center (MMC) in Alpena. On November 18,
[...]
Several data breaches reported in the last few months involved lost or stolen physical records. To be exact,
[...]
The health data records of 769 patients at the Lowell General Hospital in Massachusetts were accessed by an
[...]
The protected health information of patients with mental and developmental disabilities at the Center for
[...]
A Norton Audubon Hospital patient alleged that a nurse, Dianna Hereford, committed a HIPAA violation and the
[...]
The UAB Medicine Viral Hepatitis Clinic in Birmingham, AL reported a breach of 652 patients’ protected
[...]
The first breach case happened to Massachusetts-based Sports Medicine & Rehabilitation Therapy (SMART) on
[...]
Florida Blue discovered a potential online breach in personally identifiable information of patients on
[...]
Otolaryngology Associates of Central Jersey is contacting patients to make them aware of a breach of their
[...]
Amazon has incorporated new safeguards into its cloud servers so that users won’t misconfigure their S3
[...]
According to the analysis of John Hopkins University Carey School of Business, more data breaches occur in
[...]
It has been discovered that two former employees of Valley Family Medicine in Staunton, VA have
[...]
It has been discovered that the protected health information (PHI) of 683 patients of TJ Samson Community
[...]
New York by Attorney General Eric T. Schneiderman has introduced the Stop Hacks and Improve Electronic Data
[...]
Briggs Stratton Corporation, a manufacturer of lawnmower engines, has discovered malware was present on its
[...]
The theft of a desktop computer has resultd in a limited amount of protected health information (PHI) of
[...]
Amida Care in New York recently reported a HIPAA breach that could have impacted its 6,231 health plan
[...]
Mercy Health Love County Hospital in Oklahoma had a data breach potentially impacting over 13,000 patients.
[...]
Our Lady of the Angels Hospital found out that an ex-employee accessed the health data of 1,140 patients with
[...]
Arkansas Oral Facial Surgery Center in Fayetteville was attacked by ransomware which potentially affected
[...]
After a few months of seeming inactivity, TheDarkOverlord (TDO) hacking group has declared yet another
[...]
A decommissioned laptop computer that the Mann-Grandstaff VA Medical Center (MGVAMC) located in Spokane, WA
[...]
The current HIPAA business associate data breach underscored the value of examining system activity
[...]
Healthcare data breaches have dropped for the 2nd month, according to the most recent Breach Barometer report
[...]
MS Center of Saint Louis and Mercy Clinic Neurology Town and Country told 1,081 of its patients that some
[...]
Florida Healthy Kids Corporation, a manager of the Florida KidCare program, was recently victimized by a
[...]
PeaceHealth, a non-profit Catholic health system located in Vancouver, WA, discovered on August 9, 2017 the
[...]