Details of the Sound Generations Breach
Sound Generations offers transportation, food security, and health and wellness services to seniors and disabled adults in King County, Washington. They were identified as a business associate on the data breach portal.
In a statement on their website, Sound Generations reported that an unauthorized party accessed their computer systems and encrypted information on July 18, 2021 and September 18, 2021. They immediately terminated the unauthorized access and began an investigation to determine the scope of the breach.
The investigation found that, “the information stored by Sound Generations pertaining to its clients and other individuals has been potentially impacted following the incidents.” The information accessed included protected health information (PHI), including name, address, date of birth, health history and health condition.
Extent of the Sound Generations Breach
Sound Generations assured the public that they do not, “collect or store any of its client’s Social Security Numbers, drivers’ license numbers, financial account information, credit or debit card information.” As of the date of their statement, there have been no reports that the unauthorized data was used to commit fraud.
Response to the Sound Generations Breach
Following the investigation of the incidents, Sound Generations stated they have “greatly enhanced its cybersecurity controls, including changing passwords and installing additional security on its systems.”
They also advised affected individuals to remain vigilant for incidents of fraud and identity theft and notify financial institutions if they suspect unauthorized account activity.
Takeaways From the Sound Generations Breach
While it may not be possible to eliminate breaches entirely, every organization regulated by HIPAA is required to make their best good-faith effort to protect patient PHI. That can only be achieved by having a program to achieve and maintain HIPAA Compliance.
Business associates and healthcare providers must meet all of the standards defined by HIPAA’s thousands of pages of regulations. Failure to do so can result in crippling fines that would threaten the future of your organization.
OCR does not issue fines because of breaches. Fines are issued because of violations of HIPAA guidelines that are uncovered during the investigative process.
If you need assistance getting your business HIPAA compliant, Compliancy Group has a simple, stress-free solution that includes individual coaching and support during the process and afterward.