2.2 Million Patients Affected by August Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients on their online breach portal known colloquially as the “wall of shame.” In August, 2,219,347 patients were affected by these large-scale breaches (not counting breaches affecting less than 500 patients), with 37 breaches reported. More details on the August healthcare breaches are discussed below. August Healthcare Breaches: [...]

2020-09-17T12:03:23-04:00September 17th, 2020|

Employees Involved in Unauthorized Access to Patient Medical Records of George Floyd

Hennepin County Medical Center (HCMC), the facility that treated George Floyd, fired 13 employees for unauthorized access to patient medical records. More details are discussed below. Unauthorized Access to Patient Medical Records: What Happened HCMC recently discovered that the medical records of George Floyd were illegally accessed by employees of the organization. HCMC first discovered the breach during its routine review [...]

2020-09-11T10:46:50-04:00September 11th, 2020|

Patient Data Breach Exposes COVID-19 Patients

On August 17, the Department of Public Safety (DPS) of South Dakota sent out breach notifications to patients exposed by a June 19 data breach. The patient data breach is currently under investigation by the FBI. More details about the patient data breach is discussed below. COVID-19 Patient Data Breach DPS Fusion Center, the database used to store and share COVID-19 patients’ names [...]

2020-09-04T12:54:18-04:00August 31st, 2020|

3.1 Million Patients Exposed by Unsecure Healthcare Database

Recently, security researcher, Volodymyr Diachenko, discovered a healthcare database left available for public view. The healthcare database, containing the protected health information (PHI) of 3.1 million patients, was easily accessible, requiring no password to access the information. What Happened Following the Discovery? Upon discovery of the exposed healthcare database, Diachenko did some research to uncover who owned the database. He found that the healthcare database belonged to a [...]

2020-08-20T14:15:02-04:00August 20th, 2020|

Large-Scale HIPAA Security Breach: Improper Use of GitHub

Recently, the improper use of GitHub led to a large-scale HIPAA security breach, leaving the protected health information (PHI) of 150,000 - 200,000 patients available through publicly searchable employee login credentials for nine healthcare organizations. Software developers use GitHub for source code management and version control when creating, or making changes to, software. One feature of GitHub is the ability to use [...]

2020-09-04T21:14:43-04:00August 18th, 2020|

1.12 Million Affected by July Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) posts breaches affecting 500 or more patients to their online breach portal. The “wall of shame” permanently lists these breaches for public view. July healthcare breaches listed on the site affected 1,123,850 patients.   Is your organization secure? Find out now with our HIPAA compliance checklist. July Healthcare Breaches and Hacking/IT Incidents The majority of July [...]

2020-08-14T12:51:12-04:00August 13th, 2020|

$1,040,000 OCR Settlement Reached for Stolen Unencrypted Laptop

Lifespan Affiliated Covered Entity (“Lifespan ACE”) is a HIPAA-covered entity. This not-for-profit health system includes three academic teaching hospitals, a medical and mental health services hospital, and Rhode Island’s largest nonprofit behavioral healthcare provider. In April of 2017, Lifespan’s parent company and business associate, filed a breach report with the Department of Health and Human Services’ (HHS) Office for Civil Rights. The resulting OCR investigation determined that an unencrypted [...]

2020-07-28T09:58:33-04:00July 28th, 2020|

Failure to Deidentify PHI Exposed Hundreds of Patients

On April 9 students from the University of Delaware contacted the Delaware Division of Developmental Disabilities Services (DDDS) regarding a research project. The students requested demographic and disability status information on 350 patients. A staff member provided the information to the students but failed to deidentify PHI, resulting in a HIPAA violation. In a letter sent to breach victims, DDDS stated that students were conducting a research study in [...]

2020-07-22T10:30:25-04:00July 22nd, 2020|

What Happens to HIPAA Lawsuits?

HIPAA lawsuits - litigation involving a plaintiff claiming violation of a HIPAA regulation - usually do not get very far, as the plaintiffs in a data breach lawsuit against Episcopal Health Services discovered. HIPAA lawsuits, which are usually filed in court, are almost always dismissed by the judges assigned to hear them. What Happens to HIPAA Lawsuits: No Standing For a court to hear a lawsuit, it must have [...]

2020-07-21T09:14:35-04:00July 21st, 2020|

275,000 Affected by Billing Vendor Breach

Benefit Recovery Specialists Inc., a debt collection and billing vendor based in Houston, suffered a breach. The billing vendor breach affected 275,000 patients as the vendor serviced multiple healthcare entities, including health plans and healthcare providers. The billing vendor breach is discussed below. Is your organization secure?  Find out now with our HIPAA compliance checklist. Billing Vendor Breach: What Happened On April 30, Benefit Recovery Specialists Inc. (BRSI) discovered [...]

2020-07-20T09:07:04-04:00July 20th, 2020|
Load More Posts