September 2022 Healthcare Breach Report

Each month, we review healthcare breaches posted on the Office for Civil Rights (OCR) online breach portal to determine the leading causes and how the incidents could have been prevented. The OCR publicly posts healthcare breaches that affected 500 or more individuals to ensure that all affected patients know their information could have been potentially compromised. Covered entities, like healthcare providers and [...]

2023-07-26T10:17:13-04:00October 24th, 2022|

The Costs and Consequences of EHR Snooping

It’s a HIPAA violation that occurs every day but seldom makes the headlines. It has the potential to destroy an organization’s reputation, but it comes from within. Medical record snooping by employees may seem like a victimless offense, but the costs and consequences of EHR snooping are real. What the Law Says About EHR Snooping HIPAA regulations are unambiguous when it comes [...]

2023-09-14T15:27:00-04:00July 13th, 2022|

Eye Care Leaders Breach: Ransomware Attack Claims New Victims

In early December of 2021, Eye Care Leaders (Eye Care), an electronic medical record vendor supplying business associate services to eye care providers across the country, discovered it had incurred a data breach. The breach quickly disabled systems.  The intruder accessed compromised information, including name, address, phone numbers, health insurance information, and medical information related to eye care services - protected health [...]

2023-07-26T14:27:25-04:00June 29th, 2022|

Lawsuits Increasing Following HIPAA Breaches

Almost as surely as summer follows spring, lawsuits follow breaches of protected health information. Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches - Facts and Figures The law firm BakerHostetler published its annual Data Security Incident Response Report based on findings from 1,270 data security incidents managed by the firm in 2021.  Highlights included: 23% [...]

2023-07-26T14:43:23-04:00May 27th, 2022|

Salusive Health Announces Breach, Same Day They Close For Good

On April 29, 2022, Salusive Health, doing business as myNurse, alerted patients of a cyberattack – and that it was closing its doors. The cyberattack in question allowed unauthorized access to patient data, although there is no evidence that the information has been shared, posted, or misused. Details of the Salusive Health Breach According to the breach notice received by patients affected [...]

2023-07-27T09:26:29-04:00May 4th, 2022|

SuperCare Health Hack Affects 300K Patients

In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. The network intrusion was initially detected on July 27, 2021. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. More details regarding the SuperCare Health hack are discussed below. What Do We Know [...]

2023-07-27T10:04:01-04:00April 11th, 2022|

March 2022 Healthcare Breach Report

Each month, we review healthcare breaches to determine the leading cause and how the incidents could have been prevented. We do so by examining the Office for Civil Rights (OCR) online breach portal. The OCR publicly posts healthcare breaches that affected 500 or more patients to ensure that all affected patients know their information could have been potentially compromised. Cybercriminals hit a [...]

2023-07-27T10:09:41-04:00April 4th, 2022|

What is a HIPAA Breach Notification Form?

You may have been hearing a lot about HIPAA breach notification reporting lately and for a good reason. The deadline to report small-scale breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is March 1st. When reporting breaches to the HHS OCR, they require you to submit a HIPAA Breach Notification Form.  Before completing the form, [...]

2023-07-27T13:43:22-04:00February 8th, 2022|

FTC Breach Notification Rule Expands for Health Applications

A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon:  [...]

2023-07-27T13:57:52-04:00January 31st, 2022|

Don’t Miss the 2022 HIPAA Breach Notification Rule Deadline

Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]

2023-07-27T13:58:58-04:00January 28th, 2022|