2022, Health Insurance, HIPAA and Licensing - Health Care Compliance Brief

Our “Preconceived” Notions of HIPAA

Bill of Health

MARCH 9, 2024

The film Preconceived , premiering at SXSW this week, shines a bright light on anti-abortion “Crisis Pregnancy Centers” (CPCs), including their disturbing take on the Health Insurance Portability and Accountability Act (HIPAA). HIPAA takes center stage near the end of the film.

HIPAA

HIPAA Licensing Health Insurance Compliance

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA

HIPAA Ransomware Health Insurance Compliance

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

HIPAA Journal

APRIL 21, 2023

One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health said it started mailing notification letters to affected patients on April 20, 2023.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

According to the breach report filed with the Maine Attorney General, it took until October 3, 2022, to confirm that an unauthorized third party had accessed the email system, which included sensitive information of its members. Notification letters were sent to affected individuals on October 31, 2022.

HIPAA

HIPAA Licensing Health Insurance Fraud

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The email account breaches were detected by the hospital on January 19, 2022. La Casa de Salud, New York.

HIPAA

HIPAA Health Insurance Licensing Hospitals

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

The Health Law Firm Blog

MARCH 23, 2024

Board Certified by The Florida Bar in Health Law On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and [.]

HIPAA

HIPAA Health Insurance Licensing Compliance

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

The Health Law Firm Blog

APRIL 12, 2024

Board Certified by The Florida Bar in Health Law On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. By George F. Indest III, J.D.,

HIPAA

HIPAA Licensing Health Insurance Compliance

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

4 Data Security Challenges for Healthcare Organizations in 2022

HIT Consultant

DECEMBER 21, 2022

In addition, Healthcare software providers and organizations must comply with HIPAA (Health Insurance Portability and Accountability Act). Recent Data Breaches: – November 2022: Ransomware Hacker Steals Medibank Data on 9.7m – September 2022: American Airlines Discloses Data Breach. Ransomware.

Ransomware

Ransomware HIPAA Health Insurance Governance

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

OU Health – Stolen Laptop Computer OU Medicine Inc. in Oklahoma has reported a breach of the protected health information of 3,013 OU Health patients. On December 26, 2022, an employee’s laptop computer was stolen. Notification letters were mailed to the affected individuals on March 24, 2023.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

HIPAA Journal

AUGUST 2, 2023

The administrative service provider said suspicious activity was detected within its network in early December 2022, and the forensic investigation confirmed on December 15, 2022, that an unauthorized third party accessed parts of its computer network where personal health information was stored.

Licensing

Licensing Electronic Medical Records Ransomware Health Insurance

Credential Stuffing Attack Exposed United HealthCare Member Data

HIPAA Journal

MAY 2, 2023

The accounts subjected to unauthorized access included information such as names, birthdates, addresses, health insurance member ID numbers, service dates, provider names, claim details, and group names and numbers. No Social Security numbers, financial information, or driver’s license numbers were exposed.

Licensing

Licensing Health Insurance Hospitals HIPAA

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

Anthem has confirmed that the protected health information of certain plan members has been compromised in a data breach at its vendor, Choice Health. Choice Health was provided with the data of plan members to perform its contracted duties. CareOregon Reports August 2022 Mailing Error.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

The Health Law Firm Blog

SEPTEMBER 11, 2023

Board Certified by The Florida Bar in Health Law On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. By George F. Indest III, J.D.,

HIPAA

HIPAA Licensing Health Insurance Compliance

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

HIPAA Journal

DECEMBER 14, 2022

A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between March 17 and March 22, 2022. CFA was informed about the breach on June 23, 2022. Patients started to be notified on November 23, 2022.

Health Insurance

Health Insurance HIPAA Licensing

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware

Ransomware Hospitals HIPAA Licensing

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. According to the hospital operator, Tower Health, the unauthorized access was discovered during a routine audit of medical record access logs. Some of the accessed records included partial Social Security numbers and health insurance information.

Hospitals

Hospitals HIPAA Health Insurance Licensing

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The leaked data includes patient names, dates of birth, phone numbers, email addresses, medical records, Social Security numbers, copies of passports and driver’s licenses, health insurance information, and company data. The investigation uncovered evidence of unauthorized access to files that contained patient information.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

HIPAA Journal

MAY 17, 2022

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access.

Health Insurance

Health Insurance Licensing Ransomware HIPAA

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

HIPAA Journal

JANUARY 9, 2023

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022.

Licensing

Licensing HIPAA Health Insurance Governance

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

HIPAA Journal

MAY 11, 2023

SuperCare detected a network intrusion on July 27, 2021, and the subsequent forensic investigation determined hackers had access to its network from July 23, 2021, to July 27, 2021; however, it took until February 4, 2022, to determine that patient information had been compromised. The post SuperCare Proposes $2.25

HIPAA

HIPAA Health Insurance Licensing Hospitals

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. A limited number of patients also had financial account information exposed.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. appeared first on HIPAA Journal.

Licensing

Licensing Health Insurance Fraud HIPAA

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

HIPAA Journal

SEPTEMBER 30, 2022

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter.

Licensing

Licensing HIPAA Health Insurance

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

HIPAA Journal

AUGUST 3, 2022

The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. The post Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack appeared first on HIPAA Journal.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

The Health Law Firm Blog

DECEMBER 28, 2022

Board Certified by The Florida Bar in Health Law On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and [.].

HIPAA

HIPAA Health Insurance Licensing Compliance

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. According to the notification, the cyberattack was detected on or around March 19, 2022.

Ransomware

Ransomware Licensing HIPAA Health Insurance

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

HIPAA Journal

MAY 19, 2022

Suspicious activity was detected within its IT environment on March 14, 2022. The forensic investigation confirmed its systems were accessed by unauthorized individuals between March 11, 2022, and March 14, 2022. The breach has been reported to the HHS’ Office for Civil Rights as affecting 119,513 group health plan members.

COVID-19

COVID-19 Health Insurance Licensing HIPAA

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

HIPAA Journal

MARCH 4, 2022

Crossroads Health in Ohio has experienced a cyberattack that disrupted some of its IT systems. The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022.

Health Insurance

Health Insurance Licensing HIPAA

Alabama Healthcare Provider Announces 441,000-Record Data Breach

HIPAA Journal

MARCH 20, 2023

The Birmingham, AL, Heart Hospital, Cardiovascular Associates, has recently announced that unauthorized individuals gained access to certain parts of its network between November 28, 2022, and December 5, 2022, and removed files containing patient information.

Licensing

Licensing HIPAA Health Insurance Hospitals

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

HIPAA Journal

FEBRUARY 16, 2022

The investigation confirmed its electronic medical record system and other clinical systems were not compromised in the attack; however, on January 13, 2022, Philadelphia FIGHT discovered the attacker had accessed non-clinical systems that housed files containing the protected health information of around 15,000 patients.

Electronic Medical Records

Electronic Medical Records Health Insurance Licensing HIPAA

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

HIPAA Journal

MARCH 10, 2022

The breach was detected on January 20, 2022, and immediate action was taken to secure its systems, and an independent computer forensics company was engaged to conduct a forensic investigation to determine the nature and scope of the breach. The files exfiltrated from its systems included the protected health information of patients.

Ransomware

Ransomware Licensing Health Insurance Hospitals

SuperCare Health Hack Affects 300K Patients

Compliancy Group

APRIL 11, 2022

In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. × HIPAA Compliance Simplified. Learn More! ×

US Department of Health and Human Services

US Department of Health and Human Services HIPAA Compliance Licensing

Dental Health Management Solutions Notified Patients About Historic Data Breach

HIPAA Journal

MARCH 6, 2023

The types of information exposed varied from individual to individual and may have included names, addresses, medical information, health insurance information, Medicaid identification numbers, driver’s licenses, account and routing numbers, and Social Security numbers.

Electronic Medical Records

Electronic Medical Records HIPAA Licensing Nurses

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware

Ransomware Fraud Licensing HIPAA

NuLife Med Settles Class Action Data Breach Lawsuit

HIPAA Journal

APRIL 10, 2023

The Manchester, New Hampshire-based medical equipment company, NuLife Med, has agreed to settle a class action lawsuit that was filed in response to a March 2022 data breach that affected more than 80,000 individuals. NuLife Med identified suspicious activity within its computer network on March 11, 2022.

Licensing

Licensing HIPAA Health Insurance

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

Notification letters were sent to affected individuals on February 22, 2022. AHA discovered the email breach in early September 2021 and determined on December 2, 2021, that files containing the protected health information of its healthcare provider clients had been accessed. AHA provided notice about the attack on January 6, 2021.

Health Insurance

Health Insurance Licensing Ransomware Fraud

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

HIPAA Journal

MARCH 14, 2022

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated.

COVID-19

COVID-19 HIPAA Licensing Health Insurance

San Juan Regional Medical Center Settles Data Breach Lawsuit

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The post San Juan Regional Medical Center Settles Data Breach Lawsuit appeared first on HIPAA Journal. All claims must be submitted by February 8, 2023.

Licensing

Licensing HIPAA Ransomware Health Insurance

Lake Charles Memorial Health System Cyberattack Affects Almost 270,000 Patients

HIPAA Journal

DECEMBER 29, 2022

The Louisiana healthcare system said suspicious activity was detected by its security team on October 21, 2022, and steps were taken to contain the activity and investigate a potential breach. The Palm Springs, FL-based federally qualified health center, FoundCare Inc., Some Social Security numbers were also compromised.

Ransomware

Ransomware Health Insurance Licensing Medical Billing

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.

Licensing

Licensing HIPAA Health Insurance Hospitals

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

HIPAA Journal

DECEMBER 19, 2022

Avem Health Partners, an Oklahoma City-based provider of administrative and technology services to healthcare organizations, has recently started notifying its healthcare clients about a data breach that occurred at one of its vendors, 365 Data Centers. Department of Labor (DOL) on August 24, 2022.

Fraud

Fraud Licensing HIPAA Health Insurance

Our “Preconceived” Notions of HIPAA

Editorial: Lessons from Biggest HIPAA Breaches of 2022

Trending Sources

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

4 Data Security Challenges for Healthcare Organizations in 2022

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

Credential Stuffing Attack Exposed United HealthCare Member Data

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

SuperCare Health Sued Over 318,000-Record Data Breach

Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

Alabama Healthcare Provider Announces 441,000-Record Data Breach

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

SuperCare Health Hack Affects 300K Patients

Dental Health Management Solutions Notified Patients About Historic Data Breach

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

NuLife Med Settles Class Action Data Breach Lawsuit

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

San Juan Regional Medical Center Settles Data Breach Lawsuit

Lake Charles Memorial Health System Cyberattack Affects Almost 270,000 Patients

Cyberattack on SuperCare Health Affects 318,000 Patients

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

Stay Connected