2022, Health Insurance and Licensing - Health Care Compliance Brief

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

HIPAA Journal

APRIL 21, 2023

One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health said it started mailing notification letters to affected patients on April 20, 2023.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

Health Insurance in Aisle 3: Why a Grocery Chain is Working on Medicare

Health Populi

AUGUST 3, 2021

Under the hood of this effort is Hy-Vee Financial Services, a multi-service financial services company with licenses to serve consumers in Illinois, Iowa, Kansas, Minnesota, Missouri, Nebraska, South Dakota and Wisconsin. The post Health Insurance in Aisle 3: Why a Grocery Chain is Working on Medicare appeared first on HealthPopuli.com.

Health Insurance

Health Insurance Medicare Medicare Licensing

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA

HIPAA Ransomware Health Insurance Compliance

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

4 Data Security Challenges for Healthcare Organizations in 2022

HIT Consultant

DECEMBER 21, 2022

In addition, Healthcare software providers and organizations must comply with HIPAA (Health Insurance Portability and Accountability Act). Recent Data Breaches: – November 2022: Ransomware Hacker Steals Medibank Data on 9.7m – September 2022: American Airlines Discloses Data Breach. Ransomware.

Ransomware

Ransomware HIPAA Health Insurance Governance

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

According to the breach report filed with the Maine Attorney General, it took until October 3, 2022, to confirm that an unauthorized third party had accessed the email system, which included sensitive information of its members. Notification letters were sent to affected individuals on October 31, 2022.

HIPAA

HIPAA Licensing Health Insurance Fraud

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. A limited number of patients also had financial account information exposed.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

HIPAA Journal

MAY 17, 2022

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access.

Health Insurance

Health Insurance Licensing Ransomware HIPAA

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

HIPAA Journal

AUGUST 2, 2023

The administrative service provider said suspicious activity was detected within its network in early December 2022, and the forensic investigation confirmed on December 15, 2022, that an unauthorized third party accessed parts of its computer network where personal health information was stored.

Licensing

Licensing Electronic Medical Records Ransomware Health Insurance

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

OU Health – Stolen Laptop Computer OU Medicine Inc. in Oklahoma has reported a breach of the protected health information of 3,013 OU Health patients. On December 26, 2022, an employee’s laptop computer was stolen. Notification letters were mailed to the affected individuals on March 24, 2023.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The leaked data includes patient names, dates of birth, phone numbers, email addresses, medical records, Social Security numbers, copies of passports and driver’s licenses, health insurance information, and company data. The investigation uncovered evidence of unauthorized access to files that contained patient information.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Credential Stuffing Attack Exposed United HealthCare Member Data

HIPAA Journal

MAY 2, 2023

The accounts subjected to unauthorized access included information such as names, birthdates, addresses, health insurance member ID numbers, service dates, provider names, claim details, and group names and numbers. No Social Security numbers, financial information, or driver’s license numbers were exposed.

Licensing

Licensing Health Insurance Hospitals HIPAA

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

HIPAA Journal

DECEMBER 14, 2022

A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between March 17 and March 22, 2022. CFA was informed about the breach on June 23, 2022. Patients started to be notified on November 23, 2022.

Health Insurance

Health Insurance HIPAA Licensing

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers.

Licensing

Licensing Health Insurance Fraud HIPAA

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

HIPAA Journal

JANUARY 9, 2023

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022.

Licensing

Licensing HIPAA Health Insurance Governance

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

HIPAA Journal

MARCH 10, 2022

The breach was detected on January 20, 2022, and immediate action was taken to secure its systems, and an independent computer forensics company was engaged to conduct a forensic investigation to determine the nature and scope of the breach. The files exfiltrated from its systems included the protected health information of patients.

Ransomware

Ransomware Licensing Health Insurance Hospitals

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

HIPAA Journal

SEPTEMBER 30, 2022

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter.

Licensing

Licensing HIPAA Health Insurance

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

The Health Law Firm Blog

MARCH 23, 2024

Board Certified by The Florida Bar in Health Law On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and [.]

HIPAA

HIPAA Health Insurance Licensing Compliance

Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

HIPAA Journal

MAY 19, 2022

Suspicious activity was detected within its IT environment on March 14, 2022. The forensic investigation confirmed its systems were accessed by unauthorized individuals between March 11, 2022, and March 14, 2022. The breach has been reported to the HHS’ Office for Civil Rights as affecting 119,513 group health plan members.

COVID-19

COVID-19 Health Insurance Licensing HIPAA

Lake Charles Memorial Health System Cyberattack Affects Almost 270,000 Patients

HIPAA Journal

DECEMBER 29, 2022

The Louisiana healthcare system said suspicious activity was detected by its security team on October 21, 2022, and steps were taken to contain the activity and investigate a potential breach. The Palm Springs, FL-based federally qualified health center, FoundCare Inc., Some Social Security numbers were also compromised.

Ransomware

Ransomware Health Insurance Licensing Medical Billing

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

HIPAA Journal

AUGUST 3, 2022

The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. A server used by PracticeMax and several email accounts were affected and data on its systems was encrypted.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Alabama Healthcare Provider Announces 441,000-Record Data Breach

HIPAA Journal

MARCH 20, 2023

The Birmingham, AL, Heart Hospital, Cardiovascular Associates, has recently announced that unauthorized individuals gained access to certain parts of its network between November 28, 2022, and December 5, 2022, and removed files containing patient information.

Licensing

Licensing HIPAA Health Insurance Hospitals

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

Notification letters were sent to affected individuals on February 22, 2022. AHA discovered the email breach in early September 2021 and determined on December 2, 2021, that files containing the protected health information of its healthcare provider clients had been accessed. AHA provided notice about the attack on January 6, 2021.

Health Insurance

Health Insurance Licensing Ransomware Fraud

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

HIPAA Journal

MARCH 4, 2022

Crossroads Health in Ohio has experienced a cyberattack that disrupted some of its IT systems. The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022.

Health Insurance

Health Insurance Licensing HIPAA

U.S. Vision Subsidiary and Florida Addiction Treatment Center Announce 2021 Data Breaches

HIPAA Journal

NOVEMBER 8, 2022

That process was completed on October 17, 2022. The forensic investigation confirmed on September 2, 2022, that protected health information had been exposed, and notification letters were sent to affected individuals on October 19, 2022. The types of information exposed varied from patient to patient. The post U.S.

Licensing

Licensing Health Insurance HIPAA

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

Notification letters were mailed on February 22, 2022, and complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security number or driver’s license number was exposed. The email account breaches were detected by the hospital on January 19, 2022.

HIPAA

HIPAA Health Insurance Licensing Hospitals

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware

Ransomware Hospitals HIPAA Licensing

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

Anthem has confirmed that the protected health information of certain plan members has been compromised in a data breach at its vendor, Choice Health. Choice Health was provided with the data of plan members to perform its contracted duties. CareOregon Reports August 2022 Mailing Error.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Atlanta Women’s Health Group Data Breach Impacts 33,800 Patients

HIPAA Journal

JUNE 21, 2023

Approximately 13,700 of the affected individuals were members of Vermont Blue Advantage Health Insurance Plans, around 2,250 individuals were members of Vermont Blue Advantage Plans, and the remainder of the affected individuals were members of other insurance plans.

Health Insurance

Health Insurance Licensing HIPAA Medicare

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

HIPAA Journal

FEBRUARY 16, 2022

The investigation confirmed its electronic medical record system and other clinical systems were not compromised in the attack; however, on January 13, 2022, Philadelphia FIGHT discovered the attacker had accessed non-clinical systems that housed files containing the protected health information of around 15,000 patients.

Electronic Medical Records

Electronic Medical Records Health Insurance Licensing HIPAA

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

HIPAA Journal

MAY 11, 2023

SuperCare detected a network intrusion on July 27, 2021, and the subsequent forensic investigation determined hackers had access to its network from July 23, 2021, to July 27, 2021; however, it took until February 4, 2022, to determine that patient information had been compromised.

HIPAA

HIPAA Health Insurance Licensing Hospitals

Data Breaches Reported by Neurology and Fertility Centers in Nevada and California

HIPAA Journal

OCTOBER 4, 2022

The Neurology Center of Nevada (NCNV), in Henderson, NV, has confirmed a data security event was detected on July 17, 2022, which rendered certain computer systems inaccessible. The attack was detected on July 24, 2022, and immediate action was taken to contain the attack, secure its systems, and eject the threat actors from its network.

Ransomware

Ransomware Health Insurance HIPAA Licensing

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

HIPAA Journal

DECEMBER 19, 2022

Avem Health Partners, an Oklahoma City-based provider of administrative and technology services to healthcare organizations, has recently started notifying its healthcare clients about a data breach that occurred at one of its vendors, 365 Data Centers. Department of Labor (DOL) on August 24, 2022.

Fraud

Fraud Licensing HIPAA Health Insurance

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

According to the hospital operator, Tower Health, the unauthorized access was discovered during a routine audit of medical record access logs. Some of the accessed records included partial Social Security numbers and health insurance information. Notification letters were sent to affected individuals on July 5, 2022.

Hospitals

Hospitals HIPAA Health Insurance Licensing

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. According to the notification, the cyberattack was detected on or around March 19, 2022.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Cartwheel Raises $20M to Tackle The Student Mental Health Crisis

HIT Consultant

SEPTEMBER 26, 2023

. – The funding will allow Cartwheel to expand mental health services to hundreds of thousands of new students in current service areas, as well as school districts in new states. Evidence-Based Mental Health Support Founded in 2022, Cartwheel has quickly become a trusted mental health partner to schools.

Licensing

Licensing Health Insurance

NuLife Med Settles Class Action Data Breach Lawsuit

HIPAA Journal

APRIL 10, 2023

The Manchester, New Hampshire-based medical equipment company, NuLife Med, has agreed to settle a class action lawsuit that was filed in response to a March 2022 data breach that affected more than 80,000 individuals. NuLife Med identified suspicious activity within its computer network on March 11, 2022.

Licensing

Licensing HIPAA Health Insurance

Up to 2,592,494 individuals Affected by Smile Brands Ransomware Attack

HIPAA Journal

APRIL 28, 2022

Arcare, a provider of primary care and behavioral health services in Arkansas, Mississippi, and Kentucky has confirmed that patient data was potentially accessed by unauthorized individuals in a cyberattack that was discovered on February 24, 2022.

Ransomware

Ransomware Health Insurance HIPAA Licensing

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware

Ransomware Fraud Licensing HIPAA

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Our “Preconceived” Notions of HIPAA

Bill of Health

MARCH 9, 2024

By Susannah Baruch Concerned about privacy protections for pregnancy- and abortion-related health data in the post- Dobbs environment? A reasonable person would assume this is a licensed medical provider, required to comply with HIPAA and accountable for violations or sharing of personal health information.

HIPAA

HIPAA Licensing Health Insurance Compliance

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

HIPAA Journal

JUNE 8, 2023

Names, addresses, Social Security numbers, and health insurance were impermissibly disclosed. Telligen subcontracted part of that work to Independent Living Systems (ILS), where the data breach occurred in June and July 2022. The protected health information of approximately 20,800 Medicaid members was compromised in the attack.

Medicaid

Medicaid Medicaid Ransomware Health Insurance

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.

Licensing

Licensing HIPAA Health Insurance Hospitals

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

Health Insurance in Aisle 3: Why a Grocery Chain is Working on Medicare

Trending Sources

Editorial: Lessons from Biggest HIPAA Breaches of 2022

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

4 Data Security Challenges for Healthcare Organizations in 2022

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

Credential Stuffing Attack Exposed United HealthCare Member Data

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

Lake Charles Memorial Health System Cyberattack Affects Almost 270,000 Patients

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Alabama Healthcare Provider Announces 441,000-Record Data Breach

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

U.S. Vision Subsidiary and Florida Addiction Treatment Center Announce 2021 Data Breaches

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

Atlanta Women’s Health Group Data Breach Impacts 33,800 Patients

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

Data Breaches Reported by Neurology and Fertility Centers in Nevada and California

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

Cartwheel Raises $20M to Tackle The Student Mental Health Crisis

NuLife Med Settles Class Action Data Breach Lawsuit

Up to 2,592,494 individuals Affected by Smile Brands Ransomware Attack

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

SuperCare Health Sued Over 318,000-Record Data Breach

Our “Preconceived” Notions of HIPAA

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

Cyberattack on SuperCare Health Affects 318,000 Patients

Stay Connected