2022, HIPAA and Licensing - Health Care Compliance Brief

Our “Preconceived” Notions of HIPAA

Bill of Health

MARCH 9, 2024

The film Preconceived , premiering at SXSW this week, shines a bright light on anti-abortion “Crisis Pregnancy Centers” (CPCs), including their disturbing take on the Health Insurance Portability and Accountability Act (HIPAA). HIPAA takes center stage near the end of the film.

HIPAA

HIPAA Licensing Health Insurance Compliance

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA

HIPAA Ransomware Health Insurance Compliance

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

Lifeline Systems Company Notifies Patients About August 2022 Cyberattack

HIPAA Journal

SEPTEMBER 8, 2023

According to the notification letters, unusual network activity was detected on August 6, 2022. The investigation confirmed that an unauthorized individual had access to its systems from July 27, 2022, to August 6, 2022, and accessed certain documents on its systems during that period.

Licensing

Licensing HIPAA

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

According to the breach report filed with the Maine Attorney General, it took until October 3, 2022, to confirm that an unauthorized third party had accessed the email system, which included sensitive information of its members. Notification letters were sent to affected individuals on October 31, 2022.

HIPAA

HIPAA Licensing Health Insurance Fraud

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

HIPAA Journal

APRIL 21, 2023

One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health said the investigation revealed hackers had access to parts of its network between July 9, 2022, and November 19, 2022, and accessed data intermittently over that period.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

The Health Law Firm Blog

APRIL 12, 2024

Board Certified by The Florida Bar in Health Law On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. By George F. Indest III, J.D., The California-based dental practice paid $23,000 to OCR and [.]

HIPAA

HIPAA Licensing Health Insurance Compliance

What is HIPAA Enforcement Discretion?

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA

HIPAA COVID-19 COVID-19 Vaccine Public Health

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The email account breaches were detected by the hospital on January 19, 2022. La Casa de Salud, New York.

HIPAA

HIPAA Health Insurance Licensing Hospitals

Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

The Health Law Firm Blog

SEPTEMBER 11, 2023

Board Certified by The Florida Bar in Health Law On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. By George F. Indest III, J.D., The California-based dental practice paid $23,000 to OCR and [.]

HIPAA

HIPAA Licensing Health Insurance Compliance

4 Data Security Challenges for Healthcare Organizations in 2022

HIT Consultant

DECEMBER 21, 2022

In addition, Healthcare software providers and organizations must comply with HIPAA (Health Insurance Portability and Accountability Act). Recent Data Breaches: – November 2022: Ransomware Hacker Steals Medibank Data on 9.7m – September 2022: American Airlines Discloses Data Breach. Million Twitter Users For Sale.

Ransomware

Ransomware HIPAA Health Insurance Governance

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

The Health Law Firm Blog

MARCH 23, 2024

Board Certified by The Florida Bar in Health Law On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., By George F. Indest III, J.D., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and [.]

HIPAA

HIPAA Health Insurance Licensing Compliance

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware

Ransomware Hospitals HIPAA Licensing

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

The Health Law Firm Blog

JANUARY 17, 2023

Board Certified by The Florida Bar in Health Law On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. By George F. Indest III, J.D., The California-based dental practice paid $23,000 to OCR and [.].

HIPAA

HIPAA Licensing Health Insurance Compliance

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

HIPAA Journal

JANUARY 9, 2023

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022.

Licensing

Licensing HIPAA Health Insurance Governance

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

HIPAA Journal

SEPTEMBER 30, 2022

Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter.

Licensing

Licensing HIPAA Health Insurance

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database and downloaded files containing plan members’ protected health information, including names, addresses, dates of birth, phone numbers, email addresses, Medicare ID numbers, and Medicaid ID numbers.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

On December 26, 2022, an employee’s laptop computer was stolen. Majestic Care – Hacking incident Majestic Care, a provider of community-based skilled nursing throughout Indiana, Ohio, and Michigan, has confirmed that it was the victim of a hacking incident in December 2022 that disrupted access to its information systems.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

HIPAA Journal

AUGUST 2, 2023

The administrative service provider said suspicious activity was detected within its network in early December 2022, and the forensic investigation confirmed on December 15, 2022, that an unauthorized third party accessed parts of its computer network where personal health information was stored.

Licensing

Licensing Electronic Medical Records Ransomware Health Insurance

Alabama Healthcare Provider Announces 441,000-Record Data Breach

HIPAA Journal

MARCH 20, 2023

The Birmingham, AL, Heart Hospital, Cardiovascular Associates, has recently announced that unauthorized individuals gained access to certain parts of its network between November 28, 2022, and December 5, 2022, and removed files containing patient information.

Licensing

Licensing HIPAA Health Insurance Hospitals

Credential Stuffing Attack Exposed United HealthCare Member Data

HIPAA Journal

MAY 2, 2023

No Social Security numbers, financial information, or driver’s license numbers were exposed. Suspicious activity was detected within its email environment on August 31, 2022. The forensic investigation confirmed the accounts were accessed between May 5, 2022, and September 8, 2022.

Licensing

Licensing Health Insurance Hospitals HIPAA

Dental Health Management Solutions Notified Patients About Historic Data Breach

HIPAA Journal

MARCH 6, 2023

The types of information exposed varied from individual to individual and may have included names, addresses, medical information, health insurance information, Medicaid identification numbers, driver’s licenses, account and routing numbers, and Social Security numbers.

Electronic Medical Records

Electronic Medical Records HIPAA Licensing Nurses

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. An employee was discovered to have accessed the medical records of several patients without authorization between October 2021 and May 2022, when there was no legitimate work reason for viewing those records. Patient medical records were not involved.

Hospitals

Hospitals HIPAA Health Insurance Licensing

168,000 Patients Have PHI Exposed in Phishing Attack on Henry Ford Health

HIPAA Journal

JULY 19, 2023

IMX Medical Management Services Announces 2022 Malware Incident The Malvern, PA-based medical consulting company, IMX Medical Management Services, has recently confirmed that malware was found on a laptop computer that potentially allowed unauthorized individuals to access the protected health information of 7,594 individuals.

Licensing

Licensing HIPAA

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. appeared first on HIPAA Journal.

Licensing

Licensing Health Insurance Fraud HIPAA

SuperCare Health Hack Affects 300K Patients

Compliancy Group

APRIL 11, 2022

In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. Let’s Simplify Compliance HIPAA and cybersecurity go hand-in-hand.

US Department of Health and Human Services

US Department of Health and Human Services HIPAA Compliance Licensing

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. A limited number of patients also had financial account information exposed.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

HIPAA Journal

MARCH 14, 2022

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated.

COVID-19

COVID-19 HIPAA Licensing Health Insurance

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

HIPAA Journal

DECEMBER 19, 2022

On September 9, 2022, 365 Data Centers notified Avem Health Partners that an unauthorized third party had gained access to its servers. The breach was detected on May 16, 2022, with the investigation confirming there may have been unauthorized access to data stored on those servers prior to May 14, 2022.

Fraud

Fraud Licensing HIPAA Health Insurance

San Juan Regional Medical Center Settles Data Breach Lawsuit

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The post San Juan Regional Medical Center Settles Data Breach Lawsuit appeared first on HIPAA Journal. All claims must be submitted by February 8, 2023.

Licensing

Licensing HIPAA Ransomware Health Insurance

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

HIPAA Journal

MAY 11, 2023

SuperCare detected a network intrusion on July 27, 2021, and the subsequent forensic investigation determined hackers had access to its network from July 23, 2021, to July 27, 2021; however, it took until February 4, 2022, to determine that patient information had been compromised. The post SuperCare Proposes $2.25

HIPAA

HIPAA Health Insurance Licensing Hospitals

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. According to the notification, the cyberattack was detected on or around March 19, 2022.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

HIPAA Journal

DECEMBER 14, 2022

A security breach was identified by Conifer in late March, with the investigation determining several Microsoft 365 had been accessed by unauthorized individuals between March 17 and March 22, 2022. CFA was informed about the breach on June 23, 2022. Patients started to be notified on November 23, 2022.

Health Insurance

Health Insurance HIPAA Licensing

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

HIPAA Journal

MAY 17, 2022

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access.

Health Insurance

Health Insurance Licensing Ransomware HIPAA

NuLife Med Settles Class Action Data Breach Lawsuit

HIPAA Journal

APRIL 10, 2023

The Manchester, New Hampshire-based medical equipment company, NuLife Med, has agreed to settle a class action lawsuit that was filed in response to a March 2022 data breach that affected more than 80,000 individuals. NuLife Med identified suspicious activity within its computer network on March 11, 2022.

Licensing

Licensing HIPAA Health Insurance

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Ransomware

Ransomware Fraud Licensing HIPAA

Home Care Providers of Texas Announces 124K-Record Data Breach

HIPAA Journal

JANUARY 17, 2023

The security breach was detected on June 29, 2022, when staff members were prevented from accessing files. Leading third-party cybersecurity experts were engaged to investigate the incident and determine the nature and scope of the breach and confirmed that the threat actors had access to its network between June 15, 2022, and June 29, 2022.

Ransomware

Ransomware Fraud HIPAA Licensing

SundaySky Cyberattack Impacts 37,000 Health Plan Members

HIPAA Journal

MARCH 23, 2023

Suspicious network activity was detected on or around October 12, 2022, and the investigation confirmed that unauthorized individuals had access to parts of its network between October 2, 2022, and October 13, 2022. The post SundaySky Cyberattack Impacts 37,000 Health Plan Members appeared first on HIPAA Journal.

Licensing

Licensing HIPAA

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The leaked data includes patient names, dates of birth, phone numbers, email addresses, medical records, Social Security numbers, copies of passports and driver’s licenses, health insurance information, and company data. The post Medusa Ransomware Group Leaks Data Stolen from American Renal Associates appeared first on HIPAA Journal.

Ransomware

Ransomware Health Insurance Licensing HIPAA

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, over a cyberattack and data breach that was reported to the Department of Health and Human Services on March 28, 2022. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

In its March 25, 2022, breach notification letters, SuperCare Health explained that it identified unauthorized activity within its IT systems on July 27, 2021. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

Licensing

Licensing HIPAA Health Insurance Hospitals

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

HIPAA Journal

AUGUST 3, 2022

The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. Fast Track Urgent Care said it took until June 6, 2022, 13 months after the initial breach, for PracticeMax to confirm that Fast Track Urgent Care patient data had been accessed.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Advent Health Partners Proposes $500,000 Settlement to Resolve Class Action Data Breach Lawsuit

HIPAA Journal

FEBRUARY 16, 2023

The investigation confirmed hackers had access to, and potentially stole, the protected health information of patients such as names, Social Security numbers, driver’s license information, dates of birth, health insurance, medical treatment information, and financial account information. A lawsuit – McHenry v.

HIPAA

HIPAA Fraud Licensing Health Insurance

Our “Preconceived” Notions of HIPAA

Editorial: Lessons from Biggest HIPAA Breaches of 2022

Trending Sources

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

Lifeline Systems Company Notifies Patients About August 2022 Cyberattack

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

One Brooklyn Health Notifies Patients About November 2022 Cyberattack

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

What is HIPAA Enforcement Discretion?

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

4 Data Security Challenges for Healthcare Organizations in 2022

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

Ransomware Attack at Fitzgibbon Hospital Affects 112,000 Patients

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

Physicians Business Office Reports Data Breach Affecting 196,573 Individuals

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

Alabama Healthcare Provider Announces 441,000-Record Data Breach

Credential Stuffing Attack Exposed United HealthCare Member Data

Dental Health Management Solutions Notified Patients About Historic Data Breach

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

168,000 Patients Have PHI Exposed in Phishing Attack on Henry Ford Health

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

SuperCare Health Hack Affects 300K Patients

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches

San Juan Regional Medical Center Settles Data Breach Lawsuit

SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

NuLife Med Settles Class Action Data Breach Lawsuit

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

Home Care Providers of Texas Announces 124K-Record Data Breach

SundaySky Cyberattack Impacts 37,000 Health Plan Members

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

SuperCare Health Sued Over 318,000-Record Data Breach

Cyberattack on SuperCare Health Affects 318,000 Patients

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Advent Health Partners Proposes $500,000 Settlement to Resolve Class Action Data Breach Lawsuit

Stay Connected