HIPAA Journal

MAY 22, 2024

Superior Air-Ground Ambulance Service, a leading ambulance and EMS provider serving Illinois, Indiana, Michigan, Ohio, and Wisconsin, has confirmed that the protected health information of 858,238 patients was exposed or stolen in a cyberattack in May 2023.

Fraud 48

Fraud Licensing HIPAA Health Insurance 48

HIPAA Journal

APRIL 8, 2024

The leaked data includes patient names, dates of birth, phone numbers, email addresses, medical records, Social Security numbers, copies of passports and driver’s licenses, health insurance information, and company data. The investigation uncovered evidence of unauthorized access to files that contained patient information.

Ransomware 73

Ransomware Health Insurance Licensing HIPAA 73

HIPAA Journal

AUGUST 16, 2023

On March 9, 2023, a ransom note was detected within its computer environment that had been placed there by an unauthorized individual. The forensic investigation confirmed that an unauthorized individual had access to its network between February 2, 2023, and March 9, 2023.

Licensing 75

Licensing Health Insurance HIPAA Public Health 75

HIPAA Journal

AUGUST 2, 2023

Allegheny County in Pennsylvania has recently confirmed that the protected health information of up to 689,686 individuals was compromised in a May 2023 hacking incident by the Clop threat group. Cognisight was informed about the hacking incident on May 31, 2023, and its forensic investigation of the incident concluded on June 5, 2023.

Licensing 91

Licensing HIPAA Health Insurance 91

HIPAA Journal

MARCH 29, 2023

The attack was detected on January 29, 2023, when files were discovered to have been encrypted. A third-party computer forensics firm was engaged to assist with the investigation and determined that there was unauthorized access to files containing patient information from January 20, 2023.

Hospitals 105

Hospitals Ransomware Licensing Health Insurance 105

HIPAA Journal

JULY 7, 2023

The security breach was detected on May 11, 2023, with unauthorized access occurring between May 10, 2023, and May 13, 2023. Notification letters started to be mailed to affected individuals on June 29, 2023. The investigation also confirmed that files had been exfiltrated from its network on March 7, 2023.

Licensing 100

Licensing HIPAA Health Insurance Governance 100

HIPAA Journal

MAY 11, 2023

The deadline for exclusion from or objection to the settlement is June 5, 2023. Claims must be submitted by July 5, 2023, and the final approval hearing for the settlement has been scheduled for August 28, 2023. Million Settlement to Resolve Data Breach Lawsuit appeared first on HIPAA Journal.

HIPAA 91

HIPAA Health Insurance Licensing Hospitals 91

HIPAA Journal

FEBRUARY 8, 2024

Azura Vascular Care, a Pennsylvania-based operator of 70 outpatient vascular centers and ambulatory surgery centers in 25 states and Puerto Rico, notified the HHS’ Office for Civil Rights last month about a cybersecurity incident involving the protected health information of 348,000 patients. The incident was detected on November 9, 2023.

Ransomware 87

Ransomware Electronic Medical Records Licensing Health Insurance 87

HIPAA Journal

AUGUST 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing 76

Licensing Electronic Medical Records Ransomware Health Insurance 76

HIPAA Journal

MAY 2, 2023

The accounts subjected to unauthorized access included information such as names, birthdates, addresses, health insurance member ID numbers, service dates, provider names, claim details, and group names and numbers. No Social Security numbers, financial information, or driver’s license numbers were exposed.

Licensing 100

Licensing Health Insurance Hospitals HIPAA 100

HIPAA Journal

JUNE 30, 2023

Suspicious activity was detected within its IT systems on April 27, 2023, and the subsequent forensic investigation confirmed that an unauthorized third party had access to its network between April 22, 2023, and April 28, 2023.

Licensing 95

Licensing Health Insurance Records Management HIPAA 95

HIPAA Journal

JUNE 21, 2023

Atlanta Women’s Health Group, P.C., has recently confirmed that the protected health information of up to 33,839 current and former patients has been exposed and potentially stolen in an April 2023 cyberattack. Notification letters were sent to affected individuals on June 16, 2023.

Health Insurance 89

Health Insurance Licensing HIPAA Medicare 89

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The final data for objection to or exclusion from the settlement is January 9, 2023. All claims must be submitted by February 8, 2023.

Licensing 94

Licensing HIPAA Ransomware Health Insurance 94

HIPAA Journal

AUGUST 8, 2023

Varian Medical Systems has not yet confirmed the data breach, and the LockBit group has not yet disclosed how much data was stolen in the attack but said Varian has been given until August 17, 2023, to enter into negotiations otherwise all stolen databases and patient data will be released on its dark web data leak site.

Ransomware 93

Ransomware Licensing HIPAA Health Insurance 93

HIPAA Journal

JUNE 8, 2023

An unauthorized third party gained access to MCNA Dental’s systems on February 26, 2023, the breach was detected on March 6, 2023, and the unauthorized access was blocked the following day. Names, addresses, Social Security numbers, and health insurance were impermissibly disclosed.

Medicaid 85

Medicaid Medicaid Ransomware Health Insurance 85

HIPAA Journal

JULY 3, 2023

a provider of skilled nursing care at three inpatient facilities in Pennsylvania – The Atrium in Johnstown, Beacon Ridge in Indiana, and The Patriot in Somerset – have been affected by a cyberattack that was detected on April 24, 2023. The Williamsport Home, a retirement village in Pennsylvania, and Senior Choice, Inc.,

HIPAA 82

HIPAA Licensing Health Insurance Nurses 82

HIPAA Journal

APRIL 21, 2023

In late January, One Brooklyn Health confirmed that patient data had been compromised, and the attackers had access to information such as names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions, health insurance information, and Social Security numbers.

Health Insurance 94

Health Insurance Licensing HIPAA Hospitals 94

HIPAA Journal

JULY 4, 2023

Murfreesboro Medical Clinic & SurgiCenter (MMC) in Tennessee has recently confirmed that the protected health information of more than half a million patients was compromised in what it describes as “a series of attacks on our network and IT systems,” which were discovered on or around April 24, 2023.

Medicaid 77

Medicaid Medicaid Health Insurance Licensing 77

HIPAA Journal

JULY 25, 2023

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. The attack was detected on June 2, 2023, when files were discovered to have been encrypted. Financial information was not compromised. Some of the files were acquired in the attack.

Ransomware 84

Ransomware Licensing HIPAA Health Insurance 84

HIPAA Journal

JUNE 16, 2023

Commonwealth Health Physician Network-Cardiology, aka Great Valley Cardiology in Scranton, PA, has notified 181,764 current and former patients about a cyberattack and data breach that was discovered on April 13, 2023. The cyberattack was detected by its threat detection system on February 20, 2023.

Medicaid 86

Medicaid Medicaid HIPAA Health Insurance 86

HIPAA Journal

APRIL 10, 2023

The compromised data included names, addresses, medical information, health insurance information, and in some cases, Social Security numbers, driver’s licenses, and financial account/credit card information. The deadline for submitting a claim is June 20, 2023.

Licensing 81

Licensing HIPAA Health Insurance 81

HIPAA Journal

MARCH 10, 2023

A lawsuit has been filed against Maternal & Family Health Services (MFHS) in Pennsylvania which alleges the healthcare provider failed to protect patient data and did not send timely breach notifications. On March 3, 2023, a lawsuit was filed against the Wilkes-Barre-based healthcare provider in the U.S.

Ransomware 90

Ransomware HIPAA Licensing Health Insurance 90

HIPAA Journal

FEBRUARY 14, 2023

Hackers gained access to Umass Memorial Health’s email environment between June 24, 2020 and January 7, 2021, as a result of responses to phishing emails. The deadline for objection to the settlement is March 15, 2023. Claims for the benefits or cash payment must be submitted by April 14, 2023.

Fraud 97

Fraud Licensing Health Insurance HIPAA 97

HIPAA Journal

FEBRUARY 16, 2023

The investigation confirmed hackers had access to, and potentially stole, the protected health information of patients such as names, Social Security numbers, driver’s license information, dates of birth, health insurance, medical treatment information, and financial account information.

HIPAA 98

HIPAA Fraud Licensing Health Insurance 98

HIPAA Journal

MARCH 6, 2023

Cedar Park, TX-based Dental Health Management Solutions (DHMS), a provider of dental services to the government/military and private patients has recently announced – via its legal counsel – that the protected health information of certain patients was exposed in a 2021 hacking incident.

Electronic Medical Records 80

Electronic Medical Records HIPAA Licensing Nurses 80

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals.

Governance 75

Governance Medicare Medicare Ransomware 75

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance 89

Health Insurance Public Health Ransomware Fraud 89

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. UTSW was notified about the attack by Progress Software on May 30, 2023, and the exploited vulnerability was immediately patched.

Ransomware 90

Ransomware Licensing Health Insurance HIPAA 90

HIPAA Journal

FEBRUARY 15, 2023

The attack was detected and blocked by Electromed on June 16, 2021, and the forensic investigation confirmed that files were accessed – and potentially stolen – that included customers’ first and last names, mailing addresses, medical information, and health insurance information.

Ransomware 90

Ransomware Fraud Licensing Health Insurance 90

HIPAA Journal

JULY 12, 2023

A round-up of data breaches that have recently been reported by HIPAA-covered entities. The breach was detected on April 3, 2023, with the investigation confirming the account was accessed following a response to a phishing email. The response was on February 20, 2023, and the unauthorized access was blocked on April 3, 2023.

HIPAA 52

HIPAA Health Insurance Licensing 52

HIPAA Journal

JULY 31, 2023

Harris Health Systems Confirms Breach of Almost 225,000 Patient Records Harris County Hospital District, doing business as Harris Health System, has recently reported a data breach affecting 224,703 individuals. The 51,854 affected individuals were notified by mail on July 21, 2023.

Health Insurance 90

Health Insurance Hospitals HIPAA Licensing 90

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid 101

Medicaid Medicaid Ransomware HIPAA 101

HIPAA Journal

JUNE 28, 2023

The deadline for exclusion from and objection to the settlement is July 18, 2023, and all claims must be submitted by July 18, 2023. The post Good Samaritan Hospital Settles Class Action Data Breach Lawsuit appeared first on HIPAA Journal. The final approval hearing has been scheduled for Sept.

Hospitals 82

Hospitals Fraud Licensing HIPAA 82

HIPAA Journal

MARCH 22, 2023

The lawsuit was filed on March 15, 2023, by the law firm Milberg Coleman Bryson Phillips Grossman PLLC on behalf of plaintiff, Samuel Lee. The post Class Action Lawsuit Filed Against Cardiovascular Associates Over 441K-Record Data Breach appeared first on HIPAA Journal.

HIPAA 100

HIPAA Fraud Licensing Health Insurance 100

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware 101

Ransomware HIPAA Licensing Health Insurance 101

HIPAA Journal

MARCH 28, 2024

Suspicious activity was detected within its network on April 13, 2023, and after securing its systems, a forensic investigation was launched to determine the nature and scope of the unauthorized activity. In November 2023, the vendor was unable to access the patient management tool and worked with its subcontractor to address the problem.

Hospitals 79

Hospitals Ransomware HIPAA Licensing 79

HIPAA Journal

AUGUST 31, 2023

As well as supplying private customers, the company works with more than five hundred health plans, managed care organizations, and other agencies to provide access to meals for people covered by Medicare and Medicare. At the time of publication, the company’s name does not appear on the HIPAA Breach Report.

Medicare 52

Medicare Medicare HIPAA Medicaid 52