The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hacking and IT Incidents Affect 563,000 Patients and Health Plan Members

Posted By on Dec 1, 2022

Health Care Management Solutions LLC, a West Virginia-based consulting company focused on improving care quality for vulnerable populations including veterans, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 500,000 individuals.

Little is currently known about the data breach as the company has yet to publicly announce the breach. There is no substitute breach notice on the company website. The OCR breach summary indicates this was a hacking incident affecting its network server(s). The extent to which protected health information has been compromised is not yet known. Notifications were issued on November 14, 2022

This post will be updated as and when further information about the incident becomes available.

Stanley Street Treatment and Resources Discloses October 2021 Data Breach

The Fall River, MA-based addiction and treatment center, Stanley Street Treatment and Resources, Inc. (STAR), has recently announced a data breach that occurred more than a year ago in October 2021. According to the STAR substitute breach notice, the breach was detected in September 2022. An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. The files included names, Social Security numbers, government ID numbers, financial account information, dates of birth, dates of service, health insurance information, and medical information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

At the time of issuing notification letters, STAR said it was unaware of any cases of misuse of patient information. STAR said it continuously evaluates and modifies its practices to ensure the privacy and security of patient information and will continue to do so in the future.

California Health Insurance Agency Suffers Data Breach Affecting 14,600 Patients

The health insurance agency, CCA Health California, has announced that the protected health information of 14,631 members of the Vitality Health Plan of California has potentially been compromised. CCA Health California acquired Vitality Health Plan of California earlier this year.

CCA Health California discovered the data breach in September 2022. Unauthorized individuals had gained access to systems containing files that included protected health information and removed some of those files between May and September this year. It was not possible to determine which specific files were accessed or downloaded, but a review of all files that could potentially have been copied confirmed they contained the following types of information: names, Social Security numbers, dates of birth, diagnosis, and treatment information, demographic information, medical record numbers, passport numbers, health insurance information, provider names, lab results, and prescription information.

CCA Health California said security safeguards have been enhanced to prevent similar breaches in the future and monitoring capabilities have been enhanced.

Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack

Innovative Service Technology Management Services, a Georgia-based outsourcing company, has suffered a ransomware attack. A threat actor gained access to its systems and potentially removed files on June 3, 2022. The files that may have been accessed or copied included the protected health information of members of its health plan. A detailed review of the files was completed on October 17, 2022, and confirmed they contained the PHI of 2,654 individuals, including names, financial account information, and other personal information.  In response to the breach, a global password reset was performed and all critical applications were updated. Affected individuals have been offered complimentary membership to the Experian IdentityWorks identity theft protection service.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist