The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack Announced by Codman Square Health Center

Posted By on Mar 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients.

The incident was detected on November 28, 2022, and third-party digital forensics experts were engaged to investigate the security breach and determine the nature and scope of the attack. The investigation confirmed that unauthorized individuals gained access to parts of its network between November 23 and November 28, and during which time they may have viewed or acquired files containing patient data.

Codman Square Health Center said it was confirmed on January 25, 2023, that a folder on the compromised part of its network contained patient data, although it was not possible to tell if that folder was accessed. The files in that folder included names, addresses, birth dates, medical record numbers, diagnoses, treatment information, and claims information.

Notifications are being sent to affected individuals and steps have been taken to improve privacy and security and prevent further incidents of this nature.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Email Exposure Reported by Community Health Centers of Greater Dayton

Community Health Centers of Greater Dayton in Ohio has recently announced that the protected health information of 516 patients has been exposed as a result of an email error. On February 2, 2023, a business associate was sent an email that included a list of patients’ dental appointments. The business associate was authorized to receive that information; however, the email was not encrypted and therefore could have been intercepted.

The list included patient names, dates of birth, medical record numbers, appointment dates/times, and a brief description of why the appointment was booked. The risk of misuse of the data is believed to be low, but notification letters have been sent alerting patients about the HIPAA breach.  Additional safeguards have been implemented and the staff has been retrained on how to send emails securely.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist