The HIPAA Journal

MARCH 26, 2025

The Sunflower Medical Group data breach occurred on December 15, 2024, but was not discovered for more than three weeks. The hacker was able to access names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information.

Medication 74

Medication HIPAA Insurance 74

The HIPAA Journal

APRIL 27, 2025

HIPAA violation cases are compliance investigations that result from a data breach being notified to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) or a privacy complaint being submitted to OCR via the complaints portal. There are many different types of HIPAA violation cases.

HIPAA 85

HIPAA Business Associate Hospital Medication 85

The HIPAA Journal

APRIL 1, 2025

On or around September 11, 2024, suspicious activity was identified in an employee email account. Third-party digital forensics specialists were engaged to investigate the activity and confirmed that an unauthorized third party had gained access to several employee email accounts from August 19, 2024, to September 25, 2024.

HIPAA 75

HIPAA Insurance Medication 75

The HIPAA Journal

MARCH 11, 2025

Hillcrest Convalescent Center Hillcrest Convalescent Center in Durham, North Carolina has notified 106,194 individuals about a data security incident identified on June 27, 2024. Notification letters were mailed to all affected individuals on March 3, 2024. The Hillcrest incident involved the data of 106,194 individuals.

HIPAA 68

HIPAA Insurance Medication 68

The HIPAA Journal

MAY 9, 2025

A new report from a leading cyber insurance provider shows a slight decline in claims for ransomware attacks in 2024. There was a 19% decrease in claims frequency in 2024 by businesses in the healthcare industry, which fell to 1.38%; however, claim severity increased by 32% year-over-year, with an average loss of $144,662.

Insurance 58

Insurance Transfers HIPAA 58

The HIPAA Journal

MARCH 19, 2025

Access TeleCare, Texas The Dallas, TX-based acute and specialty telemedicine provider Access TeleCare identified unauthorized access to an employees email account on January 8, 2024. On or around November 18, 2024, suspicious activity was identified in an employee email account.

HIPAA 74

HIPAA Documentation Insurance Medication 74

The HIPAA Journal

JULY 8, 2024

Palomar Health Medical Group has warned patients that they may have been affected by an April 2024 cyberattack, and DaVita has learned that tracking tools on its website and mobile app may have sent user data to third-party vendors. DaVita Notifies Patients About Tracking Technology Privacy Incident DaVita Inc.,

Medication 126

Medication HIPAA Tests Medical History 126

The HIPAA Journal

APRIL 18, 2025

doing business as Vitruvian Health in Georgia and Tennessee, and Erlanger Health in Tennessee, have been affected by a cyberattack on its debt collection vendor, Nationwide Recovery Service.Suspicious activity was identified within the Nationwide Recovery Service network on July 11, 2024.

HIPAA 55

HIPAA Hospital Documentation Insurance 55

The HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition.

Follow-Up 95

Follow-Up Insurance Transfers HIPAA 95

The HIPAA Journal

MAY 12, 2025

The HIPAA Journal first reported a potential data breach in August 2024, after the RansomHub ransomware group added NeuroSav to its dark web data leak site. The post Georgia & Missouri Healthcare Providers Notify Patients About 2024 Hacking Incidents appeared first on The HIPAA Journal.

HIPAA 70

HIPAA Follow-Up Billing Tests 70

The HIPAA Journal

MARCH 24, 2025

OrthoMinds, an Alpharetta, Georgia-based provider of orthodontic practice management software, has recently announced a November 2024 security incident that potentially resulted in unauthorized access to patients protected health information. What is not clear at this stage is how many individuals have been affected.

HIPAA 51

HIPAA Insurance Medication 51

The HIPAA Journal

APRIL 29, 2025

The investigation confirmed that an unauthorized third party had access to its IT environment between December 26, 2024, and February 28, 2025, during which time, files containing patient and health plan member data may have been viewed or acquired. Notification letters started to be sent to the affected individuals on April 11, 2025.

Hospital 75

Hospital HIPAA Insurance Medication 75

The HIPAA Journal

JULY 4, 2024

Gaia Software has disclosed details of a February 2024 cyberattack, Pinnacle Orthopaedics & Sports Medicine Specialists are investigating an April 2024 cyberattack, and OB GYN Specialists of Lima have discovered the improper disposal of patient data.

HIPAA 118

HIPAA Documentation Billing Insurance 118

The HIPAA Journal

MARCH 26, 2025

Rural hospitals often have low operating margins, high fixed costs relative to their urban counterparts, and have lower reimbursement rates from insurers. Microsoft launched its Cybersecurity for Rural Hospitals Program in June 2024 to help address the problem. In 2022, 429 rural hospitals were at high financial risk.

Hospital 79

Hospital Collaboration HIPAA Best Practices 79

The HIPAA Journal

MARCH 20, 2025

In late October 2024, an unidentified individual stole the mobile phone of a Roswell Park employee. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025.

Hospice 79

Hospice HIPAA Medical History Diagnostics 79

The HIPAA Journal

APRIL 26, 2024

This is the largest healthcare data breach to be reported so far in 2024 and the largest confirmed healthcare data breach to date involving website tracking technologies. Notifications are expected to be issued in May 2024. Million Individuals appeared first on HIPAA Journal. Kaiser Permanente Health Plan Inc. is notifying 13.4

HIPAA 117

HIPAA Hospital Insurance 117

The HIPAA Journal

JULY 5, 2024

The breach was detected on March 25, 2024, and immediate action was taken to prevent further unauthorized access. An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

JULY 3, 2024

Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.

HIPAA 124

HIPAA Hospital Insurance Medication 124

The HIPAA Journal

APRIL 28, 2025

Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Suspicious activity was identified in an employee’s email account in October 2024.

HIPAA 72

HIPAA Billing Hospital Admissions 72

The HIPAA Journal

JULY 5, 2024

Providence Mission Heritage Endocrinology In May 2024, Providence Mission Heritage Endocrinology in Mission Viejo, CA, discovered an insider breach that involved unauthorized access to clinical records. The first instance occurred on December 15, 2020, and it continued until May 15, 2024.

HIPAA 117

HIPAA Patient Records Insurance Hospital 117

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. CO Business Associate 14,782,887 Hacking/IT Incident 4 2024 Kaiser Foundation Health Plan, Inc.

Business Associate 109

Business Associate HIPAA Unit Organization and Environment Hospital 109

Valant

JULY 29, 2024

Altered mental status, unspecified (R41.82) is a billable ICD-10 diagnostic code under HIPAA regulations from October 1, 2020, to September 30, 2021. This code is acceptable to insurers when used to describe a marked change in mental health status not attributable to other factors. Check out the 2023 ICD-10 updates here.

Diagnostics 97

Diagnostics HIPAA Insurance Medication 97

The HIPAA Journal

OCTOBER 31, 2024

Mystic Valley Elder Services, a Malden, Massachusetts-based non-profit agency providing home and community-based care to elders and adults living with disabilities, has started issuing individual notifications about a cyberattack and data breach that was identified on April 5, 2024.

Hospital 114

Hospital Business Associate HIPAA Insurance 114

The HIPAA Journal

OCTOBER 29, 2024

According to its substitute breach notice, external cybersecurity professionals were engaged to investigate the incident and confirmed that a network intrusion occurred between January 4, 2024, and January 8, 2024, involving the exfiltration of a limited amount of patient data. The affected individuals have now been notified by mail.

Insurance 106

Insurance HIPAA Business Associate Medication 106

The HIPAA Journal

MARCH 28, 2025

The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network. The post Healthcare Data Breaches Reported in Georgia, Washington & New Hampshire appeared first on The HIPAA Journal.

Appointments 53

Appointments HIPAA Insurance Medication 53

The HIPAA Journal

APRIL 29, 2024

Berry, Dunn, McNeil & Parker, LLC (BerryDunn) provides health data analytics services to healthcare providers, health insurers, and government regulatory and healthcare policy agencies and its clients provide BerryDunn with personal and health data to allow the firm to perform its contracted services.

HIPAA 114

HIPAA Insurance Medication 114

The HIPAA Journal

JULY 9, 2024

The review of the affected files was not completed until June 13, 2024. Call 4 Health Issues Notifications About March 2024 Cyberattack Call 4 Health, Inc., Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.

Triage 120

Triage HIPAA Documentation Billing 120

The HIPAA Journal

JULY 8, 2024

The Breach of Personal Information Notification Act was amended by Senate Bill 824 and was signed into law by state Governor Josh Shapiro on June 28, 2024. The amended law takes effect on September 26, 2024.

HIPAA 120

HIPAA Insurance Billing Medication 120

The HIPAA Journal

JULY 9, 2024

The data compromised in the incident included names, addresses, phone numbers, Social Security numbers, birth dates, diagnoses, treatment information, prescriptions, physician names, medical record numbers, device serial numbers, and health insurance information.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

APRIL 30, 2024

On January 22, 2024, DRS identified suspicious activity within its network. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.

Business Associate 105

Business Associate HIPAA Follow-Up Hospital 105

The HIPAA Journal

APRIL 23, 2024

According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted. It took more than 10 months (April 10, 2024) to determine the types of information involved and the number of individuals affected.

HIPAA 109

HIPAA Insurance Medication 109

The HIPAA Journal

JULY 3, 2024

A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).

HIPAA 115

HIPAA Insurance 115

The HIPAA Journal

APRIL 25, 2024

The Lebanon, TN-based eye clinic chain said it detected unauthorized access to its network on March 25, 2024. OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.”

HIPAA 110

HIPAA Insurance 110

The HIPAA Journal

APRIL 25, 2024

The exposed and stolen data included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information.

Medication 117

Medication HIPAA Medical History Best Practices 117

The HIPAA Journal

APRIL 26, 2024

The email accounts were accessed by an unauthorized third party between February 19, 2024, and February 20, 2024. Lamont Hanley & Associates notified CMC on March 6, 2024, that there had been unauthorized access to an employee’s email account. The post Phishers Gain Access to 23 L.A.

Business Associate 117

Business Associate HIPAA Tests Medication 117

The HIPAA Journal

MAY 2, 2024

Hackers gained access to the BioPlus network for more than 2 weeks between October and November 2021, and potentially stole names, dates of birth, contact information, health insurance information, prescription information, and Social Security numbers.

Follow-Up 109

Follow-Up HIPAA Best Practices Documentation 109

The HIPAA Journal

JULY 4, 2024

The exposed information varied from individual to individual and may have included names, birth dates, medical record numbers, medical histories, and health insurance information. Notification letters were sent to the affected individuals on June 21, 2024, and they were advised about the data that was exposed. Central Time.

Medical History 117

Medical History HIPAA Insurance Medication 117