This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
HENDERSON, NV – November 2024 – MEDVA, a pioneering leader in healthcare virtual staffing solutions, has been awarded Healthcare Virtual Assistant Company of the Year 2024 by Healthcare Business Review (HBR). healthcare protocols. For more information, visit www.MEDVA.com.
Verisource Services, an employee benefits administration service provider, has determined that a previously announced data breach was far worse than initially thought and has affected up to 4 million individuals.The Houston, Texas-based company detected a hacking incident on February 28, 2024, that disrupted access to some of its systems.
Ascension learned on December 5, 2024, that the business partner had experienced a hacking incident. The post Ascension Notifying Patients About Data Breach at Former Business Partner appeared first on The HIPAA Journal. Ascension in St.
Medical Express Ambulance Service has announced a March 2024 data breach that has affected more than 118,000 individuals. The security breach was identified on March 18, 2024, when network disruption was experienced that affected the functionality of certain systems.
The email account was secured the same day, and the forensic investigation confirmed the account was compromised from December 2 to December 4, 2024. This breach also involved a compromised email account and was detected by Restorix on May 30, 2024. Restorix sent notification letters to the affected patients on December 18, 2024.
The exposed data included names, birth dates, Social Security numbers, and health insurance information. On or around July 6, 2024, an unauthorized third party accessed the network and viewed or acquired individuals protected health information.The affected data was reviewed, and that process was completed on March 6, 2025.
The file review confirmed that the types of data compromised in the cyberattack included names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information. Suspicious activity was identified within its computer systems on April 11, 2024.
The Sunflower Medical Group data breach occurred on December 15, 2024, but was not discovered for more than three weeks. The hacker was able to access names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information.
HIPAA violation cases are compliance investigations that result from a data breach being notified to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) or a privacy complaint being submitted to OCR via the complaints portal. There are many different types of HIPAA violation cases.
On or around September 11, 2024, suspicious activity was identified in an employee email account. Third-party digital forensics specialists were engaged to investigate the activity and confirmed that an unauthorized third party had gained access to several employee email accounts from August 19, 2024, to September 25, 2024.
Hillcrest Convalescent Center Hillcrest Convalescent Center in Durham, North Carolina has notified 106,194 individuals about a data security incident identified on June 27, 2024. Notification letters were mailed to all affected individuals on March 3, 2024. The Hillcrest incident involved the data of 106,194 individuals.
A new report from a leading cyber insurance provider shows a slight decline in claims for ransomware attacks in 2024. There was a 19% decrease in claims frequency in 2024 by businesses in the healthcare industry, which fell to 1.38%; however, claim severity increased by 32% year-over-year, with an average loss of $144,662.
Access TeleCare, Texas The Dallas, TX-based acute and specialty telemedicine provider Access TeleCare identified unauthorized access to an employees email account on January 8, 2024. On or around November 18, 2024, suspicious activity was identified in an employee email account.
Palomar Health Medical Group has warned patients that they may have been affected by an April 2024 cyberattack, and DaVita has learned that tracking tools on its website and mobile app may have sent user data to third-party vendors. DaVita Notifies Patients About Tracking Technology Privacy Incident DaVita Inc.,
doing business as Vitruvian Health in Georgia and Tennessee, and Erlanger Health in Tennessee, have been affected by a cyberattack on its debt collection vendor, Nationwide Recovery Service.Suspicious activity was identified within the Nationwide Recovery Service network on July 11, 2024.
The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition.
The HIPAA Journal first reported a potential data breach in August 2024, after the RansomHub ransomware group added NeuroSav to its dark web data leak site. The post Georgia & Missouri Healthcare Providers Notify Patients About 2024 Hacking Incidents appeared first on The HIPAA Journal.
OrthoMinds, an Alpharetta, Georgia-based provider of orthodontic practice management software, has recently announced a November 2024 security incident that potentially resulted in unauthorized access to patients protected health information. What is not clear at this stage is how many individuals have been affected.
The investigation confirmed that an unauthorized third party had access to its IT environment between December 26, 2024, and February 28, 2025, during which time, files containing patient and health plan member data may have been viewed or acquired. Notification letters started to be sent to the affected individuals on April 11, 2025.
Gaia Software has disclosed details of a February 2024 cyberattack, Pinnacle Orthopaedics & Sports Medicine Specialists are investigating an April 2024 cyberattack, and OB GYN Specialists of Lima have discovered the improper disposal of patient data.
Rural hospitals often have low operating margins, high fixed costs relative to their urban counterparts, and have lower reimbursement rates from insurers. Microsoft launched its Cybersecurity for Rural Hospitals Program in June 2024 to help address the problem. In 2022, 429 rural hospitals were at high financial risk.
In late October 2024, an unidentified individual stole the mobile phone of a Roswell Park employee. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025.
This is the largest healthcare data breach to be reported so far in 2024 and the largest confirmed healthcare data breach to date involving website tracking technologies. Notifications are expected to be issued in May 2024. Million Individuals appeared first on HIPAA Journal. Kaiser Permanente Health Plan Inc. is notifying 13.4
The breach was detected on March 25, 2024, and immediate action was taken to prevent further unauthorized access. An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database.
Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.
Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Suspicious activity was identified in an employee’s email account in October 2024.
Providence Mission Heritage Endocrinology In May 2024, Providence Mission Heritage Endocrinology in Mission Viejo, CA, discovered an insider breach that involved unauthorized access to clinical records. The first instance occurred on December 15, 2020, and it continued until May 15, 2024.
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. CO Business Associate 14,782,887 Hacking/IT Incident 4 2024 Kaiser Foundation Health Plan, Inc.
Altered mental status, unspecified (R41.82) is a billable ICD-10 diagnostic code under HIPAA regulations from October 1, 2020, to September 30, 2021. This code is acceptable to insurers when used to describe a marked change in mental health status not attributable to other factors. Check out the 2023 ICD-10 updates here.
Mystic Valley Elder Services, a Malden, Massachusetts-based non-profit agency providing home and community-based care to elders and adults living with disabilities, has started issuing individual notifications about a cyberattack and data breach that was identified on April 5, 2024.
According to its substitute breach notice, external cybersecurity professionals were engaged to investigate the incident and confirmed that a network intrusion occurred between January 4, 2024, and January 8, 2024, involving the exfiltration of a limited amount of patient data. The affected individuals have now been notified by mail.
The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network. The post Healthcare Data Breaches Reported in Georgia, Washington & New Hampshire appeared first on The HIPAA Journal.
Berry, Dunn, McNeil & Parker, LLC (BerryDunn) provides health data analytics services to healthcare providers, health insurers, and government regulatory and healthcare policy agencies and its clients provide BerryDunn with personal and health data to allow the firm to perform its contracted services.
The review of the affected files was not completed until June 13, 2024. Call 4 Health Issues Notifications About March 2024 Cyberattack Call 4 Health, Inc., Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.
The Breach of Personal Information Notification Act was amended by Senate Bill 824 and was signed into law by state Governor Josh Shapiro on June 28, 2024. The amended law takes effect on September 26, 2024.
The data compromised in the incident included names, addresses, phone numbers, Social Security numbers, birth dates, diagnoses, treatment information, prescriptions, physician names, medical record numbers, device serial numbers, and health insurance information.
On January 22, 2024, DRS identified suspicious activity within its network. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.
According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted. It took more than 10 months (April 10, 2024) to determine the types of information involved and the number of individuals affected.
A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).
The Lebanon, TN-based eye clinic chain said it detected unauthorized access to its network on March 25, 2024. OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.”
The exposed and stolen data included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information.
The email accounts were accessed by an unauthorized third party between February 19, 2024, and February 20, 2024. Lamont Hanley & Associates notified CMC on March 6, 2024, that there had been unauthorized access to an employee’s email account. The post Phishers Gain Access to 23 L.A.
Hackers gained access to the BioPlus network for more than 2 weeks between October and November 2021, and potentially stole names, dates of birth, contact information, health insurance information, prescription information, and Social Security numbers.
The exposed information varied from individual to individual and may have included names, birth dates, medical record numbers, medical histories, and health insurance information. Notification letters were sent to the affected individuals on June 21, 2024, and they were advised about the data that was exposed. Central Time.
We organize all of the trending information in your field so you don't have to. Join 5,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content