The HIPAA Journal

JULY 8, 2024

Palomar Health Medical Group has warned patients that they may have been affected by an April 2024 cyberattack, and DaVita has learned that tracking tools on its website and mobile app may have sent user data to third-party vendors. DaVita Notifies Patients About Tracking Technology Privacy Incident DaVita Inc.,

Medication 126

Medication HIPAA Tests Medical History 126

Sensible Medicine

MARCH 25, 2025

For example, a systematic review of medical journals found only 0.6% In 2024, the NIH Office of Strategic Coordination launched the Replication to Enhance Research Impact Initiative. For example, the Feinstein Institute for Medical Research settled HIPAA violations for $3.9 Yet this gold mine is mostly fools gold.

Collaboration 229

Collaboration HIPAA Follow-Up Medication 229

The HIPAA Journal

APRIL 23, 2024

Biggest Healthcare Data Breaches in March 2024 18 data breaches were reported in March that involved the protected health information of 10,000 or more individuals, all of which were hacking incidents. A similarly sized breach was reported by Oklahoma’s largest emergency medical care provider, Emergency Medical Services Authority.

Business Associate 124

Business Associate HIPAA Hospital Billing 124

The HIPAA Journal

APRIL 1, 2025

On or around September 11, 2024, suspicious activity was identified in an employee email account. Third-party digital forensics specialists were engaged to investigate the activity and confirmed that an unauthorized third party had gained access to several employee email accounts from August 19, 2024, to September 25, 2024.

HIPAA 75

HIPAA Insurance Medication 75

The HIPAA Journal

MARCH 11, 2025

Hillcrest Convalescent Center Hillcrest Convalescent Center in Durham, North Carolina has notified 106,194 individuals about a data security incident identified on June 27, 2024. Notification letters were mailed to all affected individuals on March 3, 2024. The Hillcrest incident involved the data of 106,194 individuals.

HIPAA 68

HIPAA Insurance Medication 68

The HIPAA Journal

MAY 6, 2024

Marlton, NJ-based Continuum Health Alliance has recently confirmed that it has experienced a security incident that exposed the data of 377,119 patients of its client, Consensus Medical Group, a physician-owned medical group in Evesham, NJ.

Medication 117

Medication HIPAA Tests Follow-Up 117

The HIPAA Journal

APRIL 18, 2025

doing business as Vitruvian Health in Georgia and Tennessee, and Erlanger Health in Tennessee, have been affected by a cyberattack on its debt collection vendor, Nationwide Recovery Service.Suspicious activity was identified within the Nationwide Recovery Service network on July 11, 2024.

HIPAA 55

HIPAA Hospital Documentation Insurance 55

The HIPAA Journal

MARCH 19, 2025

Access TeleCare, Texas The Dallas, TX-based acute and specialty telemedicine provider Access TeleCare identified unauthorized access to an employees email account on January 8, 2024. On or around November 18, 2024, suspicious activity was identified in an employee email account.

HIPAA 74

HIPAA Documentation Insurance Medication 74

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. CO Business Associate 14,782,887 Hacking/IT Incident 4 2024 Kaiser Foundation Health Plan, Inc.

Business Associate 109

Business Associate HIPAA Unit Organization and Environment Hospital 109

The HIPAA Journal

APRIL 22, 2024

Email accounts have been compromised at the University of Wisconsin Hospitals and Clinics Authority and the Medical Home Network in Illinois. On April 12, 2024, MHN learned that the protected health information of current and former members of CountyCare, Wellness West, and NeueHealth were stored in the compromised accounts.

Medication 114

Medication HIPAA Hospital Billing 114

The HIPAA Journal

MARCH 20, 2025

Lake Washington Vascular was unable to determine exactly what information was viewed or extracted from its systems and said the information likely compromised included names, dates of birth, addresses, diagnostic test results, medical histories, diagnosis and treatment information, payer identification numbers, and government-issued identifiers.

Hospice 79

Hospice HIPAA Medical History Diagnostics 79

The HIPAA Journal

MAY 12, 2025

The HIPAA Journal first reported a potential data breach in August 2024, after the RansomHub ransomware group added NeuroSav to its dark web data leak site. The post Georgia & Missouri Healthcare Providers Notify Patients About 2024 Hacking Incidents appeared first on The HIPAA Journal.

HIPAA 70

HIPAA Follow-Up Billing Tests 70

The HIPAA Journal

MAY 13, 2025

The Michigan House of Representatives has passed a bill ( HB 4242 ) that seeks to protect the sensitive health data of state residents from foreign entities of concern by requiring electronic medical records to be stored in the United States or Canada. The bills will now be considered by the Senate.

Billing 86

Billing Medication HIPAA 86

The HIPAA Journal

APRIL 25, 2024

Several class action lawsuits have been filed against City of Hope National Medical Center, a National Cancer Institute (NCI)-designated cancer treatment and research center, over a recently disclosed data breach that exposed the protected health information of more than 827,000 individuals.

Medication 117

Medication HIPAA Medical History Best Practices 117

The HIPAA Journal

MARCH 24, 2025

OrthoMinds, an Alpharetta, Georgia-based provider of orthodontic practice management software, has recently announced a November 2024 security incident that potentially resulted in unauthorized access to patients protected health information. What is not clear at this stage is how many individuals have been affected.

HIPAA 51

HIPAA Insurance Medication 51

The HIPAA Journal

MAY 1, 2024

On May 1, 2024, the 2024 Verizon Data Breach Investigations Report ( DBIR ) was released, which this year involved an analysis of a record number of security incidents (30,458), and more than double the number of confirmed data breaches as last year (10,626). Top causes of non-erro, non-misuse data breaches.

Follow-Up 105

Follow-Up Transfers HIPAA Medication 105

The HIPAA Journal

JULY 4, 2024

Gaia Software has disclosed details of a February 2024 cyberattack, Pinnacle Orthopaedics & Sports Medicine Specialists are investigating an April 2024 cyberattack, and OB GYN Specialists of Lima have discovered the improper disposal of patient data. Those individuals will be notified when the investigation is completed.

HIPAA 118

HIPAA Documentation Billing Insurance 118

The HIPAA Journal

APRIL 29, 2025

It has now been confirmed that the compromised data included patients’ full names, addresses, dates of birth, Social Security numbers, and medical record numbers. The post Endue Software Confirms Data Breach Affecting Multiple Providers appeared first on The HIPAA Journal.

Hospital 75

Hospital HIPAA Insurance Medication 75

The HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. The review of the affected files was not completed until June 13, 2024. Call 4 Health Issues Notifications About March 2024 Cyberattack Call 4 Health, Inc.,

Triage 120

Triage HIPAA Documentation Billing 120

The HIPAA Journal

OCTOBER 28, 2024

Last week, the Department of Health and Human Services (HHS) and the National Institute for Standards and Technology (NIST) hosted the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference after a 5-year absence. It is one of the most common reasons for individuals filing complaints with OCR.

HIPAA 100

HIPAA Medication 100

The HIPAA Journal

JULY 3, 2024

Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.

HIPAA 124

HIPAA Hospital Insurance Medication 124

The HIPAA Journal

NOVEMBER 6, 2024

Email-related data breaches have been reported by Kaiser Permanente in California, Soliant Health in Georgia, and Potomac Medical Aesthetics in Maryland. The account compromises were detected on September 3, 2024, and the accounts were immediately secured and passwords were reset.

Medication 85

Medication HIPAA Documentation 85

The HIPAA Journal

APRIL 28, 2025

Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Suspicious activity was identified in an employee’s email account in October 2024.

HIPAA 72

HIPAA Billing Hospital Admissions 72

The HIPAA Journal

OCTOBER 31, 2024

Mystic Valley Elder Services, a Malden, Massachusetts-based non-profit agency providing home and community-based care to elders and adults living with disabilities, has started issuing individual notifications about a cyberattack and data breach that was identified on April 5, 2024.

Hospital 114

Hospital Business Associate HIPAA Insurance 114

Health Populi

OCTOBER 30, 2024

This insight came out of a report on How Consumers Purchase, Use and Trust Medical Devices based on market research sponsored by Propel Software. adults in October 2024 to gauge peoples’ views on digital health tools, buying trends, and trust. identifying the top 3 occupations in the U.S.

Medication 71

Medication HIPAA Hospital Patient Experience 71

The HIPAA Journal

JULY 5, 2024

The breach was detected on March 25, 2024, and immediate action was taken to prevent further unauthorized access. An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

MARCH 28, 2025

The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network. The post Healthcare Data Breaches Reported in Georgia, Washington & New Hampshire appeared first on The HIPAA Journal.

Appointments 53

Appointments HIPAA Insurance Medication 53

The HIPAA Journal

APRIL 30, 2024

On January 22, 2024, DRS identified suspicious activity within its network. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.

Business Associate 105

Business Associate HIPAA Follow-Up Hospital 105

Valant

JULY 29, 2024

Altered mental status, unspecified (R41.82) is a billable ICD-10 diagnostic code under HIPAA regulations from October 1, 2020, to September 30, 2021. While insurers prefer more descriptive ICD-10 codes, mental health practitioners should not list something specific if the patient’s medical record cannot support the diagnosis.

Diagnostics 97

Diagnostics HIPAA Insurance Medication 97

The HIPAA Journal

APRIL 26, 2024

Los Angeles County Department of Health Services’ employees were targeted in a recent phishing campaign, and almost 2,800 Catholic Medical Center patients have been affected by a data breach at one of its vendors. The email accounts were accessed by an unauthorized third party between February 19, 2024, and February 20, 2024.

Business Associate 117

Business Associate HIPAA Tests Medication 117

The HIPAA Journal

JULY 5, 2024

Providence Mission Heritage Endocrinology In May 2024, Providence Mission Heritage Endocrinology in Mission Viejo, CA, discovered an insider breach that involved unauthorized access to clinical records. The first instance occurred on December 15, 2020, and it continued until May 15, 2024.

HIPAA 117

HIPAA Patient Records Insurance Hospital 117

The HIPAA Journal

JULY 8, 2024

The Breach of Personal Information Notification Act was amended by Senate Bill 824 and was signed into law by state Governor Josh Shapiro on June 28, 2024. The amended law takes effect on September 26, 2024.

HIPAA 120

HIPAA Insurance Billing Medication 120

The HIPAA Journal

OCTOBER 29, 2024

According to its substitute breach notice, external cybersecurity professionals were engaged to investigate the incident and confirmed that a network intrusion occurred between January 4, 2024, and January 8, 2024, involving the exfiltration of a limited amount of patient data.

Insurance 106

Insurance HIPAA Business Associate Medication 106

The HIPAA Journal

APRIL 23, 2024

According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted. It took more than 10 months (April 10, 2024) to determine the types of information involved and the number of individuals affected.

HIPAA 109

HIPAA Insurance Medication 109

The HIPAA Journal

APRIL 29, 2024

A vendor was engaged to conduct a review of the affected files, and that process was completed on April 2, 2024. Notification letters were mailed to the affected individuals on April 25, 2024, and complimentary credit monitoring and identity theft protection services have been offered to the affected individuals.

HIPAA 114

HIPAA Insurance Medication 114

The HIPAA Journal

JULY 9, 2024

The Houston, TX-based medical device company, LivaNova, is facing multiple class action lawsuits over an October 2023 cyberattack that exposed the protected health information of 180,000 patients. Notifications were issued in May 2024, and complimentary credit monitoring services were offered to the affected individuals.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

JULY 4, 2024

The exposed information varied from individual to individual and may have included names, birth dates, medical record numbers, medical histories, and health insurance information. Notification letters were sent to the affected individuals on June 21, 2024, and they were advised about the data that was exposed. Central Time.

Medical History 117

Medical History HIPAA Insurance Medication 117