Healthcare Information Security

Healthcare Data Breach

Banner Health Data Breach Part of OCR Investigation

March 21, 2018 - The 2016 Banner Health data breach is reportedly being investigated by OCR, although it is currently not possible to estimate the range of potential fines from the agency, according to consolidated financial statements. An Ernst & Young year-end financial report on Banner Health and Subsidiaries discussed audits that were conducted on Banner Health statements from the years ending December...

More Articles

Potential PHI Exposure at BJC HealthCare Impacts 33K

by Elizabeth Snell

An internal security scan revealed that there was a data server configuration error, allowing potential PHI exposure at BJC HealthCare. The Missouri-based organization revealed in an online statement that 33,420 patients may have had their information...

What the CareFirst Data Breach Decision Means for Healthcare

by Elizabeth Snell

In February 2018, the US Supreme Court denied certiorari in the CareFirst data breach case. CareFirst had requested the Court review the class action lawsuit against it that came from two separate incidents. The first occurred in June 2014, followed...

134K Possibly Affected in St. Peter’s Server Data Breach

by Elizabeth Snell

An unauthorized third party gained access to St. Peter’s Surgery & Endoscopy Center (the Center) servers on January 8, 2018, according to an online statement. The potential data breach was discovered on the same day of the infiltration,...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan discovered...

CarePlus Health Reports PHI Data Breach Impacting 11K

by Elizabeth Snell

A series of programming and printing errors resulted in Explanation of Benefits (EOB) letters being sent to the incorrect CarePlus Health Plan members, an organization spokesperson confirmed to Approximately 11,200 individuals...

36K Notified of Potential Healthcare Data Breach from Mailing Error

by Elizabeth Snell

A mailing error has led to a potential healthcare data breach for Triple-S Advantage (Triple-S) members, according to an online company statement. The Puerto Rico-based organization is an independent licensee of the BlueCross BlueShield Association....

Business Associate Dismissal Denied in HIPAA Data Breach Case

by Elizabeth Snell

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business associate, Press...

Retirement Community Reports Potential PHI Data Breach for 5.2K

by Elizabeth Snell

Maryland-based Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (Ingleside) experienced a possible PHI data breach when it was targeted by a malware attack, according to an online statement. Ingleside discovered the malware...

New York Reaches $1.15M Settlement over Aetna Data Breach

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about ordering...

Patient Data Likely Unaffected in Adams Health Ransomware Attack

by Elizabeth Snell

Indiana-based Adams Health Network experienced a ransomware attack on January 11, the organization confirmed in an online statement. CEO Jo Ellen Eidam said that a virus was put on the computer systems but patient care was not interrupted and...

What Precedent Will Be Set in CareFirst Data Breach Case?

by Elizabeth Snell

The flood gates could potentially be opened for “no-injury class actions arising from virtually every data breach” if the US Supreme Court does not reaffirm the Washington DC circuit court’s decision with the CareFirst data...

$17M Settlement Agreement Reached in Aetna Data Breach Case

by Elizabeth Snell

Aetna has reached a $17 million settlement following a reported data breach from 2017 where 12,000 individuals were impacted. The healthcare company Aetna sent letters in the mail where information about ordering prescription HIV drugs was clearly...

Onco360 Email Data Security Incident Impacts 53K Patients

by Elizabeth Snell

Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email...

29K Impacted by SSM Health Data Breach from Unauthorized Access

by Elizabeth Snell

St. Louis, Missouri-based SSM Health recently reported that it experienced a potential data breach after an employee accessed patient records without authorization. The access occurred between February 13, 2017 and October 20, 2017 when the employee...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and can...

PA Security Breach from Missing External Hard Drive Affects 4.1K

by Elizabeth Snell

Pennsylvania-based Washington Health System (WHS) Greene recently announced that a missing external hard drive has created security breach concerns at the organization. The device was for the Bone Densitometry machine and contained certain patient...

Healthcare Ransomware Attacks Contribute to 2017 Top Data Breaches

by Elizabeth Snell

With the majority of healthcare providers reporting that they were impacted by a healthcare ransomware attack in the past 12 months, it is not surprising that nine out of the 10 largest breaches reported to OCR in 2017 were caused by hacking...

Neurology Foundation Unauthorized PHI Access Could Affect 12K

by Elizabeth Snell

Rhode Island-based The Neurology Foundation, Inc. (Foundation) recently announced that an employee had been making unauthorized PHI access. The employee had been using a company credit card to make unauthorized purchases, but it was discovered...

Top 3 Health Data Breaches Impact Nearly 1.5M Individuals

by Elizabeth Snell

Hacking and IT security issues, including phishing scams and ransomware attacks, are still the leading causes for the largest health data breaches in 2017, according to data from OCR. The three largest incidents thus far – two of which...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks