HIPAA Business Associates

This Year’s Largest Healthcare Data Breaches

December 26, 2023 - Healthcare cybersecurity has garnered unprecedented attention from lawmakers and industry coalitions this year, signifying a step forward for the sector. However, reported data breach figures tell a different story, as cyberattacks continue to devastate the sector. In 2023, more than 540 organizations and 112 million individuals were implicated in healthcare data breaches reported to...


More Articles

HSCC Focuses On Medical Device Security in New Contract Language Template

by Jill McKeon

The Healthcare & Public Health Sector Coordinating Councils (HSCC) published model contract language to help healthcare organizations ensure medical device security when crafting contracts with...

What Is a HIPAA Business Associate Agreement (BAA)?

by Editorial Staff

HIPAA-covered entities are required to enter into business associate agreements (BAAs) with any third party that handles protected health information (PHI). As the cyber threat landscape evolves and data privacy and security concerns...

Cyberattacks Against Health Plans, Business Associates Increase

by Jill McKeon

Cyberattacks targeted at health plans and third-party business associates increased last year, while attacks against healthcare providers dipped slightly, a report by Critical...

Business Associate Data Breach Impacts 32 Healthcare Organizations

by Jill McKeon

More than 30 healthcare organizations were impacted by a business associate data breach targeted at Ciox Health, a clinical data technology company. An unauthorized third party accessed one Ciox...

Humana, Cotiviti Sued After Insider-Related Healthcare Data Breach

by Jessica Davis

A proposed class action lawsuit has been filed against insurance giant Humana and its vendor Cotiviti following a healthcare data breach impacting 65,000 patients, which was caused by an...

4 Healthcare Providers, Vendors Report Data Breaches From 2020

by Jessica Davis

In recent weeks, a number of HIPAA-required notifications from covered entities and business associates have reported patient data breaches that occurred in 2020: Beacon Health...

Patient Data from Multiple Providers Leaked in Third-Party GitHub Incident

by Jessica Davis

The patient data from multiple providers appears to have been captured and subsequently leaked on the data repository GitHub Arctic Code Vault by third-party vendor MedData, according to a new...

219K Nebraska Medicine Patients Affected by Fall Ransomware Attack

by Jessica Davis

A ransomware attack that struck Nebraska Medicine in the Fall potentially led to the data theft and compromise of information from 219,000 patients. The September security incident spurred...

Patient Sues Rady Children’s Hospital Over Blackbaud Data Breach

by Jessica Davis

A guardian of a patient whose information was included in last year's Blackbaud data breach has sued Rady Children’s Hospital over the incident. Blackbaud is a third-party vendor of the...

484K Aetna ACE Plan Members Impacted by EyeMed Email Hack

by Jessica Davis

The number of victims impacted by the email hack on EyeMed reported earlier this month has drastically increased, as the Department of Health and Human Services breach reporting tool shows 484,157...

UPDATE: The 10 Biggest Healthcare Data Breaches of 2020

by Jessica Davis

Cybersecurity proved to be a massive challenge for many in the healthcare sector in 2020 as providers worked to combat the COVID-19 crisis, while simultaneously being pummeled with targeted...

Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase

by Jessica Davis

The ransomware hackers behind the massive Blackbaud ransomware attack and subsequent data breach likely had access to more unencrypted data than previously disclosed, including bank account...

Crafting Successful Business Associate Agreements, Breach Response

by Jessica Davis

The healthcare sector relies heavily upon its relationships with third-party vendors and business associates, which are critical to ensuring uninterrupted patient care. However, given the vast number...

OCR Lifts HIPAA Penalties for COVID-19 Community-Based Testing Sites

by Jessica Davis

The Office for Civil Rights announced yet another enforcement discretion during the Coronavirus pandemic, lifting potential HIPAA penalties related to noncompliance for covered entities and business...

Senators Press Ascension on Data Sharing Agreement with Google

by Jessica Davis

Sens. Bill Cassidy, MD, R-Louisiana, Elizabeth Warren, D-Massachusetts, and Richard Blumenthal, D-Connecticut, are pressing Ascension on its data sharing agreement it holds with Google, given the tech...

Judge Rules Against HHS Over HIPAA Right of Access Third-Party Fees

by Jessica Davis

Washington, DC US District Court Judge Amit Mehta issued a blow to the Department of Health and Human Services for its 2013 HIPAA Right of Access rule around third-party requests for patient records,...

Key Elements for Secure Business Associate Agreements, Relationships

by Jessica Davis

The healthcare sector relies on a vast number of third-party vendors, supply chain businesses, and other business associates to ensure relatively seamless care transactions. But with each transaction...