HIPAA Violation News

Inova Health System, a non-profit health organisation based in Falls Church, Virginia, has announced that it has experienced a data breach. The protected health information (PHI) of over 12,000 of its patients may have been […]

A North Carolina medical center has announced that a phishing attack on its systems has resulted in the protected health information (PHI) of up to 20,000 being compromised.  Catawba Valley Medical Center (CVMC), based in […]

The Centers for Medicaid & Medicare Services (CMS) has announced that it was recently the victim of a cyberattack that has resulted in approximately 75,000 consumer records being accessed by unauthorised individuals.  On October 13 […]

Claxton-Hepburn Medical Center, which is a not-for-profit community hospital based in Ogdensburg, New York, terminated several employees because they accessed patient medical records even though they do not have authorization to do so. The hospital […]

In April 2018, a 65-year old former gynecologist named Rita Luthra from Massachusetts, Longmeadow, was charged with criminal violation of the HIPAA Privacy Rule and federal investigation obstruction. In September 19, 2018, the judge announced […]

The Massachusetts attorney general fined UMass Memorial Health Care the amount of $230,000 for its HIPAA violations with respect to two data breaches which compromised the protected health information (PHI) of over 15,000 state locals. […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) fined three hospitals the amount of $999,000 for allowing an ABC film crew to shoot a video footage of patients for its Boston […]

The HHS’ Centers for Medicare and Medicaid Services (CMS) investigated Fairview Southdale Hospital, which is located in Edina, MN, because of a supposed patient privacy violation. It was found out that during the psychiatric evaluations […]

The Fetal Diagnostic Institute of the Pacific (FDIP) based in Honolulu, Hawaii was attacked by ransomware on June 30, 2018. This resulted to the installation of a file-encrypting software on a server, which encrypted different […]

The New Mexico Department of Health is checking why the personal health documents of a number of of its patients fell off a truck while being transported from the facility to the safe storage location. […]

The New York Attorney General fined the Arc of Erie County with $200,000 for Violating HIPAA Rules as a result of failing to safeguard its customers’ electronic protected health information (ePHI). The Arc of Erie […]

Dennis and Wayne Russell’s adopted two-year old boy named Keon passed away as a result of accidentally drowning. Soon after the boy was brought to McAlester Regional Health Center, they got a telephone call from […]

OhioHealth’s Grant Medical Center dispatched fax messages containing the protected health information (PHI) of a patient to the wrong person in the last few months. This is a violation of the HIPAA rules and privacy […]

Lincare Inc, a respiratory therapy vendor, consented to pay $875,000 to settle a class-action lawsuit that its employees filed for a breach of their W-2 details. The data breach happened on February 3, 2017 when […]

UnityPoint Health identified a data breach on February 15, 2018 which led to the compromise of 16,429 patients’ protected health information. It seems that the data breach happened as a result of the failure of […]

The Department of Justice (DOJ) does not pursue many criminal penalties for HIPAA violations. But in cases of serious patient privacy violation, such as when the protected health information (PHI) is impermissibly disclosed with malicious […]

A former employee of Texas Health and Human Services Commission (HHSC) got hold of the protected health information of about 100 patients after being terminated from work. She had collected personal items from her old […]

A 31-year old former receptionist named Annie Vuong worked at a New York dental practice where she stole the protected health information of over 650 patients. She was sentenced to spend 2 to 6 years […]

The New Jersey Attorney General’s Office financially penalized Virtua Medical Group for its failure in protecting the privacy of over 1,650 patients. The protected health information of the patients was exposed because of a misconfigured […]

The protected health information of some patients and payment guarantors were compromised because the unencrypted laptop computer that Clinical Pathology Laboratories Southeast Inc (CPLSE) issued to an employee was stolen. CPLSE took immediate action so […]

QuadMed, a medical, fitness, physical therapy, laboratory and pharmacy services provider based in Wisconsin, sent notification letters by mail to 9,854 patients informing them that their PHI was potentially viewed without authorization during a privacy […]

BJC Healthcare, a non-profit healthcare system, runs two nationally recognized hospitals in St. Louis, Missouri namely St. Louis Children’s Hospital and Barnes-Jewish Hospital plus 13 other hospitals. It has over 31,000 employees, admits more than […]

The legal firm Salem and Green, a business associate of Sutter Health, had a phishing attack resulting in exposure of the protected health information of certain patients. A staff of Salem and Green received a […]

A privacy breach occurred in the Puerto Rico Health Plan Triple-S Advantage, which affected 36,000 plan members. The cause of the breach was a mailing error that disclosed the plan members’ sensitive information to incorrect […]

Press America, Inc is a mail service used by CVS Pharmacy. Because of an accidental disclosure of 41 individual’s protected health information, CVS Pharmacy sued Press America, Inc. CVS Pharmacy works as a business associate […]

AllScripts was attacked by ransomware last week resulting in the unavailability of their services. Thousands of healthcare providers cannot access patient data or the e-prescription service. AllScripts now faces a class action lawsuit filed by […]

The Kansas Attorney General fined Pearlie Mae’s Compassion and Care LLC in Topeka, Kansas together with its owners for its failure to protect patient and employee records. The civil monetary penalty amounted to $8,750. According […]

A ransomware attack on Allscripts happened on January 18, 2018, which is the reason why a number of the firm’s applications, such as the cloud EHR and the electronic prescriptions platform, went offline. The attack […]

Aetna agreed to pay $17,161,200 to settle a class action lawsuit filed by complainants of a mailing error that disclosed sensitive information. The envelopes used had clear plastic windows through which the details of HIV […]

The Department of Health and Human Services’ Office of Inspector General (OIG) found data security inadequacies upon auditing the North Carolina State Medicaid agency. According to the report, the State agency did not implement enough […]

A scrub nurse was fired for violating the HIPAA Rules. Allegedly, a scrub nurse photographed the genitals of an employee–patient undergoing incision hernia surgery at Washington Hospital. She used her mobile phone to take photos […]

21st Century Oncology agreed to pay the Department of Health and Human Services’ Office for Civil Rights (OCR) a settlement fee to resolve its HIPAA violations which was discovered when a 2015 PHI breach involving […]

The Oklahoma Department of Human Services had a data breach in April 2016. After discovering the breach, Oklahoma DHS notified the people impacted by the breach and the DHS’ Office of Inspector General, but not […]

A clinic worker gets 5-year jail term for stealing the protected health information of Kirkbride Center’s mentally ill patients and selling them to identity thieves. Jean Baptiste Alvarez, age 43, a resident of Aldan, Philadelphia […]

A PHI breach occurred at the Henry Ford Health System based in Detroit which impacted about 18,500 patients. The organization became aware of the breach on October 3, 2017. According to the report, the email […]

Lincare Holdings Inc., one company supplying home respiratory therapy products, had a breach of employee personal data in February 2017. According to the report, an HR department employee emailed the W2 forms of thousands of […]

Mount Sinai St. Luke’s Hospital settled a case with the Department of Health and Human Services’ Office for Civil Rights earlier this year. The 2014 case involved alleged HIPAA violations over an impermissible disclosure of […]

Brevard Physician Associates had a recent incident of burglary which resulted in the potential exposure of limited protected health information of about 8,000 patients. On the morning of September 4, 2017, thieves broke into the […]

A tenant named Barbara Jarvis-Neavins filed a report against Illinois-based psychiatrist Dr. Riaz Baber for mishandling the medical records of more than 10,000 patients.  Apparently, the psychiatrist rented out his property to Jarvis-Neavins who eventually […]

Recently, there was an incident that a HIPAA-covered entity used an unsecured Amazon S3 bucket to store patients’ medical data. It was the researchers from Kromtech Security who discovered the cloud storage security problem. There were […]