HHS publicly posts list of data breach notifications

Michael Bassett | | Health Exec | Cybersecurity
 

A list of the covered entities that have reported health information data breaches impacting more than 500 people now has been posted by the Office of Civil Rights of the Department of Health and Human Services on its Web site.

HHS is required by section 13402(e)(4) of the HITECT Act to post the list, which includes the covered entity’s name, the nature of the breach and the number of individuals affected.

The list includes 36 breaches dating from Sept. 22, 2009--when entities were first required to start reporting the breaches--to as recently as Jan. 18, 2010.

The biggest breaches involved:

  • Blue Cross Blue Shield of Tennessee in a case that affected 500,000 persons;
  • AvMed in a situation in Florida impacting 359,000 persons due to a stolen laptop; and
  • Universal American in a breach that affected 83,000 persons because of an incorrect mailing of postcards.

Most of the cases involved the loss or theft of stolen devices such as laptops and in the vast majority of cases the number of persons affected was less than 10,000. Eleven of the breaches impacted fewer than 1,000 persons.

To see the entire list click here.
 

Michael Bassett,

Contributor

Related Content

Academic health system agrees to $8M settlement following data breach
Number of Americans impacted by Change Healthcare breach nears 200M
Report: 84% of healthcare organizations identified a data breach last year
Dental chain involved in ransomware coverup fined $350K
FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients

Around the web

Radiology Business
ACR shares guidance to help members deal with confusing White House executive orders

A string of executive orders from the White House created serious concerns among radiologists and other healthcare providers throughout the United States. The American College of Radiology issued a statement to help guide its members through the chaos. 

Cardiovascular Business
Philips to sell its emergency care business to private equity firm

Bridgefield Capital, founded in 2015, has previously invested in such popular brands as Cirque Du Soleil, Del Monte and Quiksilver. This transaction is expected to be completed in the second half of 2025. 

AI in Healthcare
Nat’l Academy of Medicine sets ‘priorities for action’ as healthcare mulls next moves with AI

Given the precarious excitement of the moment—or is it exciting precarity?—policymakers and healthcare leaders must set directives guiding not only what to do with AI but also when to do it.