HIPAA Breaches: What's Happening Today

HIPAA Breaches: What’s Happening Today

As we make our way through our new “Critical Infrastructure Security and Resilience Month,” let’s look at a few of the recent healthcare data breaches that have been in the news:

1.  A Mess They Didn’t Make

   1. In Oklahoma, Massangle Eye Care recently became the latest eye care practice to be affected by a data breach that targeted their ophthalmology-specific EMR solution, Eye Care Leaders. In December of last year, Eye Care Leaders reported that their system had been accessed by an unauthorized entity, and last week Massangle Eye Care notified 15,000 patients that their data had potentially been compromised. Over 2 million people have been impacted by this breach of their providers’ Business Associate’s system.

2.  Another Meta Pixel Problem

   1. Several providers have been asked to remove tracking pixels from their website that may be transmitting protected data to Meta or other tech giants. Last month, WakeMed Health and Hospitals notified over 490,000 patients that their private information may have been sent to Meta, as their tracking pixel had been installed on password-protected patient portals. WakeMed now faces a proposed class action lawsuit in response to the breach. “The plaintiff alleged that WakeMed failed to implement reasonable safeguards to prevent improper disclosures, failed to adequately train employees, and failed to comply with industry-standard data security practices.”

3.  Increased Cyber Threats

   1. OakBend Medical Center suffered a ransomware attack in September, and has since been working to recover from the impacts of the breach. Last week, OakBend “provided additional details about the breach and noted that certain servers and computers were encrypted as a result of the attack.” They also reported that data had been stolen from their systems, while the extent of the information removed remains unclear. Today, OakBend is working with the FBI to investigate the hackers and to improve their cybersecurity posture. They’ve recommended that affected patients be wary of suspicious emails being sent using their contact information, and keep an eye on their account statements and credit reports.

4.  A Third-Party Breach

   1. The Louisiana Department of Public Safety and Corrections reported a recent breach affecting over 85,000 inmates. This is another case where a data breach occurred at a third-party business associate, in this case the health administrator processing the Department’s medical claims, CorrectCare. Protected health information was compromised when two file directories belonging to CorrectCare were “inadvertently exposed to the public internet.” CorrectCare took immediate steps to secure the server after the breach, and shortly after hired a third-party cybersecurity company to investigate the cause and impact of the incident.

Breaches like these four are becoming more common and more impactful. That’s why it’s important for healthcare providers to be diligent in securing yourselves from these threats. If you have any questions relating to cybersecurity best practices or HIPAA compliance requirements, feel free to reach out to your team at Medcurity.