Learning how HIPAA breaches have occurred at other health care organizations is a great way to stay proactive in protecting your business.


Information exposed on web for more than 5,000 insurance plan members

Aetna, a health insurance company, recently discovered that electronic protected health information (ePHI) for more than 5,000 of the company’s plan members has been accessible online through search engines.  The investigation started in April 2017 when Aetna started looking into a security issue affecting two computer services, SC Magazine reported.  By June 9, the investigation was completed, and Aetna has since started sending out notices to those who may be affected.

Ransomware attack on Family Tree Health Clinic affects 13,000 patients

In April 2017, Family Tree Health Clinic discovered a ransomware attack on their systems.  Family Tree was able to restore the data from backups and stated that no ransom was paid to the attackers.  Additionally, Family Tree stated that they have taken steps to ensure this type of attack does not happen again.  They have set up a call center to field questions and concerns, and they’re offering identity theft protection services for affected patients.

Indiana Medicaid recipients’ information accessible over the internet for three months

The Indy Channel reported at the beginning of July about Medicaid members being affected by a HIPAA breach.  An internal hyperlink containing patient information was potentially accessible over the internet between February and May of 2017.  The governing body, the Family and Social Services Administration, does not believe any information was stolen, but are sending out letters in an abundance of caution.  The fiscal agent involved, DXC Technology, is providing one year of credit-protection services to the affected individuals.  They are also fielding questions and concerns through one of their phone lines.  Additionally, DXC Technology stated that the issue has been mitigated and the hyperlink is no longer available.

Tampa Bay Surgery Center contacted by law enforcement, notified of data dump on the web

Tampa Bay Surgery Center is one of the latest victims of TheDarkOverlord.  Approximately 26,000 patients have been affected, and the Center is notifying them.  Law enforcement contacted the Center on May 5, notifying the Center of the data dump on a file sharing site.  Much like other organizations, Tampa Bay Surgery Center is offering identity theft protection services.


To learn how you can protect your organization from these types of HIPAA breaches, join HIPAAgps.