TRENDING:

List of 36 Major Healthcare Breaches Posted

HITECH notifications outlined Howard Anderson (ismg_editor) • February 23, 2010    
List of 36 Major Healthcare Breaches Posted
A list of 36 recent major breaches of healthcare information during a four-month period is now available on a federal Web site.

The breaches were reported from September 2009 through January. They included incidents involving physician group practices, hospitals, state agencies and insurers, among others.

Beginning Feb. 22, the Office for Civil Rights within the U.S. Department of Health and Human Services began posting on its Web site a list of organizations that have notified HHS about a breach of unsecured health information involving more than 500 individuals. Under the HITECH Act's breach notification rule, such incidents must be reported to HHS and the media within 60 days. Smaller breaches must be reported to HHS annually.

The details

The biggest case reported so far, involving more than 500,000 individuals, was thetheft of hard drives from BlueCross BlueShield of Tennessee.

In addition to that incident, some 27 of the other incidents involved thefts of such items as a laptop, computer, CDs or other items.

Other cases included the loss of backup tapes, the loss of a portable electronic device, mailing errors, misdirected e-mail and a hacking incident. In addition, the University of California, San Francisco was the victim of a phishing scam.

Although the rule went into effect last September, the Office for Civil Rights did not begin enforcement, with potential penalties, until Feb. 22.

Annual update

The Office will report to Congress annually the number and nature of breaches reported and actions taken in response to those breaches. That annual report, which will be posted on the Office's Web site, will include breaches of all sizes, officials said.

The deadline for healthcare organizations to provide an annual summary of breaches of all sizes to HHS is March 2.

To view the updates on breaches,click here.

Previous
HITECH Breach Notification Enforcement Begins
Next
America Seen Losing Cyber War

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.