Health Information Compliance Alert

Published on Tue Nov 15, 2016 PDF

In its August report about concerns and practices in regard to cybersecurity and how the HHS deals with these threats, the GAO highlighted recent large-scale attacks against healthcare organizations and public groups.

Take a look at these PHI losses that the report outlined:

January 2015: Anthem, Inc., part of the Blue Cross and Blue Shield Association, reported that hackers took personal information for about 79 million people, including “names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information such as income data.”

January 2015: Premera Blue Cross, working primarily in Alaska and Washington, discovered that cyber attackers had gained unauthorized access to its IT systems. The initial attack occurred in May 2014 and captured 11 million records of patients, including “names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, medical claims information, and bank account information.”

May 2015: The University of California at Los Angeles (UCLA) reported that cyber thieves stole loads of data, including “personally identifiable information (PII) such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers, and some medical information.”

July 2014: Community Health Services reported that hackers had stolen records, including Social Security numbers, patient names, birth dates, addresses and telephone numbers, belonging to 4.5 million people.