HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Arizona Asthma and Allergy Institute Notifies 70,372 Patients About Data Breach

Arizona Asthma and Allergy Institute has issued breach notification letters to 70,372 patients who received services between October 1, 2015 and June 15, 2020.

According to the breach notice, a range of their personal and protected health information including names, patient ID numbers, provider names, health insurance information, and treatment cost information was exposed online under the name of a different organization for a brief period in September 2020.

After being alerted about the exposed data, a third-party forensics company was engaged to investigate the breach. The investigation concluded on March 8, 2021 and confirmed that protected health information had been exposed.

According to databreaches.net, which contacted Arizona Asthma and Allergy Institute to alert them about the breach, this was a ransomware attack by the Maze ransomware operation. Sensitive data obtained in the breach had been posted to the Maze Group’s data leak site for a short period in September under the name Medical Management Inc.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Stillwater Medical Center Investigation Security Breach

Stillwater Medical Center in Oklahoma has launched an investigation into a security breach affecting certain information systems. In a June 14, 2021, Facebook post, Stillwater Medical Center explained that a breach occurred on June 13, 2021 and systems were immediately shut down while the incident was investigated. A third-party computer forensics firm is assisting with the investigation and systems will be brought back online as soon as possible.

The investigation is still in the early stages but, so far, no evidence has been found to indicate any patient data has been compromised. Further information about the incident will be released as and when it becomes available.

Nebraska Department of Health and Human Services Alerts Individuals About Privacy Breach

The Nebraska Department of Health and Human Services has identified a software error that resulted in individuals’ phone numbers and partial Social Security numbers being sent to a third party in April 2021.

The HHS discovered the privacy incident on April 9, 2021 and has now issued notification letters to approximately 500 individuals. According to the HHS, the nature of data and the individual to whom it was sent – an individual in the State of Nebraska – makes the risk of identity theft or fraud low.

Temporary measures have been taken to fix the software error while the HHS works on a more permanent solution.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.