25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Cancer Treatment Centers of America Announces 105,000-Record Data Breach

Posted By on Mar 26, 2021

Cancer Treatment Centers of America is alerting 104,808 patients of its Midwestern Regional Medical Center that some of their protected health information was maintained in an email account accessed by an unauthorized individual.

Suspicious activity was identified in a CTCA account holder’s account on January 18, 2021. The account was immediately secured to prevent further unauthorized access and a third-party forensics firm was engaged to assist with the investigation and determine the nature and scope of the breach.

The investigation revealed the email account was accessed on January 12, 2021 and access remained possible until January 18 when a password reset was performed. It was not possible to confirm which emails, if any, were accessed, nor was it possible to rule out data theft.

A review of the compromised account revealed it contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information. No financial information or Social Security numbers were compromised.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

CTCA has implemented additional security measures to prevent further breaches and additional security enhancements are being evaluated. Notifications were sent to affected individuals on March 18, 2021.

Vendor Breach Affects More than 9,000 Insulet Patients

The Acton, MA-based medical device company Insulet Corporation is alerting 9,050 patients about a data breach at an online customer training vendor – Cornerstone On-Demand.

Insulet was notified around January 19, 2020 that an unauthorized individual had gained access to Cornerstone’s systems on January 13, 2021 and potentially downloaded data that included the protected health information of Insulet patients.

Data stored on the compromised system included names, email addresses, Insulet customer training records, and online course information. When Cornerstone identified the breach, its systems were immediately secured to prevent further unauthorized access. Additional security measures have since been implemented to prevent further attacks. Insulet said it has begun transitioning to a new online training vendor and will order Cornerstone to delete all its data once the transition has been completed.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist