HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cancer Treatment Centers of America Announces 105,000-Record Data Breach

Cancer Treatment Centers of America is alerting 104,808 patients of its Midwestern Regional Medical Center that some of their protected health information was contained in an email account that was accessed by an unauthorized individual.

Suspicious activity was identified in a CTCA account holder’s account on January 18, 2021. The account was immediately secured to prevent further unauthorized access and a third-party forensics firm was engaged to assist with the investigation and determine the nature and scope of the breach.

The investigation revealed the email account was accessed on January 12, 2021 and access remained possible until January 18 when a password reset was performed. It was not possible to confirm which emails, if any, were accessed, nor was it possible to rule out data theft.

A review of the compromised account revealed it contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information. No financial information or Social Security numbers were compromised.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

CTCA has implemented additional security measures to prevent further breaches and additional security enhancements are being evaluated. Notifications were sent to affected individuals on March 18, 2021.

Vendor Breach Affects More than 9,000 Insulet Patients

The Acton, MA-based medical device company Insulet Corporation is alerting 9,050 patients about a data breach at an online customer training vendor – Cornerstone On-Demand.

Insulet was notified around January 19, 2020 that an unauthorized individual had gained access to Cornerstone’s systems on January 13, 2021 and potentially downloaded data that included the protected health information of Insulet patients.

Data stored on the compromised system included names, email addresses, Insulet customer training records, and online course information. When Cornerstone identified the breach, its systems were immediately secured to prevent further unauthorized access. Additional security measures have since been implemented to prevent further attacks. Insulet said it has begun transitioning to a new online training vendor and will order Cornerstone to delete all its data once the transition has been completed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.