HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Birmingham, AL-based Henderson & Walton Women’s Center (HWWC) has recently notified 34,306 patients that some of their protected health information may have been compromised as a result of a hacker gaining access to the email account of one of its employees. HWWC said the forensic investigation of the data breach confirmed the attacker did not gain access to the email server and the breach was confined to the email account of one employee.

HWWC did not disclose when the email account was compromised but said there was a delay in issuing notification letters due to the lengthy process of reviewing all emails in the account to determine the types of information and specific individuals that had been affected. That process concluded on June 24, 2022.

HWWC said it had implemented encryption for all external emails, but the forensic investigation determined that stored emails may have been accessed. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. The information exposed varied from patient to patient.

Notification letters were sent to all affected individuals in August. As a precaution against identity theft and fraud, complimentary memberships have been offered to a credit monitoring service for 12 months. Steps have also been taken to improve the security of its email system, including implementing a new procedure for automatically deleting emails containing PHI after 3 days, and a system is being implemented that will prevent the sharing of any personal information via email.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Genesis Health Care Reports Cyberattack and Data Breach

The Columbia, SC-based nonprofit Federally Qualified Health Center, Genesis Health Care Inc., has recently notified the Montana Attorney General about a cyberattack that was detected on April 11, 2022.

Suspicious activity was detected in certain IT systems, prompting a comprehensive investigation. Third-party digital forensics specialists were engaged to determine the nature and scope of the incident and help restore the functionality of its systems. The investigation confirmed on June 9, 2022, that files may have been accessed or exfiltrated from its systems between January 19, 2022, and April 11, 2022. A programmatic and manual review of the affected files confirmed on July 13, 2022, that they contained patient information.

According to the substitute breach notice on the company website, the following types of information were compromised in the breach: Names, Social Security number, driver’s license number, financial account information, payment card information, employer identification number, passport number, health insurance information, username and password, PIN, or account login, date of birth, and medical information including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, and treatment information.

Genesis Health Care said it is reviewing its policies and procedures and will evaluate additional measures and safeguards to prevent similar breaches in the future.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 21,226 patients.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.