HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Horizon House and Samaritan Center of Puget Sound

Horizon House, Inc., a Philadelphia, PA-based provider of mental health and residential treatment services has announced its IT systems have been hacked and ransomware was deployed, with the attackers gaining access to systems containing the protected health information of 27,823 individuals.

Suspicious activity was detected in its computer systems on March 5, 2021. An investigation was launched to determine the nature and scope of the breach, which revealed an unauthorized individual had access to its systems between March 2 and March 5, 2021.

A review of files stored on the compromised systems was completed around September 3, 2021. The files contained protected health information such as names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, medical information, health insurance information, and medical claims information.

All individuals affected by the incident have been notified and advised to monitor their accounts and explanation of benefit statements for signs of fraudulent activity. Existing policies and procedures and security measures are being reviewed and will be enhanced to prevent further data breaches.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Samaritan Center of Puget Sound Reports Break-in and Theft of Devices Containing PHI

A computer, server, and other electronic equipment have been stolen from the offices of Samaritan Center of Puget Sound in Seattle, WA. The break-in occurred over the weekend of July 17/18, 2021 and was discovered on the morning of July 19.

Samaritan Center said the offices were locked and the computer and server were password-protected; however, passwords can be brute-forced so it is possible that the thieves may be able to access protected health information stored on the devices.

The server contained agency data including client names, dates of service, diagnoses, copies of charting content, addresses, phone numbers, copies of deposited checks, training videos, insurance information, Social Security numbers, and copies of billing statements. Samaritan Center said therapists’ email accounts, QuickBooks data, the Valant EHR platform, and archived data from its Medisoft client database are not believed to be at risk.

Samaritan Center said there have been multiple break-ins at the Ravenna Blvd facility over the past 12 months, and steps have been taken throughout the year to improve security including additional security alarm coverage, video cameras, and new locks. Further physical and electronic safeguards are being implemented, including attaching the server to the facility in a way that makes physical access to the server in the event of a break-in unlikely.  Samaritan Center is also exploring further encryption of network data.

The breach has been reported to the HHS’ Office for Civil Rights as affecting of 20,866 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.