25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Ohio Patients Suffer First Hacking-Related Data Breach

Members of the Huntington Bancshares’ wellness program in Ohio have been notified of a data breach in which their healthcare information was potentially compromised. Close to 4,500 state residents have been affected. This is the first large scale data breach to affect Ohio residents.

The data breach did not occur at Huntington Bancshares, but was part of a data breach affecting a Business Associate (BA) of StayWell Health Management LLC, Onsite Health Diagnostics. The data breach exposed 60,652 records in total, with hacker’s first gaining access to the database on January 4 of this year. The data breach was discovered on March 25, although a breach notice was delayed and has only just been released.

Hackers were able to gain access to a scheduling database of Onsite Health Diagnostics. The information was being used for health screening purposes.

The data exposed was limited to Personally Identifiable Information (PII). No health, insurance or financial data was exposed, and neither were Social Security numbers. Patient names, addresses, dates of birth, gender, email addresses and phone numbers were compromised in the incident. Members of the wellness program were notified by mail on July 28, 2014 and were offered a year of credit monitoring services without charge.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Following the data breach, Huntington Bancshares has announced that StayWell is no longer a vendor for the bank.

The network server incident at StayWell Health resulted in four separate breach notices being submitted to the Department of Health and Human Services’ Office for Civil Rights in February of this year. The breach involved Virginia’s Dominion Resources program and Motorola Mobility in Illinois, with 1,700 and 940 affected respectively. Approximately 18,600 members of health plans in Missouri, California and Minnesota were affected, as were members of Nissan North America and Qbe Holdings.

This is one of a number of successful hacking incidents that have been reported in recent months. Earlier this year NRAD Medical Associates suffered at the hands of a hacker with 97,000 records exposed, while over a million records were compromised in an attack on the Montana Department of Public Health and Human Services last month.

With hackers now appearing to be targeting healthcare providers and health plans, covered entities may need to improve defenses to ensure PHI is not exposed. They should also conduct an assessment of their Business Associates to make sure they too are complying with HIPAA regulations.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist