25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI Compromised in Incidents at CorrectHealth, UF Health Shands, Peter Brasseler, & Gifted Healthcare

Posted By on Sep 1, 2022

CorrectHealth Notifies 54,000 Patients About November 2021 Email System Breach

Alpharetta, GA-based CorrectHealth, which provides healthcare services for inmates at correctional facilities, is notifying patients about a breach of its email environment. The breach was detected on November 10, 2021, with the investigation confirming several employee email accounts had been accessed by an unauthorized individual. Legal counsel for CorrectHealth said the third-party forensic investigation of the data breach concluded on January 28, 2022, and confirmed patients’ protected health information was present in the breached email accounts.

A comprehensive review of the affected accounts was conducted between March 2022 and July 2022 to determine the specific information that was affected, which confirmed names, addresses, and Social Security numbers had been exposed. CorrectHealth said it is unaware of any misuse of patient information.

Notification letters were sent on August 25, 2022, and complimentary credit monitoring and identity theft protection services have been offered to affected individuals. In response to the breach, CorrectHealth has implemented additional safeguards, including deploying an advanced phishing service, putting disclaimers on all externally received emails, implementing multi-factor authentication for administrative staff, and a single sign-on solution for clinical staff. CorrectHealth is also conducting weekly data security and monthly simulated phishing training for all employees.

The breach was reported to the Maine attorney general as affecting 54,066 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Email Accounts breached at Gifted Healthcare

Metairie, LA-based Gifted Healthcare has reported a security breach involving the protected health information of its patients. While the incident appeared to be confined to a single email account, the investigation revealed three email accounts had been compromised between August 25, 2021, and December 10, 2021. Gifted Healthcare did not say when the breach was detected, but the review of the affected email accounts was completed on July 25, 2022. Notification letters were sent to affected individuals on August 25, 2022.

Data compromised in the incident included names, addresses, driver’s license numbers, Social Security numbers, financial information, health insurance information, and medical information. The breach was reported to the Maine attorney general as affecting 13,770 individuals.

Ransomware Attack Impacts Brasseler Patients

Savannah, GA-based Peter Brasseler Holdings, LLC, has recently confirmed it was the victim of a ransomware attack. The attack was detected on June 24, 2022, with the investigation confirming files containing individuals’ protected health information were stored on parts of the affected systems and may have been viewed or obtained in the incident. The breach also affected its subsidiaries, Brasseler U.S.A. Dental, LLC and Brasseler U.S.A. Medical, LLC.

The investigation into the breach is ongoing, but it has been confirmed that the following types of information were potentially compromised: names, government-issued identification numbers such as Social Security numbers, driver’s license numbers, and passport numbers; financial account information, such as debit card and credit card numbers; medical and insurance information; and other information, such as dates of birth.

The breach was reported to the Maine attorney general as affecting 3,353 individuals. Affected individuals have been offered a complimentary 24-month membership to Experian’s IdentityWorks credit monitoring and identity theft protection service.

UF Health Shands Employee Snooped on Records of Almost 1,000 Patients

UF Health Shands has recently confirmed that a former employee accessed the records of 941 patients without authorization between April 27, 2021, and July 21, 2022. When the unauthorized access was detected, the employee’s access to patient information was suspended pending a full investigation, which confirmed that the employee viewed patient information such as names, addresses, phone numbers, diagnoses and conditions, and some health insurance information.

UF Health Shands said the individual is no longer employed by UF Health Shands.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist