HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on Podiatric Offices of Bobby Yee Impacts 24,000 Patients

A ransomware attack on the Podiatric Offices of Bobby Yee has resulted in the encryption of files containing the protected health information (PHI) of up to 24,000 patients and other individuals.

The attack took place on October 29, 2018. Medical records were encrypted by the ransomware along with files containing information such as full name, address, contact telephone number(s), gender, birth date, Social Security number, and health insurance information.

Prompt action was taken to protect patient data and an investigation into the breach did not uncover any evidence to suggest the attacker viewed or copied any patients’ PHI.

The Podiatric Offices of Bobby Yee explained in a December 20, 2018, press release “We may need to reconfirm or reconstruct the information, including your medical information.” It is unclear whether the ransom was paid to obtain the key to decrypt patient data or whether files were recovered from backups.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Humana Insurance Applicants Affected by Bankers Life Data Breach

Humana has announced that certain insurance applicants have had some of their personal information exposed as a result of a hacking incident at the Chicago-based health insurer Bankers Life.

Bankers Life is a division of CNO Financial Group and a business associate of Humana. Bankers Life discovered on August 7, 2018, that hackers had gained access to its systems between May 30 and September 12, 2018. Access to its systems was gained using stolen employee credentials.

The breach was one of the largest healthcare data breaches of 2018 and affected around 566,2017 individuals, according to a breach report issued by CNO Financial Group in November 2018.

Humana notified the California Attorney General of the breach on January 3, 2019. According to the report, Humana was notified about the breach on October 25, 2018.

The breach affects individuals who had previously applied for a health insurance policy through Humana. Information included on those applications includes names, addresses, dates of birth, Humana health insurance application numbers and policy numbers, cost of coverage, and the last four digits of Social Security numbers.

Bankers Life has offered affected individuals free credit monitoring and identity repair services for 12 months. It is currently unclear exactly how many Humana insurance applicants have been affected.

Humana has also recently informed the Department of Health and Human Services’ Office for Civil Rights about another data breach affecting its members – The theft of paper/film records containing the PHI of 684 individuals. The breach report was submitted to OCR on December 31, 2018. No further information on the breach is available at the time of writing.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.