August 15, 2020

Volume X, Number 228

August 14, 2020

Subscribe to Latest Legal News and Analysis

August 13, 2020

Subscribe to Latest Legal News and Analysis

August 12, 2020

Subscribe to Latest Legal News and Analysis

Over 30 Data Breach Incidents in Health Care Reported to HHS Thus Far in 2020, Affecting Over 1 Million Individuals

Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), over 30 reports of data breaches have been filed by health care entities in the first month and a half of 2020. Although a few reported breaches involved theft or improper disposal of information, the majority of the reported breaches involved hacking/IT incidents and unauthorized access or disclosure.

HHS is required to post a list of breaches of unsecured protected health information affecting 500 or more individuals. Cumulatively, the breaches reported through February 13, 2020 potentially affect over 1 million patients. The largest breach involving a hacking/IT incident was reported by PIH Health, a health care provider, with nearly 200,000 individuals affected. Other significant hacking/IT incident breaches reported included one by a hospital in Minnesota affecting over 49,000 individuals, one by a health care provider in Maine affecting 33,000 individuals, one by an orthopedic group in Texas affecting just over 30,000 patients, and another by a rehabilitation provider in Oregon affecting over 25,000 individuals. In most of these larger breaches, hackers targeted emails although one breach involved a network server.

While theft was reported as the cause of breaches in only a handful of cases, it was the cause of the largest health care data breach reported thus far this year. Health Share of Oregon, a health plan, reported that over 650,000 individuals were affected by a breach attributed to the theft of a laptop. This underscores the importance of keeping such devices secure and the data encrypted.

All of these breaches are currently being investigated by the Office for Civil Rights at HHS. Information on reported breaches is regularly updated and available for review on the HHS Breach Portal.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 50


About this Author

Jean Tomasco, Robinson Cole Law Firm, Hartford, Labor and Employment, Litigation Law Attorney

Jean Tomasco's practice involves employer counseling and employment litigation, with an emphasis on the Employee Retirement Income Security Act (ERISA) and benefits litigation. She is a member of the firm’s Health + Benefits Litigation Team and its Labor, Employment, Benefits + Immigration Group.

Employee Benefits and Compensation Litigation

Jean has more than two decades of experience handling benefit claims litigation. She represents insurers, managed care organizations, and employers in benefit...