Protected Health Information Data Breaches Under HHS Investigation
Kehoe Law Firm, P.C. is making individuals aware of the following data breach cases of unsecured protected health information affecting 500 or more individuals currently under investigation by the U.S. Department of Health and Human Services, Office for Civil Rights:
| Name of Covered Entity | State | Covered Entity Type | Individuals Affected | Breach Submission Date | Type of Breach | Location of Breached Information |
| Today’s Vision Willowbrook (acquired by Capital Vision Services d/b/a MyEyeDr. (MED Southwest PLLC) | VA | Healthcare Provider | 7983 | 02/13/2020 | Improper Disposal | Paper/Films |
| Overlake Medical Center & Clinics | WA | Healthcare Provider | 109000 | 02/07/2020 | Hacking/IT Incident | |
| Shields Health Solutions | MA | Business Associate | 1277 | 02/07/2020 | Hacking/IT Incident | |
| Vision Care Specialists, P.C. a part of MyEyeDr. Optometry of Colorado, P.C. | VA | Healthcare Provider | 1475 | 02/07/2020 | Hacking/IT Incident | Network Server |
| Health Share of Oregon | OR | Health Plan | 654362 | 02/05/2020 | Theft | Laptop |
| Arizona Pain and Spine Institute | AZ | Healthcare Provider | 530 | 02/03/2020 | Theft | Laptop |
| Iredell-Statesville Schools Board of Eduction | NC | Health Plan | 959 | 02/03/2020 | Hacking/IT Incident | |
| Original Medicare | MD | Health Plan | 9965 | 01/31/2020 | Unauthorized Access/Disclosure | Other |
| MHMR Tarrant County | TX | Healthcare Provider | 6524 | 01/31/2020 | Hacking/IT Incident | |
| Hospital Sisters Health System | IL | Healthcare Provider | 16167 | 01/31/2020 | Hacking/IT Incident | |
| Lake County Behavioral Health Services | CA | Healthcare Provider | 1178 | 01/31/2020 | Theft | Paper/Films |
| Virginia Department of Medical Assistance Services | VA | Health Plan | 6120 | 01/31/2020 | Hacking/IT Incident | Electronic Medical Record, Network Server |
| Robert S. Smith MD Inc DBA Boston Scientific Pathology | GA | Healthcare Provider | 6940 | 01/31/2020 | Unauthorized Access/Disclosure | Paper/Films |
| Jefferson Center for Mental Health | CO | Healthcare Provider | 1319 | 01/30/2020 | Theft | Paper/Films |
| Personal Touch Home Services of Dallas, Inc. | TX | Healthcare Provider | 1700 | 01/28/2020 | Hacking/IT Incident | Other |
| Central Kansas Orthopedic Group, LLC | KS | Healthcare Provider | 17214 | 01/28/2020 | Hacking/IT Incident | Network Server |
| Iowa Department of Human Services | IA | Health Plan | 4501 | 01/27/2020 | Improper Disposal | Paper/Films |
| Beaumont Health | MI | Healthcare Provider | 1182 | 01/24/2020 | Unauthorized Access/Disclosure | Electronic Medical Record |
| Cedarbrook Senior Care and Rehabilitation / County of Lehigh | PA | Healthcare Provider | 688 | 01/24/2020 | Unauthorized Access/Disclosure | |
| Lafayette Regional Rehabilitation Hospital | IN | Healthcare Provider | 1360 | 01/24/2020 | Hacking/IT Incident | Desktop Computer, Email, Other |
| Cook County Health | IL | Healthcare Provider | 2713 | 01/24/2020 | Unauthorized Access/Disclosure | Network Server |
| Village Senior Services Corporation d/b/a VillageCareMAX | NY | Health Plan | 2645 | 01/24/2020 | Hacking/IT Incident | Email, Other |
| Village Center for Care d/b/a VillageCare Rehabilitative and Nursing Center | NY | Healthcare Provider | 674 | 01/24/2020 | Hacking/IT Incident | Email, Other |
| Manchester Ophthalmology, LLC | CT | Healthcare Provider | 6846 | 01/24/2020 | Hacking/IT Incident | Network Server |
| REVA, INC. | FL | Healthcare Provider | 1000 | 01/22/2020 | Hacking/IT Incident | |
| UnitedHealth Group Health Plan Single Affiliated Covered Entity | MN | Health Plan | 934 | 01/22/2020 | Unauthorized Access/Disclosure | Paper/Films |
| Solara Medical Supplies, LLC | CA | Healthcare Provider | 1531 | 01/17/2020 | Unauthorized Access/Disclosure | Paper/Films |
| Fondren Orthopedic Group L.L.P. | TX | Healthcare Provider | 30049 | 01/17/2020 | Hacking/IT Incident | Network Server |
| Roper St. Francis Healthcare | SC | Healthcare Provider | 1634 | 01/17/2020 | Improper Disposal | Paper/Films |
| Phoenix Children’s Hospital | AZ | Healthcare Provider | 1860 | 01/14/2020 | Hacking/IT Incident | |
| Children’s Hope Alliance | NC | Healthcare Provider | 4564 | 01/14/2020 | Hacking/IT Incident | |
| PIH Health | CA | Healthcare Provider | 199548 | 01/10/2020 | Hacking/IT Incident | |
| Spectrum Healthcare Partners | ME | Healthcare Provider | 11308 | 01/10/2020 | Hacking/IT Incident | |
| InterMed, PA | ME | Healthcare Provider | 33000 | 01/08/2020 | Hacking/IT Incident | |
| CAH Holdings, Inc. | AL | Business Associate | 1158 | 01/06/2020 | Hacking/IT Incident | |
| RCM Enterprise Services, Inc. | FL | Business Associate | 5965 | 01/06/2020 | Unauthorized Access/Disclosure | Paper/Films |
| Native American Rehabilitation Association of the Northwest, Inc. | OR | Healthcare Provider | 25187 | 01/03/2020 | Hacking/IT Incident | |
| Douglas County Hospital dba Alomere Health | MN | Healthcare Provider | 49351 | 01/03/2020 | Hacking/IT Incident | |
| Lawrenceville Internal Medicine Assoc, LLC | NJ | Healthcare Provider | 8031 | 01/02/2020 | Unauthorized Access/Disclosure |
Source: Ocrportal.hhs.gov (Accessed 02.19.2020)
NOTE: The U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal, lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights. The data reported herein does not include all cases currently under investigation by the Office for Civil Rights. Resolved data breach reports and/or reports older than 24 months can be viewed at Ocrportal.hhs.gov.
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Kehoe Law Firm, P.C.
