On May 25, 2018, Care Partners Hospice and Palliative Care submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Based in Beaverton, Oregon, Care Partners Hospice and Palliative Care's email breach affected 600 individuals’ protected health information. Care Partners Hospice and Palliative Care is classified as a Healthcare Provider.
According to Care Partners Hospice and Palliative Care’s statement:
On April 11, 2018, Care Partners discovered that one of its employee’s email accounts may have been compromised. Upon learning of this incident, Care Partners immediately reset the passwords for all employee email accounts and set up an additional layer of authentication for email access. Care Partners also launched an investigation and engaged an independent, third-party cybersecurity expert to provide assistance The investigation indicates that emails within the impacted email account may have been accessed without authorization, and some of those emails may have contained patient personal information. However, there is no evidence of the misuse of any information potentially involved in this incident.
Care Partners takes the security of all patient information very seriously and is taking steps to prevent a similar event from occurring in the future, including strengthening security measures and ensuring networks and systems are secure.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.