On July 20, 2018, Institute on Aging submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Based in San Francisco, CA, Institute on Aging's email breach affected 3,907 individuals’ protected health information. Institute on Aging is classified as a Healthcare Provider. According to this report about Institute on Aging:
The San Francisco, CA-based Institute on Aging has discovered an unauthorized individual has gained access to the email accounts of some of its employees. The breach was discovered on May 28, 2018, although it is currently unclear for how long the email accounts were compromised. The Institute on Aging employed expert data security response professionals to secure its systems and manage the breach response. Messages in the compromised email accounts were checked and found to contain the protected health information of 3,907 patients.
Information contained in emails and email attachments included the names of patients and employees along with email addresses, birth dates, financial records, diagnoses, treatment information, and medical payment information.
Affected individuals were notified on July 20 and were offered 12 months credit monitoring and identity theft protection services without charge.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.