On September 28, 2018, Toyota Industries North America submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Based in Columbus, Indiana, Toyota Industries North America’s email breach affected 19,320 individuals’ protected health information. Toyota Industries North America is classified as a Health Plan.
Toyota said it discovered on Aug. 30 that an unauthorized third party could have accessed the corporate email system. It engaged information security experts to investigate the incident and secure the system. In response to the investigation, the company is adopting multifactor authentication, implementing security monitoring enhancements, and revising and redistributing mandatory password protection and reset policies. Information that may have been compromised included full name, home address, date of birth, phone number, financial account information, social security number, photograph of social security card, driver’s license number, photograph of driver’s license, email address, photograph of birth certificate, photograph of passport, treatment information, prescription information, diagnoses, health plan beneficiary number, and portal username, password, and security questions. Toyota said it is providing one year of free credit monitoring and identity theft protection services to those affected by the breach.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.