Alive Hospice suffers HIPAA email breach

Featured image

Share this article

hipaa email breach, hipaa email data breach, paubox hipaa breach report

On July 13, 2018, Alive Hospice submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).

Based in Nashville, Tennessee, Alive Hospice’s email breach affected 1,868 individuals’ protected health information.

Alive Hospice is classified as a Healthcare Provider.

According to Alive Hospice’s press release:

On or around December 20, 2017, and April 5, 2018, Alive Hospice experienced email phishing events that affected an employee email account.  Alive Hospice immediately took steps to respond to and investigate these events and, while the investigations found no evidence of unauthorized access to personal information, Alive Hospice took steps to change the user’s password on both occasions, in an abundance of caution.  On or around May 15, 2018, during a review of its email system, Alive Hospice learned of ongoing unauthorized activity in the employee’s email account that may have resulted in unauthorized access to certain personal information.  Alive Hospice immediately commenced an investigation to determine the nature and scope of the incident, as well as determine what information may be affected.  Through the investigation, which included working with third party forensic investigators, Alive Hospice determined that an unauthorized actor(s) gained access to two Alive Hospice employee email accounts.  The investigation determined the unauthorized activity began on or around December 20, 2017, for one user, and on or around April 5, 2018 for the other user.  The investigation also determined that the emails affected by this incident contained personal information.  While the information potentially affected varies by individual, Alive Hospice’s investigation determined that the information that may have been affected includes name, date of birth, Social Security number, passport number, driver’s license or state identification number, copy of birth or marriage certificate, financial account number, medical history information, treatment and prescription information, health insurance information, username/email and password information, biometric identifiers, IRS pin number, digital signatures, and security questions and answers. To date, Alive Hospice has no evidence that any information potentially impacted by this incident was subject to actual or attempted misuse.

The confidentiality, privacy, and security of information in Alive Hospice’s care is one of its highest priorities.  Upon learning that patient information may have been affected by this incident, Alive Hospice commenced an investigation to confirm the nature and scope of the event and identify what personal information may have been present in the affected emails.  With the assistance of third party forensic investigators, Alive Hospice has been working to identify and put in place resources to assist potentially impacted individuals.  While Alive Hospice already has stringent security measures in place to protect information in its systems, Alive Hospice is also implementing additional safeguards to protect the security of information.   

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Arianna Etemadieh

Arianna is an Inbound Marketing Specialist at Paubox. In her free time, she enjoys cooking, traveling, and volunteering at the animal shelter.

Read more by Arianna Etemadieh

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022