On March 20, 2020, Golden Valley Health Centers submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Merced, California, the Golden Valley Health Centers affected over 397,000 individuals’ protected health information.
Golden Valley Health Center is classified as a Healthcare Provider.
According to a notice on their website:
On March 3, 2020, we determined that a limited number of patients’ information may have been contained in an email account that was accessed by an unknown, unauthorized third party. After identifying potentially suspicious activity, our IT staff immediately began an investigation and engaged computer forensic experts to determine if any information was impacted. After examining the accounts, the investigation determined that medical information, possibly including patients’ billing and insurance information, patient referral information, and appointment records may have been contained in an impacted e-mail account.
While there is no indication that an unauthorized party accessed or viewed patient information or evidence of patient information being misused, Golden Valley Health Centers remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including but not limited to employee education and training, reviewing and revising information security, as well as privacy policies and procedures. Letters sent to potentially impacted patients include additional information about what occurred and a toll-free number where patients can learn more about the incident. To answer any questions, you may have on this incident, please contact the following number (833) 570-0383. This call center is available Monday through Friday, between 8:00 AM to 8:00 PM Central Time. You may also request a copy of the letter that was sent to the potentially impacted patients.
See Related: HIPAA Compliant Email: The Definitive Guide
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.