Inmediata Health settles data breach for 1.13 million

Featured image

Share this article

InMediata logo

Inmediata Health Group has settled a class-action lawsuit that alleges the healthcare clearinghouse didn’t secure protected health information (PHI) as required to maintain HIPAA compliance. This led to nearly 1.5 million people having sensitive data exposed. The Puerto Rico-based organization has agreed to pay nearly $1.13 million as a settlement.

What happened?

In January 2019, Inmediata noticed that a misconfigured web setting allowed internal web pages to appear on search engines. The patient data exposed included medical claim information, Social Security numbers, and other identifiable information.

Inmediata responded by shutting down its website. The company also hired a digital forensics team to determine that no exfiltration of data had occurred.

Read more: Safeguard PHI from search engine results – here’s how

On top of the data breach, Inmediata made several errors notifying patients of the possible exposure of their personal information.

HIPAA requires organizations to notify patients of a data breach within 60 days of discovery. However, Inmediata didn’t send notifications to patients until mid-April.

The business associate also had issues with mailing notifications to affected patients. Some of them reported that they received multiple letters or letters addressed to other people. Other patients expressed an unawareness that Inmediata even had their personal information.

Read more: What to do after you violate HIPAA

The HIPAA violations led patients to file a class-action lawsuit in August 2019 regarding the failure to protect PHI and mishandling proper notification procedures.

While Inmediata has agreed to pay a $1.13 million settlement, the company denies any wrongdoing. 

Protect your digital communications

The cost of not protecting PHI is expensive. Proactively investing in a robust cybersecurity network will pay off in the long run by preventing lawsuits and HIPAA fines, and avoiding corrective action plans.

Every aspect of your digital communications should be secure, and that includes sending HIPAA compliant email

That’s where Paubox Email Suite comes in. Healthcare professionals find it easy to use since it seamlessly integrates with popular email providers like Google Workspace or Microsoft 365. It uses blanket TLS email encryption to send emails directly to your patients’ inbox.

Paubox is an easy and secure way to send patient data in emails while staying HIPAA compliant. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022