“Quit worrying about your health. It’ll go away.”
—Robert Orben
Top Story
Recently there have been a few very interesting and unusual healthcare data breaches. Let’s dive into 3 specifically notable ones.
Massengale Eye Care
Massengale Eye Care, an Oklahoma eye care practice is having severe impacts from the Eye Care Leaders (ECL) data breach. Eye Care Leaders had a breach due to unauthorized access being gained into its myCare Integrity system in December of 2021.
Eye Care practices have been submitting breach reports to the Department of Health and Human Services (HHS). The breach had previously been thought to have impacted 2 million people, but Massengale Eye Care recently reported another 15,000 people affected.
There was no concrete evidence that the bad actor had accessed Massengale Eye Care data, but the possibility also could not be ruled out. They said that they had received no reports of identity theft related to this incident.
MDLIVE Medical Group
7,439 people were notified of a breach from MDLIVE Medical Group. The breach stemmed from the telehealth vendor’s third-party analytics tool in its patient portal. The original purpose of the tool was to monitor how patients navigated in the portal, but it inadvertently monitored activity on the login page of MDLIVE portal as well. The data entered from June 2019-August 2022 was captured by the tool. The owner of the tools would have then been given access to all of that data. Usernames, passwords, and birthdays would have been shared, but fortunately, no health or financial information was affected. All analytics activity was permanently stopped, and the company is asking all patients to reset their passwords.
Wenco Management
The Wendy’s food chain operator Wenco Management suffered a data breach impacting their health plan. 20,526 individuals were informed by Wenco of the breach identified in August 2022. The investigation revealed that unauthorized personnel got access to Wenco’s system. They were able to access enrollment records, these records included names, Social Security numbers, and which plans had been selected by which individuals. Wenco has offered credit monitoring for those affected. They also plan to enhance their current security measures.
Diamond of the Week
California 💎
California has expanded who can qualify for Medicaid. Now people who have assets totally $130,000 individual, and an additional $65,000 per family can qualify for Medicaid. This will benefit many people, to read more details click here.
Who’s the WOAT
Tennessee 😡
Starting July 1st, Tennessee state lawmakers have voted to restrict healthcare rights for transgender patients. The law will halt procedures, and well as prevent new ones from starting. To read more about these new laws click here.
Who Knew
Misconception: HIPAA only applies to healthcare providers.
Nope, HIPAA applies not only to healthcare providers and health plans but also extends its privacy and security regulations to their business associates. Business associates are individuals or organizations that perform functions or provide services on behalf of covered entities involving the use or disclosure of protected health information. They are required to comply with HIPAA regulations and can face penalties for violations. This recognizes the need to protect sensitive health information throughout the healthcare ecosystem.
Upcoming Events
July 20th at 12:15 pm CDT
The #1 Compliance Toolkit For Your Independent Medical Practice
A Round of Applause For…
Cloud9 Medical Solutions 👏
A big thank you to Cloud9 Medical Solutions. Cloud9 is a client of Carosh and has recently decided to also partner with us in order to bring a better solution to their clients, to ensure they are HIPAA compliant.
Sources:
- Think You’re Compliant? Find Out!
- Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN, 46307
