Security breach at cancer center affects 22,000 patients

February 17, 2017
Medicare Web

A Michigan cancer center recently notified 22,000 individuals of a breach of protected health information (PHI). Singn and Arora Oncology Hematology in Flint discovered the breach in August 2016 and notified the Office for Civil Rights (OCR) in October 2016, but did not notify affected individuals and the media until February 7, WJRT reported.  Covered entities must notify OCR, affected individuals, and local media within 60 days of discovering a breach affecting more than 500 individuals, according to the HIPAA Breach Notification Rule.

An unauthorized individual gained access to one of Singn and Arora’s servers from February 2016 to July 2016, WJRT said. Files stored on the server contained:

  • Names
  • Insurance information
  • Social Security numbers

Singn and Arora are offering affected individuals one year of free credit monitoring.

Related Topics: 
HIPAA