HHS: Nearly 700,000 affected by data breaches in April

Forty-five businesses and organizations covered by HIPAA reported breaches of protected health information in April, affecting more than 690,000 individuals, according to the U.S. Department of Health and Human Service’s (HHS) Office for Civil Rights.

The types of entities affected included 38 healthcare providers, six health plans and one business associate. California and Texas reported the most breaches with five each, followed by Florida, Minnesota and Ohio with four. Other states reporting multiple breaches included Idaho, Illinois, Massachusetts, New York, Oregon and Tennessee.

The largest number of individuals affected by a single breach was 206,695, reported by Doctors Management Services, Inc. of Massachusetts. It was followed by Centrelake Medical Group, Inc., in California, which reported 197,661 affected individuals, and Clearway Pain Solutions Institute in Florida, which reported 35,000. The fewest, 537, came from Lisa Rose Durso, M.D., PLLC in New York.

On average, just over 30,000 individuals were affected by each reported breach.

Hacking/IT incidents accounted for 27 of the reported breaches, while unauthorized access/disclosures were responsible for 14, and loss or theft for three.

The 2009 HITECH Act requires HHS to post a list of breaches of unsecured protected health information affecting 500 or more individuals.