In the last six months, several payers, providers and revenue cycle vendors began warning patients about data breaches that affected medical billing information.
Here is a breakdown of seven instances:
- Adaptive Health Integrations, a company providing healthcare billing services, suffered a breach in October that exposed 510,574 individuals’ data. The incident is the third-largest healthcare data breach to occur in 2022, according to HHS’ reporting portal.
- Medical billing company Medical Healthcare Solutions experienced a cyberattack that exposed the protected health information of Beth Israel Deaconess Medical Center patients. Both parties are based in Boston. Affected patients began being notified in February.
- UnitedHealthcare and the Rhode Island Public Transit Authority received subpoenas from state Attorney General Peter Neronha on Jan. 27 regarding a data breach that compromised the data of 22,000 people. The August breach resulted in about 17,000 individuals’ information being compromised, the transit authority initially said, but the impact has since grown. Information included data from the state’s health insurance plan billing for agency members and other state employees.
- Philadelphia-based Jefferson Health experienced a data breach that compromised 9,000 patients’ protected health information, the organization said in January. An unauthorized person hacked into an online insurance portal used by Jefferson Hospital to access patient billing information on Nov. 18. The hacker tried to wire payments made to the hospital to themselves.
- Billing statements containing the personal health information of 1,661 Advocate Aurora Health patients in Illinois were mailed to the wrong location, the health system with dual headquarters in Downers Grove, Ill., and Milwaukee said in December. Advocate Aurora said the billing statements were all sent to one customer on or around July 29. The hospital system said the mail never arrived at its destination.
- Chapel Hill, N.C.-based UNC Health began notifying 946 patients in November that billing information linked to their accounts might have been accessed by another person who was incorrectly given access.
- Anthem and Humana began notifying members in November their protected health information may have been exposed in a ransomware attack on a billing vendor. PracticeMax, a provider of billing and IT solutions to healthcare organizations, experienced a ransomware attack from April 17-May 5, 2021.