Health Care Management Solutions LLC, a West Virginia-based consulting company focused on improving care quality for vulnerable populations including veterans, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 500,000 individuals.

Little is currently known about the data breach as the company has yet to publicly announce the breach. There is no substitute breach notice on the company website. The OCR breach summary indicates this was a hacking incident affecting its network server(s). The extent to which protected health information has been compromised is not yet known. Notifications were issued on November 14, 2022

This post will be updated as and when further information about the incident becomes available.

Stanley Street Treatment and Resources Discloses October 2021 Data Breach

The Fall River, MA-based addiction and treatment center, Stanley Street Treatment and Resources, Inc. (STAR), has recently announced a data breach that occurred more than a year ago in October 2021. According to the STAR substitute breach notice, the breach was detected in September 2022. An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. The files included names, Social Security numbers, government ID numbers, financial account information, dates of birth, dates of service, health insurance information, and medical information.

At the time of issuing notification letters, STAR said it was unaware of any cases of misuse of patient information. STAR said it continuously evaluates and modifies its practices to ensure the privacy and security of patient information and will continue to do so in the future.

California Health Insurance Agency Suffers Data Breach Affecting 14,600 Patients

The health insurance agency, CCA Health California, has announced that the protected health information of 14,631 members of the Vitality Health Plan of California has potentially been compromised. CCA Health California acquired Vitality Health Plan of California earlier this year.

CCA Health California discovered the data breach in September 2022. Unauthorized individuals had gained access to systems containing files that included protected health information and removed some of those files between May and September this year. It was not possible to determine which specific files were accessed or downloaded, but a review of all files that could potentially have been copied confirmed they contained the following types of information: names, Social Security numbers, dates of birth, diagnosis, and treatment information, demographic information, medical record numbers, passport numbers, health insurance information, provider names, lab results, and prescription information.

CCA Health California said security safeguards have been enhanced to prevent similar breaches in the future and monitoring capabilities have been enhanced.

Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack

Innovative Service Technology Management Services, a Georgia-based outsourcing company, has suffered a ransomware attack. A threat actor gained access to its systems and potentially removed files on June 3, 2022. The files that may have been accessed or copied included the protected health information of members of its health plan. A detailed review of the files was completed on October 17, 2022, and confirmed they contained the PHI of 2,654 individuals, including names, financial account information, and other personal information.  In response to the breach, a global password reset was performed and all critical applications were updated. Affected individuals have been offered complimentary membership to the Experian IdentityWorks identity theft protection service.

The post Hacking and IT Incidents Affect 563,000 Patients and Health Plan Members appeared first on HIPAA Journal.

One Brooklyn Health System is currently dealing with a cyberattack that has caused disruption at its three hospitals – Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. Little information has been released about the attack so far, which is believed to have occurred on or just before November 19. That was the date when the health system shut down its network, which has remained offline for more than a week.

The New York Post reports that the cyberattack has prevented hospital staff from accessing the electronic medical record system, so patient information has been recorded using pen and paper while the hospitals operate under emergency procedures. The decision was taken to reroute ambulances to other facilities, although communication with other hospitals in the area appears to have been non-existent. The health system also reportedly failed to notify New York Fire Department ambulance services that emergency cases were to be sent to alternative facilities.

“We are aware of the incident, and we are working with One Brooklyn Hospital Network to ensure patient safety. As this is an ongoing investigation, we cannot comment further,” said New York Department of Health spokesman Jeffrey Hammond.

The hospital has engaged third-party experts to help investigate the nature and scope of the attack and to assist with bringing IT systems back online. Some systems are now back online and there is now limited access to its electronic medical record system and some other clinical applications. One Brooklyn Health issued a statement confirming that patient care has been unaffected by the security breach and while ambulances were rerouted, appointments have not had to be canceled. At this stage of the breach response, it is too early to tell if, and to what extent, patient information has been affected.

Mena Regional Health System Breach Affects Almost 85,000 Patients

Mena Regional Health System (MRHS) in Arkansas announced on November 22, 2022, that an unauthorized third party gained access to its network and exfiltrated files containing the protected health information of 84,814 patients.

MRHS did not explain in its substitute breach notice when hackers first gained access to its network but said the intrusion was discovered on November 8, 2022. The investigation revealed files were exfiltrated from its network more than a year previously, on or around October 30, 2021. MRHS provided no explanation as to why it took so long to discover the breach.

The review of the files confirmed they contained full names, dates of birth, Social Security numbers, driver’s license/government identification numbers, financial account information, medical record/patient account numbers, medical diagnosis/treatment information, medical provider names, lab results, prescription information, and health insurance information.

MRHS said it is unaware of any attempted or actual misuse of patient information and that “out of abundance of caution” notification letters are being sent to affected individuals. That process commenced on November 22, 2022. Individuals whose Social Security numbers were compromised have been offered complimentary credit monitoring services. Security processes are being reviewed and will be updated to enhance the privacy and security of patient information.

Patient Information Stolen in Dallam Hartley Counties Hospital District Cyberattack

Dallam Hartley Counties Hospital District in Texas has recently confirmed that it suffered a cyberattack in late September and that the third party behind the attack was able to obtain files that contained the protected health information of 69,835 patients. The incident was detected on September 28, 2022, with the investigation confirming its network was first accessed by unauthorized individuals the previous day, with access continuing until its systems were secured on September 28.

A review of the files exfiltrated from its system confirmed they contained patient names, Social Security numbers, health insurance information, demographic information, and limited medical information. Medical records remained secure and were not accessed during the incident. Credit monitoring and identity theft protection services have been offered to affected individuals and steps are being taken to enhance the security of its IT systems. Notification letters were sent to affected patients on November 23, 2022.

The post One Brooklyn Health Dealing with Ongoing Cyber Incident appeared first on HIPAA Journal.

Connexin Software Inc., which provides electronic medical records and practice management software (Office Practicum) to pediatric physician practice groups has recently confirmed that it was the victim of a cyberattack in which an unauthorized third party gained access to its internal computer network.

While the electronic medical record system was not accessed in the attack, and none of its client databases, systems, or medical records were accessed, the threat actors did access parts of its network that contained the protected health information of patients of its clients. The substitute breach notice indicates 119 pediatric healthcare providers were affected by the breach.

Connexin Software reported the breach to the HHS’ Office for Civil Rights as affecting 2,216,365 million patients. At least one healthcare provider client has reported the breach (Forest Hill Pediatrics – 4,958 records), so the breach total may well be higher if other providers have also chosen to report the breach separately.

Connexin Software said a data anomaly was detected within its network on August 26, 2022, which prompted an immediate investigation into the suspicious activity. A third-party forensics company was engaged to assist with the investigation and determine the nature and scope of the incident. Connexin Software learned on September 13, 2022, that an unauthorized third party has accessed its network, which included an offline set of patient data that had been created for data conversion and troubleshooting. Some of that data was exfiltrated in the attack, although at the time of issuing notifications, no misuse of that data had been identified.

When the breach was detected, a password reset was performed for all corporate accounts. The offline data that was used for data conversion and troubleshooting has now been moved to a different part of the network that has greater security. Security and monitoring have also been stepped up to prevent similar breaches in the future.

Children’s protected health information is especially valuable to cybercriminals, as it can often be misused for long periods of time before that misuse is detected. Victims of this breach have been advised to closely monitor credit reports and statements from providers for signs of misuse. In cases where a child’s Social Security number was exposed or stolen, child identity monitoring services have been offered for 12 months.

Practices confirmed as being affected by the breach are detailed in the table below.

The post 119 Pediatric Practices Affected by Breach at EHR Vendor – 2.2 Million Patients Affected appeared first on HIPAA Journal.

A database containing the personally identifiable information (PII) of more than 16,000 children has been exposed over the Internet and could be accessed without a password or any other form of authentication. The database was found by security researcher Jeremiah Fowler and the Website Planet team and was traced to Tridas Group LLC. Tridas Group is the developer of Tridas eWriter, a web-based software solution that allows parents and teachers to rapidly complete interviews to facilitate the diagnosis and management of children with developmental and behavioral issues.

Fowler sampled 1,000 records and said all of the records contained at least some form of PII of children, with each of the records having a unique patient ID number. The records also included names, birth dates, home addresses, school attended, special needs, medical diagnoses, and details of behavioral or social problems. The records appeared to be questionnaires that had been completed by parents ahead of their first evaluation appointment.

According to the website planet report, the database could be accessed by anyone “through a misconfigured IP that showed the host domain, login portal, and where the data was stored.” The researchers were unable to determine for how long the records had been exposed or if those records had been accessed by unauthorized individuals. There were no indications that the database included test data or dummy records and, in many cases, the records recorded behavioral problems in great detail. According to the Trident website, the Trident Center closed on December 31, 2019. Further details can be found in the Website Planet report.

South Walton Fire District Ransomware Attack Affects Up to 25,331 Individuals

South Walton Fire District in Florida has recently announced that it was the victim of a ransomware attack in late May 2022. The fire district, which provides fire protection and emergency medical services, discovered on May 30 that an unauthorized third party had gained access to its computer network. Assisted by third-party cybersecurity experts, the fire district learned that the threat actor had access to parts of the network that contained information protected under HIPAA, including names, addresses, Social Security numbers, dates of birth, treatment dates, medical diagnostic and treatment information, and health insurance information.

The investigation and subsequent verification of contact information for affected individuals were completed in October 2022. Notification letters have now been sent to affected individuals, who have been offered complimentary credit monitoring and identity theft protection services. The fire department confirmed that it was able to secure its digital environment without paying the ransom demand and has implemented additional layers of security to prevent further incidents in the future.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 25,331 individuals.

The post Unsecured Database Exposed 16,000+ Children’s Records appeared first on HIPAA Journal.

Woodlawn, MD-based Hope Health Systems Inc. (HHS) has recently announced that it was the victim of a ransomware attack. The attack was detected on June 20, 2022, and third-party forensics experts were engaged to investigate the incident and determine the scope of the attack.

The investigation revealed an unauthorized third party first accessed its systems on June 10, 2022, several days prior to using ransomware to encrypt files. While evidence of data theft was not identified, on or around August 24, 2022, the forensic investigation concluded that data theft was a possibility. It took until October 18, 2022, to review all files on the compromised part of the network to determine who had been affected.

HHS says the protected health information of up to 9,972 patients was stored on the compromised systems, and included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and medical information. HHS said it is evaluating its existing cybersecurity policies, procedures, and processes, to determine where improvements can be made to prevent similar incidents in the future.  Notifications were sent to affected individuals on November 21, 2022.

Ransomware Attack Affects Patients of Disability Services of the Southwest

The Texas-based home healthcare provider, Disability Services of the Southwest, has recently confirmed that unauthorized individuals gained access to its employment and training website and potentially obtained client information.

The website was operated by vendor Intermap Holdings. Unauthorized individuals gained access to the platform provider’s system on September 28, 2022, and used ransomware to encrypt files. Intermap Holdings was able to contain and block the attack on the same day; however, it is possible that during that short window of opportunity, sensitive data may have been viewed or obtained, although no evidence of unauthorized access or data theft was identified.

Affected individuals had either submitted an employment application, in which case their name, phone number, email address, and details of the job and location they were applying for may have been accessed. Current and past employee information may also have been compromised, such as name, address, phone number, employee ID, and training history. No financial information or Social Security numbers were affected as they were stored on a separate system.

Disability Services of the Southwest said the platform provider has removed the malware and is actively monitoring its platform for signs of intrusion. The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Oceansview Optical Ransomware Attack Affects 2,000 Patients

Oceansview Optical in Sebastian, FL, has recently announced that part of its database was encrypted in a ransomware attack. The attack was detected on October 8, 2022, when its office software was shut down. The investigation revealed parts of its database had been encrypted using Venus ransomware, and two external hard drives and the backup server were corrupted. Paper charts had to be used for 9 days while systems were rebuilt.

The ransom was not paid, and without access to backups, it was not possible to restore the encrypted parts of the database from July 2021 to October 8, 2022. A copy of the encrypted database has been retained and it is hoped it can be recovered at some point in the future when a decryptor is made available for Venus ransomware.

In a detailed and honest breach notification, Jennifer L Loar OD said the intention of this attack appeared to be to corrupt data to prevent access, so data exfiltration is unlikely; however, the exfiltration of data could not be ruled out. The types of information potentially compromised included names, nicknames, addresses, phone numbers, email addresses, birth dates, ethnicity, preferred language, insurance information, diagnoses, medications, medication allergies, reports, and eyeglass and contact orders.

The attack has been reported to all appropriate authorities, including the HHS, CISA, and the FBI. New anti-ransomware software has been deployed along with new backup infrastructure, which the FBI has verified as providing very good security.

PHI Potentially Compromised in Cyberattack on The Stern Cardiovascular Foundation

The Stern Cardiovascular Foundation (SCF) has recently announced that it experienced a data security incident on September 6, 2022, that caused disruption to certain parts of its computer network. The Germantown, TN-based healthcare provider said it aggressively responded to the incident and engaged third-party technical experts to assist with the breach response and help mitigate and investigate the attack.

It was possible to quickly restore access to all computer systems and the attack did not disrupt patient services. On September 13, 2022, SCRF learned that the individuals behind the attack first gained access to its systems on September 4, 2022, and had access to the network until September 6. During that time, they may have viewed and/or exfiltrated data, including the personal and health data of patients and other individuals associated with SFC.

The investigation into the attack is ongoing, but there are no indications that the electronic medical record system has been accessed. At this stage, it has yet to be confirmed how many individuals have been affected or the exact types of information that may have been compromised. The breach has been reported to the HHS’ Office for Civil Rights as affecting 501 individuals – a placeholder until the full extent of the data breach is confirmed. SFC said it has been working with external cybersecurity experts to remediate the attack and harden its defenses.

University Medical Center of Southern Nevada Alerts Patients About Insider Data Breach

University Medical Center (UMC) of Southern Nevada has recently written to 1,861 patients to advise them that a former employee has accessed their medical records when there was no legitimate work reason for doing so. UMC identified the HIPAA breach during a September 2022 review of medical record access.

The investigation confirmed that the employee had accessed patient records on the electronic medical record system between May 19, 2021, and September 22, 2022. The records contained demographic, insurance, and clinical information. UMC said the individual is no longer employed by UMC and no evidence was found to indicate any information has been copied, misused, or further disclosed. Policies have since been updated to prevent similar incidents in the future and further training has been provided to the workforce.

PrimeCare Medical Affected by CorrectCare Integrated Health Breach

Pennsylvania-based PrimeCare Medical, a provider of healthcare services to inmates of correctional facilities, has confirmed that some of the patients it serves have been affected by a breach at its third-party administrator, CorrectCare Integrated Health. A misconfiguration of a web server resulted in two file directories being exposed to the public Internet, which contained patient data such as full names, birth dates, Social Security numbers, DOC IDs, and limited health information, such as a diagnosis and CPT codes.

The exposed files were discovered on July 6, 2022, and were secured within 9 hours. They had been exposed from as early as January 2022 and may have been accessed by unauthorized individuals during that time. Third-party experts have been helping CorrectCare improve the security of its systems to better protect client information.

PrimeCare Medical says the protected health information of 22,254 individuals was exposed. Those individuals received healthcare services between July 1, 2018, and July 7, 2022.

The post PHI Potentially Compromised in Ransomware Attacks at MD, TX, and FL Healthcare Providers appeared first on HIPAA Journal.

Pennsylvania-based Gateway Rehabilitation Center (Gateway Rehab) has recently announced that it experienced “an incident disrupting access to certain systems.” The incident in question was detected by Gateway Rehab on June 13, 2022. Immediate action was taken to prevent further unauthorized access to its systems and a digital forensics firm was engaged to investigate the breach. The forensic investigation concluded on July 8, 2022, that the individuals behind the attack may have accessed or obtained patients’ information. The breach has recently been reported to the HHS’ Office for Civil Rights as involving the protected health information of up to 130,000 patients.

The types of information compromised in the attack included names, birth dates, Social Security numbers, driver’s license numbers, state ID numbers, financial account and/or payment card numbers, medical information, and health insurance information. While Gateway Rehab did not disclose the exact nature of the attack, it was a BlackByte ransomware attack. Samples of files stolen in the attack were posted on the group’s data leak site, as confirmed by databreaches.net.

According to Gateway Rehab, the review of all affected files was completed on September 21, 2022, and patients were notified on November 18, 2022. The substitute breach notice on the Gateway Rehab website makes no mention of credit monitoring and identity theft protection services. Gateway Rehab did state that steps have been taken to prevent similar incidents in the future.

Former Kaiser Permanente Employee Impermissibly Accessed Patient Information

Kaiser Foundation Health Plan of the Mid-Atlantic States, Inc. has recently announced that an employee was discovered to have impermissibly accessed the protected health information of certain Kaiser Permanente patients. The unauthorized access was detected on September 21, 2022, with the investigation confirming that parts of the medical records of 8,556 patients had been accessed by the employee outside the scope of their job functions.

The types of information accessed included demographic information such as names, medical record numbers, addresses, email addresses, telephone numbers, birth dates, and some medical information, including medical images. Social Security numbers and financial information were not viewed.

According to the substitute breach notice, the individual is no longer employed by Kaiser Permanente and the investigation found no evidence to suggest that any of the viewed information was copied, misused, or further disclosed. Kaiser Permanente says it is reviewing its policies and procedures concerning access to patients’ medical records.

Impermissible Disclosure of PHI Reported by Yakima Neighborhood Health Services

Yakima Neighborhood Health Services (YNHS) in Washington state has recently reported an incident that resulted in an impermissible disclosure of the protected health information of 2,689 individuals. On October 4, 2022, a file containing patient information was mistakenly distributed to an individual who was not authorized to receive the information. The file contained information such as names, birth dates, medical record numbers, and treatment locations.

YNHS said as soon as the incident was detected, steps were taken to ensure the misdirected file was deleted, and there are no indications that any of the information in the file has been misused. It took until November 10, 2022, to verify up-to-date contact information for affected individuals, and they have now been notified about the privacy breach. Steps have also been taken to prevent incidents such as this from occurring in the future.

DOCS Medical Group Victim of Ransomware Attack

DOCS Medical Group in Connecticut has recently confirmed the protected health information of up to 3,146 was potentially compromised in a ransomware attack. The attack was detected on September 7, 2022, and was rapidly blocked; however, the server that was attacked contained the protected health information of patients, including names, contact information, medical histories, reason for visiting, Social Security numbers, health insurance information, and some financial information. DOCS Medical Group said its electronic medical record and billing systems were not affected, and medical services were unaffected by the incident.

The post Gateway Rehabilitation Center Reports Cyberattack Affecting 130,000 Patients appeared first on HIPAA Journal.

Indiana-based Community Health Network is the latest healthcare provider to confirm that the protected health information of patients has been impermissibly disclosed to Meta/Facebook and Google due to the use of their tracking code on its websites. According to the breach report submitted to the HHS’ Office for Civil Rights, the protected health information of up to 1.5 million patients has potentially been impermissibly disclosed.

Like many other healthcare organizations, Community Health Network added third-party tracking code to its websites for the purpose of identifying the trends of users as they navigated through its websites. Community Health Network said the code was added: “to improve access to information about critical patient care services and manage key functionalities of our patient-facing websites.”

The code collected certain information about website users’ interactions as they navigated through its websites. After learning of concerns about the use of this code by healthcare organizations, an internal investigation was launched to determine whether sensitive individually identifiable information had been transferred to third parties. The forensic investigation involved a highly detailed evaluation of all third-party tracking code on its websites and web applications.

Community Health Network said the investigation revealed the code had been added to various parts of the website, including the appointment scheduling pages and the MyChart patient portal. “When we learned of this, we immediately began working with our service providers to disable and/or remove certain technologies from our websites and applications as we continued our internal investigation in hopes of better understanding the nature of the information that these technologies were collecting and transmitting,” explained Community Health Network in substitute breach notice. Further investigation revealed on September 22, 2022, that the configuration of the code had inadvertently allowed “a broader scope of information to be collected and transmitted to each corresponding third-party tracking technology vendor (e.g., Facebook and Google) than Community had ever intended.”

The types of information transmitted varied from individual to individual based on their interactions on the websites and may have included computer IP address, dates, times, and/or locations of scheduled appointments, information about an individual’s health care provider, type of appointment or procedure scheduled, and communications that were made through the MyChart portal, which may have included first and last names, medical record numbers, whether an individual had insurance, and, if an individual had a proxy MyChart account, the name of the proxy.

Community Health Network said it has removed the third-party tracking code and has implemented enhanced evaluation and management processes for all website technologies moving forward. The decision was taken to issue notification letters to all individuals who had engaged with a Community provider or affiliated entity on or after April 6, 2017 – the date that the tracking code was added to the websites.

Other healthcare organizations that have been similarly affected after adding Meta Pixel and other third-party tracking code to their websites include Advocate Aurora Health, WakeMed Health and Hospitals, Novant Health, Medstar Health System, UCSF Medical Center, Dignity Health Medical Foundation, and Northwestern Memorial Hospital.

The post Community Health Network Website Tracking Code Impermissibly Disclosed the PHI of up to 1.5 Million Patients appeared first on HIPAA Journal.

Doctors’ Center Hospital in Puerto Rico has recently notified the Department of Health and Human Services’ Office for Civil Rights (OCR) that it has experienced a hacking/IT incident in which the protected health information of 1,195,220 patients has potentially been compromised.

As of November 23, 2022, there is no notification on the hospital’s website so details of the nature of the attack have yet to be made public by Doctors’ Center Hospital, with all current indicators suggesting this was a recent attack, and one which the hospital is likely still attempting to recover from.

Databreaches.net investigated and identified an entry on the data leak site of a relatively unknown ransomware group called Project Relic, which has claimed responsibility for the attack. The Project Relic dark web data leak site indicates 211 GB of data was exfiltrated in the attack, of which 114 MB has been leaked online.

Blackpoint’s Adversary Pursuit Group has written a report on the group, which it claims is a new ransomware group that was unknown a month ago but has conducted multiple attacks. The group is only believed to have started operating in October 2022. According to Blackpoint, the ransomware is written in Go due to its portability, speed, and the minimal chance of it being detected by static analysis. The group is known to engage with victims via a custom chat application on the Tor network to negotiate ransoms and the group publishes stolen data if the ransom is not paid in a timely manner.

In an attack on one of Blackpoint’s partners, the gang claimed to have exfiltrated 400 GB of data and issued a ransom demand of 100 BTC, which is approximately $1,638,800. Blackpoint analyzed the ransomware, but has been unable to determine at this stage how access to victims’ networks is gained.

This post will be updated when further information becomes available.

The post Ransomware Attack on Puerto Rico Hospital Affects Almost 1.2 Million Patients appeared first on HIPAA Journal.

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Third-party security experts were engaged to investigate the nature and scope of the attack, with the investigation concluding on or around May 2, 2022, that files containing the protected health information of patients and employees may have been accessed and exfiltrated from its network. The investigation confirmed that its electronic health record system and its human resources systems were not affected by the attack.

A comprehensive review of all files potentially compromised in the attack revealed they contained the protected health information of 877,584 current and former patients, employees, and job applicants. Affected patients had their names, birth dates, patient numbers, Social Security numbers, financial account numbers, and/or health insurance information exposed. Current and former employees and job applicants have had their names, birth dates, Social Security numbers, driver’s license numbers, and/or state IDs exposed, as well as financial account numbers for a limited number of individuals.

Wright & Filippis said that at the time of issuing notification letters, no evidence had been found to suggest any actual or attempted misuse of the stolen information; however, out of an abundance of caution, affected individuals have been offered complimentary access to identity monitoring, fraud consultation, and identity theft restoration services. The delay in issuing notifications to affected individuals was due to the time-intensive process of investigating the breach, reviewing the affected files, and confirming contact information for affected individuals.

Wright & Filippis said the company has implemented additional endpoint detection and response software, reset all passwords, and rebuilt all the affected servers.

The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.