Millions of Patients Receive Healthcare Data Breach Notifications
By Jill McKeon
Covered entities must post a notice on the home page of its website for at least 90 days if there are more than 10 individuals with out-of-date contact information to ensure that impacted individuals have an increased likelihood of seeing the notice.
Individual notices must be provided via first-class mail no later than 60 days following the discovery of the breach. The notification must include a description of the brief, a description of the types of information that was exposed, and an explanation of what the entity is doing to investigate the breach.
If a breach impacts more than 500 individuals, covered entities are required to notify prominent media outlets and the HHS secretary.
Healthcare entities that experienced some of the biggest data breaches of 2021 began notifying impacted individuals of security incidents via mail in recent weeks. Utah Imaging Associates Notifies Nearly 600K of Data Breach
READ MORE: CISA Warns Critical Infrastructure of Holiday Ransomware Risks Utah Imaging Associates (UIA) posted a notice on their website alerting nearly 600,000 current and former patients of a data security incident that may have exposed protected health information. The breach gained media attention as one of the largest reported breaches of […]