U.S. Department of Health and Human Services
Office for Civil Rights
Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information

Person sitting at a laptop


As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary:

Cases Currently Under Investigation
This page lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights.
  Show Advanced Options
We are generating the report for you. Please wait......

ExcelPDFCSVXML
Breach Report Results
Expand AllName of Covered EntityStateCovered Entity TypeIndividuals AffectedBreach Submission DateType of BreachLocation of Breached Information
Iowa Department of Health and Human ServicesIAHealth Plan83305/26/2023Unauthorized Access/DisclosurePaper/FilmsYes
Lancaster Orthopedic GroupPAHealthcare Provider50005/26/2023Hacking/IT IncidentNetwork ServerNo
UI Community Home Care, a subsidiary of University of Iowa Health System IAHealthcare Provider6789705/24/2023Hacking/IT IncidentElectronic Medical Record, Network ServerNo
Grant Regional Health CenterWIHealthcare Provider413505/23/2023Hacking/IT IncidentEmailNo
PillPack LLCNHHealthcare Provider1903205/19/2023Hacking/IT IncidentNetwork ServerNo
PartsSource, Inc. Welfare Benefit PlanOHHealth Plan147405/19/2023Hacking/IT IncidentNetwork ServerNo
Tennessee Orthopaedic Clinics TNHealthcare Provider50005/19/2023Hacking/IT IncidentNetwork ServerNo
Marshall Information Services, LLC dba Primary Solutions OHBusiness Associate745605/18/2023Hacking/IT IncidentNetwork ServerYes
University of Missouri Health Care MOHealthcare Provider73605/17/2023Unauthorized Access/DisclosureElectronic Medical RecordNo
Clarke County Hospital IAHealthcare Provider2800305/17/2023Hacking/IT IncidentNetwork ServerNo
Fertility Specialists Medical GroupCAHealthcare Provider943705/15/2023Hacking/IT IncidentNetwork ServerNo
Lehigh Valley Health NetworkPAHealthcare Provider62705/15/2023Hacking/IT IncidentNetwork ServerNo
R&B Corporation of Virginia d/b/a Credit Control CorporationVABusiness Associate34552305/13/2023Hacking/IT IncidentNetwork ServerYes
PharMerica CorporationKYHealthcare Provider581559105/12/2023Hacking/IT IncidentNetwork ServerNo
Great Expressions Dental CentersMIHealthcare Provider52805/12/2023Hacking/IT IncidentNetwork ServerNo
Sesame, Inc.NYBusiness Associate180905/12/2023Unauthorized Access/DisclosureNetwork ServerYes
Illinois Department of Healthcare and Family Services, Illinois Department of Human ServicesILHealth Plan5083905/12/2023Hacking/IT IncidentNetwork ServerNo
SolutranMNBusiness Associate1772805/12/2023Hacking/IT IncidentNetwork ServerYes
Health Benefit Plan of the Anchorage School DistrictAKHealth Plan459805/12/2023TheftLaptopNo
United Healthcare Services, Inc. Single Affiliated Covered EntityCTHealth Plan111605/12/2023Unauthorized Access/DisclosureEmailNo
Catholic Health SystemNYHealthcare Provider1275905/11/2023Unauthorized Access/DisclosureElectronic Medical RecordYes
IMA Financial Group, Inc.KSBusiness Associate293705/10/2023Hacking/IT IncidentNetwork ServerYes
Uintah Basin HealthcareUTHealthcare Provider10397405/10/2023Hacking/IT IncidentNetwork ServerNo
Brightline, Inc.CABusiness Associate2897505/10/2023Hacking/IT IncidentOtherYes
Smile Doctors of Arizona, P.C. d/b/a Grinz Orthodontics ("Grinz Orthodontics")AZHealthcare Provider103405/09/2023TheftDesktop ComputerNo
ASAS Health, LLCTXHealthcare Provider2552705/06/2023Hacking/IT IncidentDesktop Computer, Laptop, Network ServerNo
United Healthcare Services, Inc. Single Affiliated Covered EntityCTHealth Plan197105/05/2023Unauthorized Access/DisclosureNetwork ServerNo
United Healthcare Services, Inc. Single Affiliated Covered EntityCTHealth Plan2656105/05/2023Hacking/IT IncidentNetwork ServerNo
Our Sunday Visitor, Inc.INHealth Plan96505/05/2023Hacking/IT IncidentNetwork ServerNo
People Incorporated of Sequoyah CountyOKHealthcare Provider872505/05/2023Hacking/IT IncidentNetwork ServerNo
New Mexico Department of HealthNMHealthcare Provider4900005/04/2023Unauthorized Access/DisclosureOtherNo
Methodist Family HealthARHealthcare Provider525905/03/2023Hacking/IT IncidentNetwork ServerNo
Northwest Health – La PorteINHealthcare Provider1025605/02/2023Unauthorized Access/DisclosurePaper/FilmsNo
Oyate Health CenterSDHealthcare Provider57505/02/2023Improper DisposalPaper/FilmsNo
Herbert J. Thomas Memorial Hospital Association dba Thomas Memorial Hospital WVHealthcare Provider256305/02/2023Hacking/IT IncidentNetwork ServerYes
University UrologyNYHealthcare Provider5681605/01/2023Hacking/IT IncidentNetwork ServerNo
Summit Eye & OpticalNJHealthcare Provider572705/01/2023Hacking/IT IncidentNetwork ServerNo
ReDiscover Mental HealthMOHealthcare Provider87705/01/2023Unauthorized Access/DisclosureEmailNo
Brightside Health, Inc.CAHealthcare Provider76704/30/2023Unauthorized Access/DisclosureElectronic Medical Record, OtherNo
Link Audiology LLCWAHealthcare Provider720004/28/2023Hacking/IT IncidentEmailNo
HealthPlan Services, Inc.FLBusiness Associate934904/28/2023Hacking/IT IncidentNetwork ServerYes
Grohler Hearing Aid Center, INC DBA Beltone Hearing Aid CentersVAHealthcare Provider527204/28/2023Hacking/IT IncidentEmailNo
Allina HealthMNHealthcare Provider104204/28/2023Unauthorized Access/DisclosureNetwork ServerNo
Unlimited Care, Inc. NYHealthcare Provider845304/27/2023Hacking/IT IncidentNetwork ServerNo
Delphi Drug & Alcohol CouncilNYHealthcare Provider628804/27/2023Hacking/IT IncidentEmailNo
University of California, San FranciscoCAHealthcare Provider67604/26/2023Hacking/IT IncidentEmailNo
CounSol, LLCFLBusiness Associate427704/25/2023Unauthorized Access/DisclosureNetwork ServerYes
Lake County Health Department and Community Health CenterILHealthcare Provider1700004/25/2023Hacking/IT IncidentEmailNo
Mars Area School District PAHealth Plan127004/24/2023Hacking/IT IncidentNetwork ServerNo
Robeson Health Care CorporationNCHealthcare Provider1504504/21/2023Hacking/IT IncidentNetwork ServerNo
Brightline, Inc.CABusiness Associate18069404/20/2023Hacking/IT IncidentNetwork Server, OtherYes
Upper Peninsula Health Plan MIHealth Plan83304/20/2023Hacking/IT IncidentNetwork ServerYes
Modern Cardiology AssociatesHealthcare Provider1000004/19/2023Hacking/IT IncidentNetwork ServerNo
Graceworks Lutheran ServicesOHHealthcare Provider673704/19/2023Hacking/IT IncidentNetwork ServerNo
Morgan StanleyNYHealth Plan53504/18/2023Unauthorized Access/DisclosurePaper/FilmsNo
Integrated Medical ServicesAZHealthcare Provider659104/17/2023Unauthorized Access/DisclosurePaper/FilmsNo
Ethan Health, LLCKYHealthcare Provider404704/14/2023Hacking/IT IncidentEmailNo
MiniMed Distribution Corp.CAHealthcare Provider5837404/14/2023Unauthorized Access/DisclosureNetwork ServerNo
Dallas CountyTXHealthcare Provider50104/14/2023Improper DisposalDesktop ComputerNo
United Steelworkers Local 286PAHealth Plan3796504/14/2023Hacking/IT IncidentEmailNo
Two Rivers Public Health DepartmentNEHealthcare Provider1516804/14/2023Hacking/IT IncidentEmailNo
Presence Healthcare Services dba Presence Medical Group ILHealthcare Provider92104/14/2023Unauthorized Access/DisclosurePaper/FilmsNo
Henry County HospitalOHHealthcare Provider368904/14/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate4996804/13/2023Hacking/IT IncidentNetwork Server, OtherYes
NationsBenefits Holdings, LLCFLBusiness Associate303730304/13/2023Hacking/IT IncidentNetwork ServerYes
John Muir Health - Walnut Creek Medical CenterCAHealthcare Provider82104/13/2023Unauthorized Access/DisclosureNetwork ServerNo
Multnomah CountyORHealthcare Provider272104/12/2023TheftPaper/FilmsNo
Cummins Behavioral Health SystemsINHealthcare Provider50104/12/2023Hacking/IT IncidentNetwork ServerNo
Montgomery General HospitalWVHealthcare Provider50004/11/2023Hacking/IT IncidentNetwork ServerNo
Pathway Healthcare, LLCALHealthcare Provider130404/11/2023Unauthorized Access/DisclosureEmailNo
Retina & Vitreous of Texas, PLLCTXHealthcare Provider3576604/10/2023Hacking/IT IncidentNetwork ServerNo
St. Vincent’s Ambulatory Care, Inc.FLHealthcare Provider76804/10/2023Unauthorized Access/DisclosureElectronic Medical RecordNo
Iowa Department of Health and Human Services - Iowa Medicaid Enterprise (Iowa HHS-IME)IAHealth Plan2081504/10/2023Hacking/IT IncidentNetwork ServerYes
La Clínica de La Raza, Inc.CAHealthcare Provider1531604/07/2023Hacking/IT IncidentEmailNo
Brightline, Inc.CABusiness Associate19900004/07/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate2183004/07/2023Hacking/IT IncidentNetwork ServerYes
Gretna Family HealthNEHealthcare Provider60004/07/2023Hacking/IT IncidentNetwork ServerNo
Brightline, Inc.CABusiness Associate741104/07/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate3144004/07/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate404404/07/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate46224104/07/2023Hacking/IT IncidentNetwork ServerYes
Brightline, Inc.CABusiness Associate767204/07/2023Hacking/IT IncidentNetwork ServerYes
Centers for Medicare & Medicaid ServicesMDHealth Plan1001104/07/2023Unauthorized Access/DisclosurePaper/FilmsYes
St. Luke's Health System, Ltd. IDHealthcare Provider1524604/06/2023Unauthorized Access/DisclosurePaper/FilmsNo
California Physicians’ Services dba Blue Shield of CaliforniaCAHealth Plan155304/05/2023Hacking/IT IncidentNetwork ServerYes
NORTHEAST BEHAVIORAL HEALTH CARE CONSORTIUMPAHealth Plan1324004/05/2023Hacking/IT IncidentEmailNo
California Physicians' Services d/b/a Blue Shield of CaliforniaCABusiness Associate6179004/04/2023Hacking/IT IncidentNetwork ServerYes
banis plastci surgeryKYHealthcare Provider449804/04/2023Unauthorized Access/DisclosureEmailNo
Chippewa CountyWIHealthcare Provider84204/04/2023Hacking/IT IncidentNetwork ServerNo
Integrative Health of Utah, PLLCUTHealthcare Provider60004/03/2023TheftElectronic Medical Record, Paper/FilmsNo
Southwest Healthcare ServicesNDHealthcare Provider1599604/01/2023Hacking/IT IncidentNetwork ServerNo
Tallahassee Memorial Healthcare, Inc.FLHealthcare Provider2037603/31/2023Hacking/IT IncidentNetwork ServerNo
Monument, Inc.NYBusiness Associate10858403/31/2023Unauthorized Access/DisclosureNetwork ServerYes
Santa Clara Family Health PlanCAHealth Plan27699303/30/2023Hacking/IT IncidentNetwork ServerYes
Aspire Health Partners FLHealthcare Provider99903/29/2023Improper DisposalPaper/FilmsNo
UHS of Delaware, Inc. PABusiness Associate4029003/29/2023Hacking/IT IncidentEmailYes
Nonstop Administration and Insurance Services, Inc.PABusiness Associate857103/27/2023Hacking/IT IncidentNetwork ServerYes
American Pain and Wellness, PLLCTXHealthcare Provider745703/24/2023Hacking/IT IncidentNetwork ServerNo
NewBridge ServicesNJHealthcare Provider145703/24/2023Hacking/IT IncidentNetwork ServerNo
Atlantic General HospitalMDHealthcare Provider2659103/24/2023Hacking/IT IncidentNetwork ServerNo
We are generating the report for you. Please wait......
  
U.S. Department of Health & Human Services - 200 Independence Avenue, S.W. - Washington, D.C. 20201 HHS Vulnerability Disclosure