HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

104,234 affected by data breach at The New Jewish Home

Written by Caitlin Anthoney | Aug 22, 2024 2:16:56 AM

New York-based non-profit Jewish Home Lifecare, Inc., operating as ‘The New Jewish Homeexperienced a data breach that exposed the sensitive personal and medical information of 104,234 individuals.

Although The New Jewish Home discovered the breach in January this year, they only began notifying affected individuals on August 16, 2024, violating HIPAA’s Breach Notification Rule.

 

What happened

On January 7, 2024, The New Jewish Home experienced an external system breach (hacking) that compromised individuals’ personal information, including their names, Social Security numbers, addresses, dates of birth, and other personal identifiers. 

Despite the severity of the breach, The New Jewish Home did not notify the affected individuals until August 16, 2024, when they finished their investigation. 

Furthermore, their initial report to the Department of Health and Human Services (HHS) on March 3, 2024, stated that only 501 individuals were affected, but the updated count now stands at 104,234.

 

What was said

The New Jewish Home public notice claims it “observed unusual activity on [their] network and took immediate action to investigate and contain the incident.”

According to their notice to affected Maine residents, the organization has “no evidence to suggest that any information has been or will be fraudulently misused.”

 

In the know  

HIPAA requires covered entities to notify affected individuals “without unreasonable delay”, and within 60 days of discovering a breach involving protected health information (PHI). 

Furthermore, HIPAA mandates that if a breach impacts 500 or more individuals, it must also be reported to the Department of Health and Human Services (HHS) and potentially to the media.

Go deeper: HIPAA breach deadlines healthcare organizations need to know

 

Why it matters  

Exposing personal information puts individuals at risk of identity theft and financial fraud. So, covered entities must promptly inform affected individuals if their personal information has been compromised to minimize the potential damage. 

 

The bottom line

While The New Jewish Home has notified affected individuals, the organization must improve its cybersecurity to prevent future breaches and safeguard patient trust.

Additionally, affected individuals should enroll in the complimentary credit monitoring and identity protection services offered.

 

FAQs

What is a data breach?

A breach occurs when an unauthorized party gains access, uses, or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.

 

What should individuals do if their data has been compromised?

If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.

 

What are the penalties for violating HIPAA regulations?

Civil penalties for HIPAA violations can include fines ranging from $100 to $50,000 per violation, with an annual maximum of $1.5 million per violation. Criminal penalties are applied when HIPAA violations are knowingly committed, with increased fines and imprisonment.