On May 8, 2018, USACS Management Group, Ltd. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Canton, Ohio, USACS’ email breach affected 15,552 individuals’ protected health information.
USACS Management Group, Ltd. is classified as a Business Associate.
According to USACS’ statement:
USACS Management Group, Ltd. (USACS) is committed to maintaining the privacy and security of patient information. Regrettably, this notice is regarding an incident involving some patients’ information.
On March 9, 2018, we learned that an unauthorized third party may have accessed a USACS employee’s email account that same day. We immediately began an investigation, including hiring a leading outside computer forensic firm to assist us. The investigation determined that the unauthorized third party illegally gained access to one USACS email account containing patient information. The email account may have included some patients’ information, including names, addresses, dates of service, USACS account numbers, medical and health insurance information, diagnostic and treatment information, and, in some cases, Social Security numbers.
USACS has no indication that any of the information has been used inappropriately. However, we wanted to advise our patients and assure you that we take it very seriously. We began mailing letters to affected patients on May 8, 2018. To those patients whose Social Security number was included, as a precaution, we are offering a complimentary one-year membership of credit monitoring and identity protection services. We also recommend that our patients review the explanation of benefits statements they receive from their insurers. If patients see services they did not authorize, they should immediately contact the insurer.
We regret any inconvenience or concern this may cause our patients. To help prevent something like this from happening in the future, we continue to enhance our security measures relating to protection of personal information and conduct regular security training with our workforce.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.