HIPAA Tip: Cyber Attacks

What would you do? How quickly would your organization be able to recover and continue providing patient care? Disaster Recovery / Contingency Plans, cybersecurity training for all workforce members, policies and procedures implemented and executed for cyber attacks must be top priority for all healthcare organizations.

Recent Cyber Attacks:

  • WebTPA
  • DocGo
  • Ascension Hospitals
  • Change Healthcare (United Health Group)
  • HCA Healthcare

More than 2.4 million individuals were affected by a healthcare data breach that occurred at WebTPA Employer Services, a third party administrator that processes health plan claims.

DocGo is a large provider of mobile medical services and transportation in 26 U.S. states and the United Kingdom. They reported a cyberattack and subsequent data breach via a Securities and Exchange Commission Form 8-K filing.

On May 9th Ascension, the largest nonprofit and Catholic health system in the United States, announced that it fell victim to a major cyberattack. After detecting suspicious activity on its network systems, Ascension initiated remediation efforts and advised Business Associates to temporarily disconnect from its systems.

The cyberattack that occurred in February to Change Healthcare – a subsidiary of the behemoth global company UnitedHealth Group – knocked Change Healthcare offline, creating a backlog of unpaid claims. This has left doctors’ offices and hospitals with serious cashflow problems, threatening patients’ access to care.

HCA Healthcare experienced a cyberattack in 2023, affecting as many as 11 million patients. The organization said an “unauthorized party” released patient information on an online forum from an external storage location.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.


Dawn Meglino

HIPAA Compliance Specialist, CHPSE, CCSA, CCAP