{"id":2608,"date":"2013-09-03T00:00:00","date_gmt":"2013-09-03T00:00:00","guid":{"rendered":"http:\/\/otava.test\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/"},"modified":"2013-09-03T00:00:00","modified_gmt":"2013-09-03T00:00:00","slug":"four-million-patient-records-stolen-in-second-largest-hipaa-data-breach","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/","title":{"rendered":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach"},"content":{"rendered":"

Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information.<\/p>\n

A senior vice president from Advocate acknowledged that the sensitive data shouldn\u2019t have been stored on the computers\u2019 hard drives, but instead maintained on their secure network. One of the steps they\u2019re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption<\/a> – classifying sensitive data and then selecting a proper encryption method is next.<\/p>\n

O\"HIPAAne way to keep data protected on secure networks is by using SAN (storage area network) disk-level encryption that encrypts the data as it\u2019s written to disk. With an enterprise-class private cloud<\/a>, your compute, memory and disk performance is completely dedicated to your organization – no sharing of resources.<\/p>\n

Encryption of data at rest and in transit is highly recommended to meet HIPAA standards \u00a7164.312(a)(2)(iv) and \u00a7164.306(e)(2)(ii) for encryption of electronic protected health information (ePHI) anywhere data is also stored or archived as backups.<\/p>\n

If you\u2019re a healthcare organization seeking an encrypted data and application hosting solution, ask your HIPAA cloud hosting<\/a> provider if they are able to provide encryption, and if they provide encrypted offsite backup<\/a>. Without encryption, your data may be at risk if accessed by unauthorized users, and you are subject to the HIPAA Breach Notification Rule that requires public notification for data breach affecting over 500 individuals.<\/p>\n

However, encryption can\u2019t do it all – for a layered security approach, consider enlisting other data security tools such as File Integrity Monitoring (FIM)<\/a>, a Web Application Firewall (WAF)<\/a>, Daily Log Review<\/a> and other technical security services<\/a>.<\/p>\n

Upcoming HIPAA Encryption Webinar<\/strong>
\n\"HIPAA<\/a>Want to learn more the HHS’s encryption standards for securing PHI? Join our upcoming webinar,\u00a0Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure PHI<\/a><\/strong><\/em>, hosted by Online Tech’s April Sage and Brian Balow of Dickinson Wright, an attorney focused on IT, healthcare law and intellectual property. Held\u00a0Tuesday, September 17 @2PM ET<\/strong>, it’s free to join and we encourage submitting your questions about HIPAA encryption in advance.\u00a0Sign up online here<\/a>.<\/p>\n

References:
\nRegulators to Investigate Advocate Data Breach<\/a>
\nAdvocate Medical Group Notifies Patients, Offers Protection Following Office Burglary<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information. A senior vice president from Advocate acknowledged that the sensitive data shouldn\u2019t have been stored on the computers\u2019 hard drives, but instead maintained on their secure network. One of the steps they\u2019re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption – classifying sensitive data and then selecting a proper encryption method is next. One way to keep data protected on secure networks is by using SAN (storage area network) disk-level encryption that encrypts the data as it\u2019s written to disk. With an enterprise-class private cloud, your compute, memory and disk performance is completely dedicated to your organization – no sharing of resources. Encryption of data at rest and in transit is highly recommended to meet HIPAA standards \u00a7164.312(a)(2)(iv)…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2608","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nFour Million Patient Records Stolen in Second Largest HIPAA Data Breach | OTAVA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach\" \/>\n<meta property=\"og:description\" content=\"Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information. A senior vice president from Advocate acknowledged that the sensitive data shouldn\u2019t have been stored on the computers\u2019 hard drives, but instead maintained on their secure network. One of the steps they\u2019re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption – classifying sensitive data and then selecting a proper encryption method is next. One way to keep data protected on secure networks is by using SAN (storage area network) disk-level encryption that encrypts the data as it\u2019s written to disk. With an enterprise-class private cloud, your compute, memory and disk performance is completely dedicated to your organization – no sharing of resources. Encryption of data at rest and in transit is highly recommended to meet HIPAA standards \u00a7164.312(a)(2)(iv)...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-09-03T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach\",\"datePublished\":\"2013-09-03T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\"},\"wordCount\":436,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\",\"url\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\",\"name\":\"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png\",\"datePublished\":\"2013-09-03T00:00:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage\",\"url\":\"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png\",\"contentUrl\":\"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach | OTAVA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/","og_locale":"en_US","og_type":"article","og_title":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach","og_description":"Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information. A senior vice president from Advocate acknowledged that the sensitive data shouldn\u2019t have been stored on the computers\u2019 hard drives, but instead maintained on their secure network. One of the steps they\u2019re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption – classifying sensitive data and then selecting a proper encryption method is next. One way to keep data protected on secure networks is by using SAN (storage area network) disk-level encryption that encrypts the data as it\u2019s written to disk. With an enterprise-class private cloud, your compute, memory and disk performance is completely dedicated to your organization – no sharing of resources. Encryption of data at rest and in transit is highly recommended to meet HIPAA standards \u00a7164.312(a)(2)(iv)...","og_url":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/","og_site_name":"OTAVA","article_published_time":"2013-09-03T00:00:00+00:00","og_image":[{"url":"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach","datePublished":"2013-09-03T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/"},"wordCount":436,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/","url":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/","name":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png","datePublished":"2013-09-03T00:00:00+00:00","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#primaryimage","url":"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png","contentUrl":"https:\/\/otavawebsite.wpengine.com\/wp-content\/uploads\/images\/packages\/packages-hipaa-private-cloud.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/four-million-patient-records-stolen-in-second-largest-hipaa-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Four Million Patient Records Stolen in Second Largest HIPAA Data Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2608"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2608\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2608"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}