Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
January 15, 2019
Company: Humana Inc.
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
598

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 9, 2019
Company: Humana Inc
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,211

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
December 31, 2018
Company: Humana Inc
Location: , Kentucky
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
684

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 28, 2018
Company: Humana inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
287

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
June 4, 2018
Company: Humana inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
6,836

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 21, 2017
Company: Humana Inc
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
5,764

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
April 18, 2017
Company: Humana Inc [case # HU17001CC]
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,831

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 19, 2016
Company: Humana Inc. [case #HU16004F3]
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
3,674

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 30, 2015
Company: Humana Inc [Case 18652]
Location: , Kentucky
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
2,815

Humana, Inc., the covered entity (CE), discovered that on August 20, 2015, a market staff employee’s briefcase containing an encrypted laptop computer and unsecured paper documents was stolen from her locked vehicle. The CE investigated and determined that the stolen documents contained the protected health information (PHI) of 2,815 individuals, including full names, dates of birth, clinic names, and health insurance information. The CE issued new health insurance member identification numbers to affected individuals, and provided timely breach notification to HHS, to affected individuals, on its website and to the media. In response to the breach, the CE retrained its workforce, disseminated guidance material specifically addressing the proper handling and safeguarding of PHI, and revised procedures to eliminate transportation of PHI in paper format. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Laptop, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 23, 2014
Company: Humana Inc [case #15381]
Location: , Kentucky
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
2,962

On April 2, 2014, an unencrypted portable media device containing electronic protected health information (ePHI) was stolen from an employee’s locked vehicle. The portable media device contained the demographic data (including some social security numbers), clinical, and health insurance information of 2,962 individuals. The CE provided breach notification to HHS, affected individuals, and the media. The offending employee was terminated as a direct result of violating the CE’s policy prohibiting the use of unencrypted devices to store and transport PHI. In addition, the CE re-educated employees about this policy and instructed management teams to ensure that proper procedures were being followed. OCR obtained assurances that the corrective actions were taken.

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 18, 2010
Company: Humana Inc, Matrix Imaging
Location: Louisville, Kentucky
Type of breach:
PHYS
Type of organization:
BSF
Records Breached:
2,631

Paper records involving information from business associate Matrix Imaging were lost or stolen on June 25.

Information Source:
HHS via PHIPrivacy.net
CSV