Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Henderson & Walton Women's Center notifies OCR of data security incident

Henderson & Walton Women's Center ('HWWC'), P.C. notified, on 23 August 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 34,306 individuals. In particular, HWWC stated that it had suffered a cyber attack and an unauthorised third party had gained access to the email account of one of its employees. In light of the investigation carried out, HWWC explained that the data breach confirmed that the attacker had not gained access to the email server and that the breach was confined to the email account of one employee, whilst further noting that the incident may have resulted in unauthorised access to patients' personal information, which included names, dates of birth, social security numbers, medical information, health insurance information, driver's licence numbers, and state ID numbers.

Lastly, HWWC stated that, after the discovery of the incident, it had notified individuals whose information was involved, and that it had implemented additional security measures to protect and monitor its systems.

You can read the notice here and access details on the OCR portal here.