.JPG&w=3840&q=100)
Data breach of patient info reported at Miami-area hospital. What to know
Baptist, in a letter recently sent to patients, said an 'unauthorized third party gained access to and obtained data that was maintained' by Oracle Health, an electronic health record vendor formerly known as Cerner.
Oracle Health's investigation determined its systems 'may have been compromised as early as January 22, 2025, affecting the information of many health care providers, including Baptist Health,' the hospital told the Miami Herald in a statement Tuesday.
That information may have included names, Social Security numbers and details found 'within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment,' according to the letter, which was obtained by the Herald.
Health records are private under a federal law known as HIPAA, or the Health Insurance Portability and Accountability Act. But they are increasingly being targeted in healthcare hacks.
Last year, the country reported a record-breaking number of breached healthcare records, with many breaches linked to hacking and ransomware attacks, according to the HIPAA Journal, which has compiled healthcare data breach statistics for more than a decade.
Baptist did not say how many of its patients may have been affected in the breach. The Herald has contacted Oracle Health to learn more about the breach, including how many patients may be affected and if any other South Florida healthcare provider was affected.
Baptist said it was notified of the breach on March 7 but held off on notifying patients until late July, upon the request of federal law enforcement. Baptist said the breach did not impact its own computer systems.
Third-party vendor Cerner, which was acquired by software maker Oracle in 2022 and is now known as Oracle Health, has taken steps to secure its systems and is working with external cybersecurity specialists and federal law enforcement in an investigation, according to the letter sent to Baptist patients.
This is the latest healthcare-related breach to affect South Florida patients as healthcare hacks become more common.
In June, more than 2,000 patients at Jackson Health System were notified that their personal data, including names, addresses and medical information, but not Social Security numbers, were accessed in a lengthy breach that spanned nearly five years. Jackson said the breach was conducted by an employee who accessed the information to promote a personal healthcare business. No arrests have been announced yet.
As for this latest breach, potentially impacted Baptist patients should have received — or will soon receive — a notice about the breach, including information on how to enroll in free credit monitoring services with credit bureau Experian.
'Individuals who have questions about the event may contact 833-931-5335 and provide engagement number B149213,' reads Baptist statement. 'We sincerely apologize for this incident. Protecting patient information remains a top priority for Baptist Health.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time Business News
6 hours ago
- Time Business News
Launching a Rehab Center: Practical Business Steps
Starting a rehab center is both a business opportunity and a mission-driven venture. With the rising need for addiction recovery and behavioral health services, opening a facility that offers structured, effective treatment can make a profound impact on your community. But success doesn't happen overnight—it requires a practical approach grounded in compliance, operations, and long-term strategy. Here's how to turn your rehab center vision into a functioning, results-driven business. Launching a therapeutic center for recovery requires dedication, planning, and compliance. From selecting the right location to designing a service model tailored to community needs, each decision lays the foundation for impact. Regulatory steps like zoning permits, licensing, and accreditation are essential checkpoints. Financial forecasting and staffing with credentialed professionals ensure operational stability. Understanding how to start a rehab facility involves researching state-specific regulations, creating clinical protocols, and aligning with insurance providers for reimbursement. A well-structured facility isn't just a business—it's a commitment to transforming lives, providing support systems, and restoring hope for individuals battling addiction. Before anything else, you must clearly define the types of services your facility will offer. Will you operate as a residential inpatient center, a partial hospitalization program (PHP), or an intensive outpatient program (IOP)? Each option involves different licensing requirements, staffing structures, and cost models. Align your treatment model with local demand and your clinical vision to ensure sustainability and effectiveness. Every state has its own regulatory environment, but the process generally starts with facility licensing through your state's Department of Health or behavioral health authority. If you're in California, you'll need DHCS Licensing for Behavioral Health. Compliance with HIPAA and state-specific documentation rules is mandatory. Start gathering application materials early and consider hiring a consultant who specializes in behavioral health regulations to avoid common pitfalls. A rehab center needs a structured business plan to attract investors, obtain financing, and provide internal direction. Your plan should include a mission statement, target population, competitive analysis, marketing strategy, and detailed financial projections. Include both startup costs (real estate, licensing, staff onboarding) and operational costs (payroll, insurance billing systems, supplies). A clear business model will guide your initial decisions and future expansion. Your location must balance convenience, privacy, and zoning compliance. Look for properties zoned for healthcare or residential treatment and verify that they meet all safety and accessibility codes. If you plan to buy an existing facility, conduct a thorough due diligence process. A rehab facility for sale may already have a license, which can significantly accelerate your launch timeline. Staffing is one of the most important components of a successful rehab center. Hire experienced medical directors, clinicians, case managers, and support staff who understand treatment protocols and legal obligations. Strong leadership and a compassionate, well-trained team create a therapeutic environment that attracts clients and fosters recovery. To increase your center's credibility and access to insurance clients, pursue accreditation through CARF or JCAHO. These organizations evaluate your policies, staff credentials, and quality assurance practices. Begin the process of contracting with insurance providers early—credentialing can take months. Insurance-based revenue is essential for long-term financial health, especially in outpatient settings. From client intake to treatment tracking, every part of your operation must follow a clear process. Invest in a reliable electronic health record (EHR) system and develop procedures for documentation, medication management, and emergency response. Systems that support consistency and compliance reduce liability and increase staff efficiency. Marketing your rehab center means building trust and visibility. Launch a professional website, optimize for local SEO, and use Google Business tools to appear in treatment searches. Build referral networks with hospitals, therapists, court systems, and community partners. Focus on messaging that emphasizes your unique approach, staff expertise, and client success. Once your rehab center is operational, ongoing performance evaluation is essential. Track KPIs like admissions, average length of stay, client satisfaction, and insurance collections. Collect feedback regularly and adapt your services based on outcomes and regulatory changes. Continuous improvement ensures your center remains effective, compliant, and competitive in the behavioral health space. Establishing a behavioral health center demands more than clinical expertise—it requires a deep understanding of compliance. One of the most critical components for operating legally in California is securing DHCS Licensing for behavioral health programs. This process involves meeting rigorous standards in facility safety, staff qualifications, program structure, and patient care protocols. Providers must submit detailed applications, undergo inspections, and maintain ongoing compliance with Department of Health Care Services regulations. While the licensing journey may seem complex, it ensures quality and accountability across services. Successfully navigating it builds a foundation of trust with both clients and regulatory bodies. Launching a rehab center successfully requires more than a good idea—it takes practical steps rooted in regulation, planning, staffing, and strategic growth. By defining your services, securing licenses, building a skilled team, and implementing efficient operations, you position your facility for both clinical excellence and business sustainability. With careful execution, your rehab center can become a powerful force for recovery and change in your community. TIME BUSINESS NEWS
Yahoo
16 hours ago
- Yahoo
Over 900,000 hit in massive healthcare data breach — names, addresses and Social Security numbers exposed online
When you buy through links on our articles, Future and its syndication partners may earn a commission. Hackers and especially ransomware gangs have been on a rampage targeting and attacking healthcare organizations this year. Now, one of the largest dialysis providers in the U.S., DaVita, has fallen victim to a massive healthcare data breach. As reported by Comparitech, the kidney dialysis company DaVita has revealed that it suffered a data breach earlier this year when hackers gained unauthorized access to servers, primarily located in its laboratories. While DaVita became aware of this security incident in mid-April, the hackers behind the attack first gained access to its systems on March 24. During which time, they stole all sorts of sensitive personal, financial and medical data. DaVita hasn't come out and said which hackers are responsible but after news of the breach was made public, the Interlock ransomware gang took credit for the attack, claiming it managed to steal 1.5TB of data including 683,104 files and 75,836 files according to a previous report from Comparitech. Whether you, a family member or someone you know gets dialysis treatment at one of DaVita's centers, here's everything you need to know about this latest data breach along with some tips on how you can stay safe and what to do now. Exposed personal and medical info Now that the dust has settled and DaVita has carried out a full investigation into the security incident, the company has begun sending out data breach notification letters to affected to DaVita's latest notice (PDF), the following patient data was stolen in the breach: Names Addresses Dates of birth Social Security numbers Health insurance info Medical info (conditions, treatments and test results) Tax ID numbers Images of checks made out to the company It's worth noting that the types of stolen data are different for all impacted individuals. While some people may have had all of the data listed above stolen in the breach, this may not be the case for everyone. How to stay safe after a data breach and what to do next If you or someone in your household gets dialysis treatments at DaVita, then chances are you may have received a data breach notification letter in the mail or one is on its way out to you. Inside this data breach notification letter, you can find out exactly what data on you was exposed as a result of the breach. However, you're going to want to hold onto this letter as DaVita is providing free access to one of the best identity theft protection services for a set amount of time. I say this as the sample data breach notification letter (linked above) that I looked at doesn't say a specific time frame but usually, companies provide access to one of these services for either 12 or 24 months. Don't worry though, as your own letter will definitely include the exact timeframe. In this case, DaVita is offering impacted individuals access to Experian IdentityWorks. While we haven't reviewed this particular identity theft protection service yet, it is considered a reliable and worthwhile service. Inside your data breach notification letter, you'll find a code which you can use to activate your IdentityWorks subscription. However, you will need to do so by November 28th of this year if you wish to claim this free offer. If your Social Security number or other stolen data is used to commit fraud or identity theft, IdentityWorks has experts standing by to help you regain any lost funds or to restore your identity. In fact, the plan offered by DaVita includes up to $1 million in identity theft insurance. Besides signing up for this identity theft protection service, you're also going to want to keep a close eye on your financial accounts for signs of fraud and if you're really worried, you can also freeze your credit so that hackers or scammers with your stolen information can't take out loans in your name. Likewise, you're going to want to be extra careful when checking your inbox, text messages and even when answering the phone. The reason being is that your stolen information could be used in targeted phishing attacks. In addition to DaVita, the Interlock ransomware gang has also gone after other healthcare organizations in previous data breaches including Texas Digestive Specialists, Kettering Health and Naper Grove Vision Care back in May. Given that the pace and scope of the group's attacks seem to be increasing, I don't see them slowing down anytime soon. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide 200,000 passwords, credit card data and more stolen by this dangerous new malware Email security features are being hijacked to steal Microsoft 365 logins Google just fixed two high-severity Qualcomm bugs used by hackers in their attacks Solve the daily Crossword
Business Wire
a day ago
- Business Wire
FedRAMP Authorizes Vibrent Health's Digital Health Research Cloud for US Government Clients to Rapidly Launch Research Studies, Clinical Trials, and Registries
FAIRFAX, Va.--(BUSINESS WIRE)--Vibrent Health, the leading digital platform for next-generation precision health research, today announced that its Digital Health Research Cloud for Government has received a Federal Risk and Authorization Management Program (FedRAMP®) Moderate Authority to Operate (ATO) and is now available on the FedRAMP Marketplace. This authorization affirms that Vibrent meets rigorous NIST 800-53 standards and HIPAA compliance requirements, including encryption, continuous monitoring, incident response, and privacy safeguards for protected health information (PHI) and personally identifiable information (PII) and other data. Until now, agencies performing health and clinical research lacked FedRAMP-authorized common off-the-shelf (COTS) digital tools to meet their evolving needs. Vibrent's FedRAMP authorization streamlines procurement of these tools and services. Share Federal agencies conducting health research involving federal data (such as NIH, BARDA, ARPA-H, VA, DHA, DoD, FDA, CDC, and others) must utilize FedRAMP-authorized cloud services. Until now, agencies performing health and clinical research lacked FedRAMP-authorized common off-the-shelf (COTS) digital tools to meet their evolving needs. Vibrent's FedRAMP authorization streamlines procurement of these tools and services, allowing agencies to quickly initiate studies while eliminating redundant security reviews and drastically reducing participant recruitment times. Vibrent's integrated digital health tools support longitudinal research across cancer, chronic and autoimmune diseases, genomics, precision medicine, population health, and infectious diseases. These tools flexibly serve hybrid, decentralized, and remote studies conducted in clinical, community, and home settings. 'Security and participant trust are non-negotiable in health research,' said Praduman Jain, CEO of Vibrent Health. 'FedRAMP authorization removes a barrier to collaboration with federal agencies. Studies launch faster, since the cloud environment has been vetted against the government's most demanding health data controls.' Vibrent's COTS software platform supports many large-scale government initiatives, including NIH All of Us Research Program, NCI RADx, NIDCD, BARDA NextGen and RRPV, with capabilities that drive efficiency while using fewer resources. The Digital Health Research Platform tech stack includes digital recruitment and enrollment, participant engagement, secure multi-modal data collection, data integration with clinical and claims data, EHR and wearable data, genomics return of results, cloud-based central data management, study management dashboards and reports, HIPAA, and 21 CFR Part 11 regulatory compliance. Vibrent's FedRAMP authorized platform is available for broad use by federal agencies to support various health research studies, registries, and clinical trials. About Vibrent Health Vibrent Digital Health Research Cloud for Government provides a comprehensive platform with tools for health research studies, trials, and registries. Its capabilities include participant recruitment, enrollment, engagement, data collection, EHR data access, data sharing, data management, workflow automation, and data analysis tools. The solution connects data across operational silos and reduces complexity while building a data ecosystem. It offers agencies the flexibility to scale while maintaining compliance with critical government standards. Powered by AWS, Vibrent Cloud can store and analyze highly sensitive government health research data with the hardened security and production-grade capabilities government agencies require. For more information, visit
