NorthBay Healthcare Corporation delayed notifying individuals of a data breach affecting over 569,000 people for nearly a year, despite HIPAA guidelines requiring notification within 60 days. The breach included sensitive data such as Social Security numbers and health information, and was first identified as a network anomaly in February 2024. Given the severity of the incident and the ongoing risk to individuals, the notification delays raise important questions about compliance and data protection practices. Notably, the breach has not been reported on the HHS public breach tool, underscoring potential transparency issues in breach reporting.
While some states are decreasing the amount of time entities have to notify the state or individuals of a breach, the reality is that many entities are nowhere near complying.
Entities are allowed 60 days to notify individuals of breaches, yet organizations like NorthBay Healthcare took nearly a year to inform affected parties.
The sensitive information involved in the NorthBay incident included Social Security numbers, health insurance information, and biometric data, raising significant privacy concerns.
Despite a significant breach affecting over half a million individuals, the incident has yet to appear on HHS's public breach tool.
Collection
[
|
...
]