Sony Pictures admits HIPAA data might have been compromised during breach

Steve Ragan reports:

In a breach notification letter sent to employees this week, Sony Pictures outlines the full scope of data that was compromised by attackers shortly before the Thanksgiving holiday.

[…]

“In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, Social Security Number, claims, appeals information you submitted to SPE (including diagnosis and disability code), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to us outside of SPE health plans.”

 So HIPAA protections were supposed to be in place for some data, and this breach should be reported to HHS.
Read more on CSO.  Sony’s notification to SPE employees is available on the web site of the California Attorney General’s Office (pdf).

About the author: Dissent