DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Triple-S Salud fined $6.8M for HIPAA breach (updated)

Posted on February 17, 2014 by Dissent

Caribbean Business reports that Triple-S Salud has been fined nearly $6.8 million for violations of the federal Health Insurance Portability & Accountability Act (HIPAA). Triple-S Salud is a licensee of Blue Cross Blue Shield of  Puerto Rico and handles managed care for Medicare enrollees.

The penalty handed down by the Puerto Rico government’s Medical Insurance Administration (ASES by its Spanish acronym) against the unit of San Juan-based Triple-S Management Corp. stem from a probe into a privacy breach last year.

ASES Director Ricardo Rivera said Triple-S Salud was fined $6.7 million improperly handled private health records of more than 13,330 patients in written correspondence to them. Another $100,000 fined was tacked on after the company provided vague or incomplete information during the probe, he said.

The sanctions also bar Triple-S Salud from signing up more beneficiaries for its Platino line until it presents a corrective plan to avoid such HIPAA violations.

Read more on Caribbean Business.

A notice on ASES’s web site (in Spanish) explains that on September 20, 2013, Triple-S Salud sent a mailing that exposed Medicare Health Insurance Claim Numbers in the mailing addresses.  They became aware of their error on September 23, 2013.

This breach had been added to HHS’s public breach tool last month and I had commented on it here. It’s still not clear to me what the other 70,000+ entry for Triple-S Salud on that same date in HHS’s breach tool refers to.

As I’ve noted before, Triple-S Salud has had some big breaches, and this was not their first fine – although it is certainly their largest fine.  It’s important to note that this fine does not appear to have been issued by HHS/OCR but by the government of Puerto Rico.  This appears to be the largest monetary penalty ever issued for a HIPAA breach, unless I’m forgetting something?

Post corrected to reflect it was health insurance claim numbers and not account numbers.

Update: Anna Prior of the WSJ reports on the penalty, here.

Category: Health Data

Post navigation

← Muslim Directory hacked, 38,903 User Credentials Leaked
Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.