DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Triple-S Salud fined $6.8M for HIPAA breach (updated)

Posted on February 17, 2014 by Dissent

Caribbean Business reports that Triple-S Salud has been fined nearly $6.8 million for violations of the federal Health Insurance Portability & Accountability Act (HIPAA). Triple-S Salud is a licensee of Blue Cross Blue Shield of  Puerto Rico and handles managed care for Medicare enrollees.

The penalty handed down by the Puerto Rico government’s Medical Insurance Administration (ASES by its Spanish acronym) against the unit of San Juan-based Triple-S Management Corp. stem from a probe into a privacy breach last year.

ASES Director Ricardo Rivera said Triple-S Salud was fined $6.7 million improperly handled private health records of more than 13,330 patients in written correspondence to them. Another $100,000 fined was tacked on after the company provided vague or incomplete information during the probe, he said.

The sanctions also bar Triple-S Salud from signing up more beneficiaries for its Platino line until it presents a corrective plan to avoid such HIPAA violations.

Read more on Caribbean Business.

A notice on ASES’s web site (in Spanish) explains that on September 20, 2013, Triple-S Salud sent a mailing that exposed Medicare Health Insurance Claim Numbers in the mailing addresses.  They became aware of their error on September 23, 2013.

This breach had been added to HHS’s public breach tool last month and I had commented on it here. It’s still not clear to me what the other 70,000+ entry for Triple-S Salud on that same date in HHS’s breach tool refers to.

As I’ve noted before, Triple-S Salud has had some big breaches, and this was not their first fine – although it is certainly their largest fine.  It’s important to note that this fine does not appear to have been issued by HHS/OCR but by the government of Puerto Rico.  This appears to be the largest monetary penalty ever issued for a HIPAA breach, unless I’m forgetting something?

Post corrected to reflect it was health insurance claim numbers and not account numbers.

Update: Anna Prior of the WSJ reports on the penalty, here.

Category: Health Data

Post navigation

← Muslim Directory hacked, 38,903 User Credentials Leaked
Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.