Last year 1.7 million Oregon Medicaid patients had their Protected Health Information (PHI) compromised when hackers attacked Performance Health Technology (PH Tech) – a claims processor that serves community-based health plans. 

PH Tech used the MOVEit file transfer program in its work, and a zero-day vulnerability in the MOVEit program allowed hackers to break into files held by PH Tech.  

PH Tech is a HIPAA business associate and its customer, Health Share Oregon, is a covered entity. 

  • Do you know if you are a business associate or a covered entity?  
  • Do you have any vendors that are considered Business Associates under HIPAA? 
  • Does your HIPAA policy include up to date Business Associate Agreements with any qualifying vendors? 

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *