Medical Oncology Hematology Consultants (MOHC) is notifying patients that their health data was compromised in a hacking incident that occurred nearly a year ago, in June 2018. MOHC is a cancer treatment center based in Newark, Delaware. According to the substitute breach notice posted on their website, a hacker compromised an employee email account between June 7 and June 8, 2018. The notification also states that the ‘extensive investigation’ into the breach concluded on March 14, 2019. The investigation concluded that patient information had indeed been exposed during the incident. The notification does not mention when MOHC first learned of the breach, when it started investigating, or why the breach notifications were sent nearly a year after the breach occurred. According to HIPAA’s Breach Notification Rule, breach notification letters must be sent within 60 days of the discovery of the breach, and without ‘reasonable delay’. As MOHC made no mention of when they discovered the breach, it is unknown whether HIPAA has been violated. MOHC contracted a third-party computer forensics firm to conduct the investigation. The investigators concluded it was possible that the hacker stole patient data, although they have yet to receive reports suggesting any patient information has been … Continue reading Medical Oncology Hematology Consultants Patient Data Compromised in June 2018 Hacking Incident