Brand New Day Data Breach (2016)

On Dec. 28, Brand New Day discovered that an unauthorized user had accessed the ePHI provided to one of its HIPAA business associates on Dec. 22. The access occurred through a vendor system used by a contracted provider, officials said. The accessed ePHI included names, addresses, phone numbers, dates of birth and Medicare ID numbers of members. The breach notification provided to the Office of the California Attorney General doesn't reveal whether the data was stolen.