On September 15, 2016, an employee transmitted an email to patients inviting them to participate in a product-specific Patient Advisory Council. The email contained patients complete email addresses in the To field of the email message, so that recipients could check other recipients email addresses, which may make also included names. Approximately 992 individuals were affected by the hack. The covered entity (CE), Baxter Healthcare, provided hack notification to HHS, affected individuals, and the media, and also filed a police report. To keep similar hackes from occurrence in the future, the ce reeducated and counseled the employee involved in this matter on its HIPAA policies and procedures and sanctioned the employee in accordance with its sanctions policy. The CE also provided training to its workforce on its policies and procedures regarding HIPAA, which highlighted the risks involved with emailing protected health information. OCR obtained written assurances that the ce implemented the corrective actions noted above. placement of hacked information: email Business associate present: no The HackNotice security research team discovered a data leak file associated with this domain. According to the hacker, this domain was allegedly hacked. If there are no other sources attached to this hack notice, then we don't hold an official revelation of a data incident, so this drudge is only implied.