Vidant Health, the covered entity (CE), discovered that it filed numerous bankruptcy documents, from December 1, 2007, through march 9, 2016, that listed protected health info (PHI) that was not necessary for the filing. The nag affected 897 individuals and included patients' billing account numbers, social surety numbers, medical record numbers, dates of birth, telephone numbers, sex, marital status, names, service dates, and account balances. The ce sent timely hack notification to HHS, affected individuals, and the media and posted substitute notification on its website. The ce provided identity theft protection for affected individuals for one year. in response to the hack, the CE revised and redacted its bankruptcy filings, filed blanked protective orders, and sealed proofs of claims in the public record. It also retrained applicable staff. OCR obtained assurances that the ce implemented the corrective actions listed above. location of hacked information: Other concern link present: No