Collaborate Disseminate
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient dat… Continue reading Ernest Health rehabilitation hospitals notify patients of ransom attack in January (1)
A new leaksite appeared this past week that appears to have been created for one particular incident. The notice begins: Dear Visitor of Commonwealth Healthcare Corporation LEAK website: We regret to inform you that Commonwealth Healthcare Corporation … Continue reading Commonwealth Healthcare Corporation breached, patient data involved
Naomi Diaz reports: The American Hospital Association sent a letter to the HHS urging them to clarify whether hospitals and health systems should be providing breach notification to patients if protected health information is compromised due to the Feb… Continue reading AHA seeks guidance on reporting breaches linked to Change cyberattack
Attorney General Todd Rokita is filing a lawsuit on behalf of the people of Indiana against Apria Healthcare LLC for a massive data breach that impacted at least 42,000 Hoosiers and 1.8 million people nationwide. Apria is a provider of home healthcare … Continue reading Indiana Attorney General Files Suit Against Apria Healthcare
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
Jennifer Hennessy and Christopher Taylor of Foley & Lardner write: In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the … Continue reading NIST Publishes Final “Cybersecurity Resource Guide” on Implementing the HIPAA Security Rule
HHS OCR has announced a second enforcement settlement in a ransomware case. The 2019 breach involving Green Ridge Behavioral Health managed to fly mostly under the media radar at the time. DataBreaches was not even aware that it was a ransomware attack… Continue reading HHS’ Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack for $40,000 and a Corrective Action Plan with OCR Monitoring
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insu… Continue reading HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
Today, CISA released the Mitigation Guide: Healthcare and Public Health (HPH) Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practice… Continue reading CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector
Mardi Link reports: Munson Healthcare officials are investigating a cyber incident at Otsego Memorial Hospital in Gaylord, that in October prompted a shutdown of the hospital’s computer system. Munson Healthcare acquired Otsego Memorial in 2018 a… Continue reading Cyber incident shuts down Otsego Memorial Hospital computers