Collaborate Disseminate
By Uzair Amir
Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise.
This is a post from Hack… Continue reading Top 9 Compliance Automation Software in 2024
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 t… Continue reading Fred Hutch notifies more patients of November 2023 attack
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient dat… Continue reading Ernest Health rehabilitation hospitals notify patients of ransom attack in January (1)
A new leaksite appeared this past week that appears to have been created for one particular incident. The notice begins: Dear Visitor of Commonwealth Healthcare Corporation LEAK website: We regret to inform you that Commonwealth Healthcare Corporation … Continue reading Commonwealth Healthcare Corporation breached, patient data involved
Naomi Diaz reports: The American Hospital Association sent a letter to the HHS urging them to clarify whether hospitals and health systems should be providing breach notification to patients if protected health information is compromised due to the Feb… Continue reading AHA seeks guidance on reporting breaches linked to Change cyberattack
Attorney General Todd Rokita is filing a lawsuit on behalf of the people of Indiana against Apria Healthcare LLC for a massive data breach that impacted at least 42,000 Hoosiers and 1.8 million people nationwide. Apria is a provider of home healthcare … Continue reading Indiana Attorney General Files Suit Against Apria Healthcare
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
Jennifer Hennessy and Christopher Taylor of Foley & Lardner write: In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the … Continue reading NIST Publishes Final “Cybersecurity Resource Guide” on Implementing the HIPAA Security Rule
HHS OCR has announced a second enforcement settlement in a ransomware case. The 2019 breach involving Green Ridge Behavioral Health managed to fly mostly under the media radar at the time. DataBreaches was not even aware that it was a ransomware attack… Continue reading HHS’ Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack for $40,000 and a Corrective Action Plan with OCR Monitoring
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insu… Continue reading HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million