Collaborate Disseminate
Once again, we see a state attorney general taking data protection enforcement action against a healthcare entity when HHS hasn’t. The incident referred to below was reported to HHS’s public breach tool in December 2023, but there is no not… Continue reading Hudson Valley Health Care Facility Operator Fined $1.4M for Failing to Protect Patient Data; $850,000 suspended
Watsonville Community Hospital in California is continuing to work through what they refer to as a cyberattack on November 29. The hospital’s network has been offline since then with staff reverting to “downtime” procedures using pape… Continue reading Watsonville Community Hospital still dealing with November cyberattack
Ron Zeitlinger of The Jersey Journal reports: Social security numbers, driver’s licenses, payroll, health and other personal information of Hoboken workers and residents ― including dozens who applied for rental assistance during the pandemic ― was am… Continue reading Hoboken NJ cyberattack by 3AM was “massive”
On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a prelimina… Continue reading Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack
Here’s today’s reminder of the insider threat. It’s a shame they don’t explain how the employee was able to access the patient’s information or why it was accessed. From the U.S.A.O. of the Western District of Michigan: GR… Continue reading Veterans Affairs’ Nurse Charged With Unlawfully Accessing Patient Health Information
Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 i… Continue reading HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations
Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential … Continue reading Failure to terminate access can be costly. Very costly.
Jessica Lyons reports: American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. In a Monday filing with the US Securities and Exchange Commission (SEC), the company s… Continue reading Major energy contractor reports ‘limited’ access to IT after ransomware locks files
Irvin Jackson reports: Parties involved in the federal Change Healthcare data breach lawsuits have been ordered to meet separately with a U.S. Magistrate Judge over the next two months, to discuss the most effective structure for settlement talks and t… Continue reading Change Healthcare Data Breach Settlement Talks To Be Explored Early in MDL
In April 2019, DataBreaches reported that Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute had recently notified patients after discovering on February 20 that their EMR system had been accessed by a third party without authoriz… Continue reading HHS Office for Civil Rights Imposes a $1.19 Million Penalty Against Gulf Coast Pain Consultants for HIPAA Security Rule Violations