Lehigh Valley Health Network (LVHN) has agreed to settle a class action filed against it following a February 2023 ransomware attack that compromised personal information of patients, including medical and treatment...more
Last year, the American Hospital Association (AHA) sued the U.S. Department of Health and Human Services (HHS) in the U.S. District Court of the Northern District of Texas, requesting that HHS be barred from enforcing a new...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/10/2024
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Social Media
CYBERSECURITY -
CISA + Partners Issue Alert for Protection of Water Systems, Dams, Energy + Food + Ag -
In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency...more
5/3/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Location Data ,
OCR
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently issued its Final Rule to modify HIPAA “to support reproductive health care privacy.” The Final Rule is in response to Executive...more
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24...more
11/17/2023
/ Cybersecurity ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New York ,
Patient Privacy Rights ,
PHI ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health...more
11/10/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Popular ,
Ransomware ,
Settlement
Montana Governor Greg Gianforte has signed SB 351, the Genetic Information Privacy Act (GINA), which “requires an entity to provide consumer information regarding the collection, use, and disclosure of genetic data; providing...more
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
3/30/2023
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Legal Representatives ,
New York ,
PHI ,
State Attorneys General
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
2/24/2023
/ Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Statutory Deadlines
CYBERSECURITY -
South Dakota Governor Bans State Workers from Using TikTok -
It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct...more
The Health Care Sector Cybersecurity Coordination Center (IC3) recently released an Analyst’s Note to health care organizations providing information on a new variant of ransomware called Venus (also known as GOODGAME)....more
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more
Making quite the statement on July 15, 2022, the Office for Civil Rights (OCR) announced in a press release that it had recently settled an additional 11 cases under its Right to Access Initiative. These settlements bring the...more
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
6/29/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Identity Theft ,
Information Technology ,
PHI ,
Popular ,
Ransomware ,
Risk Mitigation ,
Vulnerability Assessments
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
Connecticut Governor Ned Lamont signed the Personal Data Privacy and Online Monitoring Act (CPDPA) into law on May 10, 2022, making Connecticut the most recent state to pass its own privacy law in the absence of comprehensive...more
5/13/2022
/ Connecticut ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Governance ,
Information Technology ,
New Legislation ,
Personal Data ,
Regulatory Reform ,
State Privacy Laws
In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers.
HIPAA requires that covered entities...more
Okta, which markets itself as a “leading provider of identity” in the healthcare, public sector, energy, financial services, technology, travel and hospitality, and nonprofit industries, has notified some of its customers...more
CYBERSECURITY -
Coveware 2021 Q4 Ransomware Report Issued -
Coveware issued its 2021 Q4 Ransomware Report on February 1, 2022. The report stated that although average and median ransom payments increased...more
2/11/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Personally Identifiable Information ,
Ransomware
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
2/11/2022
/ Cyber Attacks ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Requirements ,
Reporting Requirements
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
12/23/2021
/ Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Email ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
OCR ,
Penalties ,
PHI ,
Phishing Scams ,
Policies and Procedures ,
State Attorneys General
CYBERSECURITY -
Joint CISA/FBI Alert on Vulnerability in Zoho ManageEngine ServiceDesk Plus -
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)...more
12/13/2021
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
FBI ,
Gift-Cards ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Infectious Diseases ,
Information Governance ,
Personally Identifiable Information ,
Popular ,
Scams ,
Vaccine Passports ,
Vulnerability Assessments
A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information. ...more
CYBERSECURITY -
Tulsa, OK Refuses to Pay Ransom to Attackers -
The City of Tulsa, Oklahoma, announced on May 9, 2021, that it had been hit with a ransomware attack, but the Mayor is resolute in not paying the demanded...more