Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
Data Breaches risk legal consequences—both from state and federal governments and consumers, as well as reputational harm. Last month, MCNA—a dental benefit provider—provided notice of a data breach that exposed the...more
On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for...more
The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws....more
Report on Patient Privacy 20, no. 12 (December 10, 2020) - Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks as the company races to deploy its COVID-19...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected a total of more than 500 records reported to the Office for Civil Rights (OCR) according to HIPAA Journal. ...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Produces Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1 - On April 25, the National Institute of Standards and Technology...more
On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a...more
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
Hotel chain Fillmore Hospitality, LLC is the latest target of a proposed class action complaint filed this week, alleging violation of the Illinois Biometric Information Privacy Act (BIPA). We don’t usually discuss the...more
Your Organization’s best defense in an environment of aggressive regulators and litigious plaintiffs’ counsel is the completion of an enterprise risk assessment. Regulators and attorneys general are fining–sometimes hundreds...more
A lawsuit has been filed by the attorneys general of 12 states against a company called Medical Informatics Engineering (MIE) arising out of a 2015 data breach involving stolen medical records for millions of individuals. The...more
Cyber-attacks on healthcare data are becoming increasingly common and costly and last week even CMS announced that it had suffered a data breach....more
We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules. The Kronos developers recently released...more
On May 29, 2018, Colorado Governor John Hickenlooper signed changes to Colorado law that significantly increase potential data breach burdens and financial penalties on entities operating in Colorado.1 Beginning September 1,...more
Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a virtual private network (VPN) bug that could "allow an unauthenticated, remote attacker to cause a reload of the affected system or to...more
Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS - The FBI and Department of Homeland Security issued a joint statement on October 20, 2017 warning of an increased danger of a...more
FBI Issues Flash Alert on Apache Struts Vulnerability - The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most...more
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more
A new study issued by Ponemon Institute, sponsored by IBM, reveals that healthcare data breaches still cost more than in other sectors. The Ponemon Institute’s calculation is that the average healthcare data breach costs...more
The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?” The Checklist is a practical tool for health care entities and outlines several steps to...more
We follow the Verizon Data Breach Investigation Report each year. It just hit the news stand and as always, is full of insights. The report collected data from 65 organizations in 84 countries, including 42,068...more