Last year, the American Hospital Association (AHA) sued the U.S. Department of Health and Human Services (HHS) in the U.S. District Court of the Northern District of Texas, requesting that HHS be barred from enforcing a new...more
CYBERSECURITY -
CISA + Partners Issue Alert for Protection of Water Systems, Dams, Energy + Food + Ag -
In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency...more
5/3/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Location Data ,
OCR
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently issued its Final Rule to modify HIPAA “to support reproductive health care privacy.” The Final Rule is in response to Executive...more
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health...more
11/10/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Popular ,
Ransomware ,
Settlement
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
2/24/2023
/ Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Statutory Deadlines
CYBERSECURITY -
Cyber-Attack Disrupts Public Services in Fremont County, Colorado -
Government offices and public services in Fremont County, Colorado, have been disrupted since August 17, 2022, due to a “cybersecurity...more
8/26/2022
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Drones ,
Hackers ,
Information Technology ,
OCR ,
Oracle ,
Popular ,
Risk Management ,
Statutory Violations ,
Twitter ,
Vulnerability Assessments
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more
Making quite the statement on July 15, 2022, the Office for Civil Rights (OCR) announced in a press release that it had recently settled an additional 11 cases under its Right to Access Initiative. These settlements bring the...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
2/11/2022
/ Cyber Attacks ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Requirements ,
Reporting Requirements
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
12/23/2021
/ Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Email ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
OCR ,
Penalties ,
PHI ,
Phishing Scams ,
Policies and Procedures ,
State Attorneys General
The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an...more
CYBERSECURITY -
Extortion Doesn’t Work for EA Sports Hackers -
According to The Record, Electronic Arts Sports (EA) was the victim of a cyber hacking in June, when hackers posted on an underground hacking forum that they...more
8/6/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybertheft ,
Dark Web ,
Data Breach ,
Drones ,
Electronic Arts ,
Electronic Protected Health Information (ePHI) ,
Extortion ,
Hackers ,
Microsoft ,
OCR ,
Phishing Scams ,
Popular ,
Proposed Legislation ,
Source Code
CYBERSECURITY -
Tulsa, OK Refuses to Pay Ransom to Attackers -
The City of Tulsa, Oklahoma, announced on May 9, 2021, that it had been hit with a ransomware attack, but the Mayor is resolute in not paying the demanded...more
The Office for Civil Rights (OCR) this week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA....more
CYBERSECURITY -
GAO Report Identifies Need for DOE to Address Risks to Electrical Distribution System -
The United States Government Accountability Office (GAO) recently completed and published a study on electricity...more
4/2/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Email ,
FBI ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infrastructure ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
Right of Access ,
Vulnerability Assessments ,
Wal-Mart
Continuing its serious march against covered entities not allowing patients access to their records, the Office for Civil Rights (OCR) has settled two more cases in two days in its Right of Access Initiative. This brings the...more
The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the...more
1/21/2021
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Malware ,
OCR ,
Personally Identifiable Information ,
PHI
CYBERSECURITY -
HHS Issues Update to Ransomware Threat Alert to Health Care Sector -
The Department of Health and Human Services’ (HHS) Division of Critical Infrastructure Protection (CIP) issued a health care and public...more
11/20/2020
/ California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Drones ,
OCR ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Right of Access ,
Wal-Mart
The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani,...more
CYBERSECURITY -
Q3 Coveware Report: Unsettling Update on Ransomware -
We spend a lot of time reporting on ransomware because we are seeing more incidents than ever before, and our readers comment that keeping them up to...more
11/13/2020
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Driverless Cars ,
Hackers ,
OCR ,
Popular ,
Ransomware ,
Wal-Mart
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000....more
Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to...more
CYBERSECURITY -
Patching Gets More and More Complicated but Is Critical for
Managing Risk -
Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as...more
10/16/2020
/ Ballot Measures ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
HIPAA Breach ,
Information Governance ,
OCC ,
OCR ,
Online Safety for Children ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
10/16/2020
/ Cyber Attacks ,
Electronic Medical Records ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Settlement Agreements