Data Breach Healthcare

News & Analysis as of

Heal Thyself: Insider Threats to Heed, Especially for Industries with Large Amounts of Personal Information

A recent study by the Ponemon Institute found that insider threats due to malicious or negligent employees are the leading cause of private-sector cybersecurity incidents. Of the over 600 information security professionals...more

3.3 Million Health Records Breached by Business Associate Newkirk

Newkirk Products Inc., which provides ID cards and management services for healthcare organizations, including multiple Blue Cross Blue Shield organizations, has announced that it has discovered that its computer system was...more

Ransomware and Malware Continue to Plague Health Care Organizations

We continue to warn health care organizations about the real and serious risks associated with ransomware and malware, but organizations don’t prepare for it adequately and are getting hit hard. Just this past week,...more

Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm

The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more

Illinois’ Largest Health System Agrees to Stringent HIPAA Breach Settlement

The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a...more

HIPAA News: HHS Getting Tough On ePHI Data Breaches

On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more

Banner Health Begins to Notify 3.7 Million Patients This Week of Data Breach From Cyberattack

Phoenix, Arizona, based Banner Health (Banner), reportedly one of the largest health care organizations in the country, began notifying up to 3.7 million patients this week of a data breach of its computer systems that...more

Behavioral health provider StarCare Specialty notifies 2,900 patients of breach of PHI

StarCare Specialty Health System, located in Lubbock, Texas, is notifying 2,900 patients “who received Intellectual Developmental Disabilities program services, Behavioral Health program services, and Therapeutic Treatment...more

University of Mississippi Medical Center settles HIPAA violations for $2.75M

The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach. This most recent settlement of fines and penalties and a Resolution Agreement is with the University of...more

Prevailing in an Era of Regulatory Enforcement – Balancing Risk and Compliance [Expect Focus – Vol. II, July 2016]

IN THE SPOTLIGHT - - SEC Sanctions Unregistered EB-5 Investments Broker SECURITIES - - FINRA to Assess Member Firms’ Culture - SEC Seeks Fund Responses to Distribution-In-Guise Guidance...more

Could Your Medical Device Be a Hacker’s Gateway into a Hospital Network?

This has been a big year for health care data breaches. In January, the data of 80 million Anthem members was compromised; in March, a cyberattack exposed the data of 11.2 million Premera BlueCross BlueShield members and...more

Omnibus funding bill creates healthcare cybersecurity task force

The $1.1 trillion spending and tax extender bill that is on President Obama’s desk awaiting signature creates a healthcare industry cybersecurity task force, which must be established within 90 days of enactment. This is...more

Medical Informatics data breach litigation centralized and transferred

We previously reported on the multiple data breach litigation suits filed against Medical Informatics Engineering, Inc. following a data breach in May, 2015....more

University with Multiple Covered Entity Components Enters Into $750,000 HIPAA Settlement

On December 14, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $750,000 settlement with the University of Washington (UW). This is the third HIPAA settlement announced by OCR...more

MaineGeneral Health suffers cyber-attack

MaineGeneral Health (MaineGeneral), located in Augusta, Maine notified employees and patients last week that personal information and protected health information was compromised in a cyber-attack last month. The health care...more

U.S. must crack down on small but hugely painful patient privacy breaches

Although Americans may live in dread about large-scale data breaches by big corporations, instances in which health care personnel inappropriately peek and tell information from patients’ private medical records can be...more

The Silent Threats of Breaches to Medical Devices are Starting to Make Noise

The U.S. Food and Drug Administration (FDA), which is responsible for guidance on medical devices, has acknowledged that certain devices are susceptible to breaches. The FDA has identified cybersecurity vulnerabilities in...more

Stolen, Unencrypted Laptop Leads to $850,000 Settlement and Comprehensive Corrective Action Plan for Massachusetts Teaching...

The U.S. Department of Health and Human Services, Office of Civil Rights (OCR), has announced a settlement with Lahey Hospital and Medical Center (Lahey) that arose out of a HIPAA breach involving a stolen laptop. The...more

Triple-S settles HIPAA violations for $3.5M

Triple-S Management Corp., an insurance holding company based in San Juan, Puerto Rico, has agreed to settle an investigation of HIPAA violations by the Office for Civil Rights (OCR) for $3.5 million. According to the OCR...more

Lahey Hospital agrees to pay a whopping $850,000 to OCR for stolen laptop

Just before Thanksgiving, the Office for Civil Rights (OCR) announced that Lahey Hospital and Medical Center (Lahey) has agreed to pay $850,000 in fines and penalties to the OCR and enter into a resolution agreement following...more

CT AG slams Hartford Hospital and EMC for loss of laptop

True to his word, the Connecticut AG has aggressively entered the data privacy and security enforcement arena with a $90,000 settlement with Hartford Hospital and EMC. The AG has agreed to a payment of $90,000 from...more

Recent Amendments to Security Breach Notification Laws Further Complicate Breach Notification for Employers

It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach.  Forty-seven states require employers to notify employees when defined categories of personal information, including...more

Blog: Implications of the Cybersecurity Bill for the Health Care Industry

On Tuesday the Senate passed the Cybersecurity Information Sharing Act (CISA). The House had passed a similar bill, the Protecting Cyber Networks Act, in April of this year. The Act comes in the wake of many large scale data...more

Purchasing Cyber Insurance? Important Considerations from the Recent Nossaman/ UCI Cyber Symposium

On October 12, 2015, Nossaman and UC Irvine hosted a Cyber Symposium at the City Club in Los Angeles. The event included four panels of Nossaman lawyers, UCI professors, and private professionals who are experts in the areas...more

Alphabet Soup and Data Security

In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million...more

167 Results
|
View per page
Page: of 7
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×