Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
Certain California-licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July...more
In the latest twist in a case that began last year, an administrative law judge (ALJ) agreed that a $4.3 million penalty, levied by the Office of Civil Rights (OCR) against the MD Anderson Cancer Center as a result of HIPAA...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
A lab tech working at a Las Vegas pediatric cardiology practice has been indicted on one count of illegal use and disclosure of patient health information and one count of aggravated identity theft. The lab tech had...more
The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more
Earlier this month, a California jury found the University of California, Los Angeles Health System (UCLA) not liable for damages that allegedly resulted when a medical office assistant, Alexis Price, improperly accessed and...more
Last week, UCLA notified 1242 patients that their health information may have been compromised in July when a faculty member’s laptop was stolen. UCLA has notified the patients, the Office for Civil Rights and the California...more
Last week, Cancer Care Group, P.C. (CCG), an Indiana radiation oncology practice, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and adopting...more
The 56 Dean Street Clinic, which is operated by the Chelsea and Westminster NHS Trust and specializes in HIV and other sexual health services, has apologized for the error which revealed (to all 780 recipients) the full names...more
Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a...more
Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more
Many telehealth and mHealth app developers are concerned about whether or not their app is a medical device under FDA regulations (and rightfully so), they often pay less attention to the Health Insurance Portability and...more
As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act (HIPAA) involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)...more
As instances of medical data breaches increase, U.S. courts are interpreting the scope of liability stemming from them. In California, the court in Sutter Health et al. v. The Superior Court of Sacramento County (Atkins) held...more
Recently, the Pennsylvania Superior Court ruled in favor of data breach plaintiff Avrum Baum, giving him a second chance to certify a class action suit against Keystone Mercy Health Plan. Baum brought suit against the...more
It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information....more
Beth Israel Deaconess Medical Center (Beth Israel) reached a settlement with the Massachusetts Attorney General’s Office for a data breach in which a physically unsecured laptop was stolen containing personal and protected...more
The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more
In an opinion released on November 11, the Connecticut Supreme Court ruled on whether the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations preempt a common law claim for...more
Health care providers have not escaped the recent proliferation of data breach class actions, but plaintiffs generally have been unsuccessful in bringing claims based on the Health Insurance Portability and Accountability Act...more
The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court....more
The Federal Trade Commission (FTC) has suffered a significant setback in its ongoing dispute with LabMD, a now-closed medical laboratory that the FTC charged with failing to adopt reasonable data security practices that...more
New York-Presbyterian Hospital and Columbia University entered into a settlement with the Department of Health and Human Services’ Office of Civil Rights (OCR) to resolve allegations that the organizations had violated the...more
On May 7, 2014, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) issued a press release announcing that two health care organizations—New York and Presbyterian Hospital (“NYP”) and Columbia...more