News & Analysis as of

Protected Health Information

Healthcare Data: Are You Required to Report a Ransomware Attack?

by Bennett Jones LLP on

If you are a healthcare data custodian that is subject to a ransomware attack, you may be required to report the incident to regulators and to those individuals whose information was subject to the attack....more

Health Care E-Note - July 2017

by Burr & Forman on

Everywhere you look these days, there seems to be another report of a cyberattack -- attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more

Unencrypted Backup Drive of 531 EEG Patients Lost

Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531...more

Hixon: Medical records and privacy

by GableGotwals on

Many people mistakenly believe that their medical files maintained by their physicians are 100 percent private. However, there are legal scenarios in which those files are under subpoena and that require physicians to comply...more

HIPAA in the Age of Ransomware

According to a recent US Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types, including health care facilities. This past spring, for example, the WannaCry ransomware...more

Princeton Community Hospital Replaces Computer Network After Petya Attack

Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya...more

When Health Data Goes Missing: Largest Reported Ransomware Attack

In the aftermath of two powerful global ransomware attacks, a Michigan-based medical equipment provider has disclosed that hackers “encrypted our data files” and accessed more than 500,000 patient records in what is believed...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

New York State Enforces Data Breach Notification Law

Earlier this month, New York Attorney General Eric Schneiderman announced his state had entered into a settlement with CoPilot Provider Support Services, Inc. (CoPilot)—a settlement resulting from CoPilot’s violation of the...more

Data Breaches Most Expensive For Health Care Industry But Precautionary Measures Can Keep Costs Down

by Murtha Cullina on

Data breaches have become commonplace in every industry. In health care, however, it costs much more to respond to a data breach than in all other industries in this country, according to the results of a recent IBM-sponsored...more

Increased Focus on Health Care Cybersecurity: HHS Releases Long-Awaited Report and Cyber Attack Quick-Response Checklist

by McGuireWoods LLP on

The U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil...more

Reimbursement Manager Pleads Guilty for Prior Authorization Process Issues

by Bass, Berry & Sims PLC on

On Monday, June 19, 2017, Elizabeth Gurrieri became the second former employee of Insys Therapeutics (Insys) to plead guilty to federal anti-kickback charges related to the drug Subsys, an expensive fentanyl-based painkiller....more

Healthcare Business Associates

by Bryan Cave on

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their...more

Anthem Settles Data Breach Litigation for Record-Setting $115M

by Alston & Bird on

Health insurance giant Anthem, Inc. agreed to the largest data breach settlement to-date last week, ending multi-district consumer litigation over a 2015 data breach for $115 million. The data breach, which resulted from a...more

North Dakota Medicaid Recipients Data Found in Dumpster

The North Dakota Department of Human Services (NDDHS) is notifying 2,452 Medicaid recipients that their protected health information has been compromised when their records were discovered in a dumpster....more

Health Update - June 2017

HIPAA and Emerging Technologies - Editor’s Note: According to a HIMSS Mobile Technology Survey of healthcare provider employees, about 90% say they are using mobile devices to engage patients in their healthcare—and 36%...more

HIPAA Settlements in April and May Highlight Key Compliance Concerns for OCR

by Williams Mullen on

After a break in March with no new settlement agreements, OCR returned in April and May with quite a few. The Health Care Data Aware Blog already posted about a $400,000 OCR settlement released April 12, 2017, which can be...more

AGG Food and Drug Newsletter - June 2017

by Arnall Golden Gregory LLP on

Arnall Golden Gregory LLP's Food and Drug Newsletter is a monthly update of legal and regulatory issues that affect the FDA-regulated community, including regular updates on legislative initiatives from AGG’s Washington, DC...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

New HHS Cybersecurity Preparedness Checklist

by Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

OCR Issues Checklist for Responding to Cyber-Attack

The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?” The Checklist is a practical tool for health care entities and outlines several steps to...more

Enforcement Considerations for the Health Care Industry in the Wake of the WannaCry Ransomware Attack

by Ropes & Gray LLP on

On May 12, 2017, the WannaCry ransomware cryptoworm attacked over 230,000 computers in over 150 countries, holding data on the computers for ransom. WannaCry spread rapidly through networked systems that had not been updated...more

$387,200 Fine from HHS OCR for the Improper Disclosure of PHI to an Employer and a Volunteer Organization

by Arnall Golden Gregory LLP on

On May 23, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR) announced a settlement with St. Luke’s-Roosevelt Hospital Center, part of the Mount Sinai Health System, to resolve allegations...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

OCR Issues Reminder on Security Incidents

Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more

1,083 Results
|
View per page
Page: of 44
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.