Last year, the American Hospital Association (AHA) sued the U.S. Department of Health and Human Services (HHS) in the U.S. District Court of the Northern District of Texas, requesting that HHS be barred from enforcing a new...more
On July 10, 2024, the U.S. District Court for the Eastern District of Wisconsin granted plaintiffs’ Motion for Final Approval of a $12.2 million proposed settlement by Advocate Aurora Health to settle allegations against the...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/13/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Snapchat ,
Surveillance ,
TikTok
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living facilities in 19 states. Ascension confirmed that it has been hit by a cybersecurity attack and...more
The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated...more
The World Health Organization (WHO) recently published “Ethics and Governance of Artificial Intelligence for Health: Guidance on large multi-modal models” (LMMs), which is designed to provide “guidance to assist Member States...more
On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of...more
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24...more
11/17/2023
/ Cybersecurity ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New York ,
Patient Privacy Rights ,
PHI ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health...more
11/10/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Popular ,
Ransomware ,
Settlement
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the...more
9/8/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
Ransomware ,
The Joint Commission
On July 20, 2023, the Federal Trade Commission and the Department of Health and Human Services issued letters to hospitals and telehealth providers “about the privacy and security risks related to the use of online tracking...more
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
2/24/2023
/ Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Statutory Deadlines
The Health Care Sector Cybersecurity Coordination Center (IC3) recently released an Analyst’s Note to health care organizations providing information on a new variant of ransomware called Venus (also known as GOODGAME)....more
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more
Boise State Public Radio has reported that the Idaho Health Data Exchange (IHDE) filed for Chapter 11 bankruptcy on August 12, 2022. IHDE is a not-for-profit organization that was launched in 2009 to provide access to patient...more
Making quite the statement on July 15, 2022, the Office for Civil Rights (OCR) announced in a press release that it had recently settled an additional 11 cases under its Right to Access Initiative. These settlements bring the...more
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
6/29/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Identity Theft ,
Information Technology ,
PHI ,
Popular ,
Ransomware ,
Risk Mitigation ,
Vulnerability Assessments
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers.
HIPAA requires that covered entities...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
2/11/2022
/ Cyber Attacks ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Requirements ,
Reporting Requirements
CYBERSECURITY -
ECRI Names Cybersecurity Attacks as Top Health Technology Hazard for 2022 -
ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device...more
1/21/2022
/ Automation Systems ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
FBI ,
Hackers ,
Health Care Providers ,
Japan ,
Malware ,
Popular ,
QR Codes ,
Vessels ,
Vulnerability Assessments
ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device Evaluation group, “the Top 10 Health Technology Hazards list identifies the potential sources of danger...more
1/20/2022
/ Annual Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Popular ,
Vulnerability Assessments
On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed data from its system on...more
1/6/2022
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Data Security ,
Electronically Stored Information ,
Hackers ,
Health Care Providers ,
Information Technology ,
Multi-Factor Authentication ,
Personal Data ,
Personally Identifiable Information
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
12/23/2021
/ Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Email ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
OCR ,
Penalties ,
PHI ,
Phishing Scams ,
Policies and Procedures ,
State Attorneys General