From HHS, this enforcement action press release: Allergy Associates of Hartford, P.C. (Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act…
Month: November 2018
PA: Judge revives employee lawsuit against UPMC after 2014 data breach
Rachel Z. Arndt reports the latest development in litigation stemming from a 2014 data breach disclosed by the University of Pittsburgh Medical Center. Within a year, more than 800 employees had reportedly become victims of tax refund fraud/identity theft. The Pennsylvania Supreme Court last week revived an employee lawsuit against UPMC stemming from a data…
Belgian Data Protection Authority reports jump in data breach notifications
Telecompaper reports: The Belgian Data Protection Authority reported a sharp increase in the number of data breaches reported to the regulator since the EU’s General Data Protection Regulation took effect in May, at 317 compared to 13 in 2017. The health, insurance, government, telecom and financial sectors were the top sources of the notifications. The…
Private health information leaked from University Kentucky HealthCare
Veronica Jean Seltzer reports: When you go to the hospital, you probably just want to get better. You’re likely not thinking the private information you’re giving doctors may slip out. Recently, some of that information made its way out of UK Hospital to someone who never should have seen it. That’s how ABC 36 came…
OVMC, EORH patients diverted to other hospitals after ransomware attack
Linda Comins of The Intelligencer is reporting: Emergency squad patients are being diverted away from Ohio Valley Medical Center and East Ohio Regional Hospital this weekend because the hospitals’ computer system has been attacked by Ransomware. Karin Janiszewski, director of marketing and public relations for OVMC and EORH, confirmed Saturday afternoon that a Ransomware attack…
Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR
Here’s a more detailed analysis of the GDPR fine of 20,000€ levied against a German flirting site, knuddels.de. Dr. Henrik Hanssen and Dr. Stefan Schuppert write: In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state…