Kristin L. Bryan of Squire Patton Boggs writes: This week Plaintiffs in thirteen consolidated cases brought against Accellion and other defendants filed a motion for preliminary approval of a class action settlement in California federal court. This development is notable for its resolution (if approved) only as to Accellion and for the categories of relief offered…
Category: Health Data
Baptist Medical Center and Resolute Health Hospital notifying patients after malware attack snagged patient data
Baptist Medical Center in San Antonio and Resolute Health Hospital in New Braunfels have disclosed a cyberattack involving unspecified malicious code that infected their system. According to statements made by IDX on their behalf, an unauthorized party accessed and exfiltrated data from their network between March 31, 2022 and April 24. The attack was first…
Theft of computers at the Centre Hospitalier Universitaire de Québec: the files of 10,000 employees stolen
Helen Hernandez reports: The personal data of nearly 10,000 employees of the CHU de Québec were stolen during a burglary that occurred on the night of June 5 to 6. The criminals broke into the premises of the CHU de Québec Research Center and seized computer equipment containing employee files. 9,500 former and current workers…
Central Florida Inpatient Medicine notifies 197,733 patients after employee email account compromised last year
Central Florida Inpatient Medicine (CFIM) is notifying 197,733 patients whose protected health information (PHI) was in an employee’s email account that was accessed by an unauthorized individual between August 21, 2021 and September 17, 2021. CFIM does not indicate when they first discovered that there had been a breach or how they first discovered it. …
Updates to the MCG Health Breach Incident
For initial coverage, read this post. Updates: A threat actor, “Twister Canyon,” claims that MCG Health has made false claims about the incident. Their claims can be found in the Comments section under the original post. MCG Health was asked to respond to their claims but have not replied as of this June 14 posting….
OCR Presents: Recognized Security Practices Video Presentation
The HHS Office for Civil Rights (OCR) is producing a pre-recorded video presentation for HIPAA covered entities and business associates (regulated entities) on “recognized security practices,” as set forth in Public Law 116-321 (Section 13412 of the Health Information Technology for Economic and Clinical Health Act (HITECH). The statute requires OCR to take into consideration…