May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…
Category: Health Data
Data protection commissioners ‘want to look wider’ into patient file breach
Cianan Brennan reports: The Data Protection Commission has opened an investigation into the HSE after the personal files of patients were “compromised”. Questions have been raised about “unsuitable locations” in which that data was stored. A spokesperson for the commission said that the inquiry “concerns the storage and retention of personal data contained in paper records…
Sav-Rx notifies 2.8 million patients of October 2023 data breach
A&A Services, which does business as Sav-Rx, is notifying 2,812,336 patients of a hacking incident in October 2023. According to its submissions to the California and Maine attorneys general, Sav-Rx detected an interruption to their network on October 8, 2023. By the next day, their IT systems were restored and prescriptions were shipped on time…
More than 540,000 patients notified so far about Cencora/Lash Group data breach (9)
– Only partial numbers so far – Only partial list of clients so far – No group has as yet claimed responsibility for the hack and data exfiltration As the week draws to a close, clients of Cencora and The Lash Group have been submitting breach notifications to state attorneys general. DataBreaches reported in February…
American Clinical Solutions: Over 400,000 Medical Records in the Hands of RansomHub
Marco A. De Felice aka @amvinfe reports: The RansomHub group made headlines last February when, following a cyberattack on Change Healthcare, they disrupted operations for several weeks. Change Healthcare is the largest U.S. provider of revenue and payment cycle management, connecting payers, providers, and patients within the American healthcare system. A week ago, a RansomHub affiliate successfully…
LifeLabs to appeal court’s decision to release Ontario IPC and BC OIPC breach investigation report
The Office of the Information & Privacy Commissioner for British Columbia issued the following statement on May 23 about a case that raises issues of transparency and claims of privileged information: LifeLabs has announced that it is seeking leave to appeal a court ruling upholding the decision of the Information and Privacy Commissioner of Ontario…