November 27 EDMONTON – The 2023-2024 Annual Report of the Office of the Information and Privacy Commissioner (OIPC) of Alberta was tabled today by the Speaker of the Alberta Legislative Assembly and has now been published online by the OIPC. “The 2023-24 year can best be characterized as a year of change and engagement for…
Category: Health Data
The Office for Civil Rights Should Enhance Its HIPAA Audit Program to Enforce HIPAA Requirements and Improve the Protection of Electronic Protected Health Information
Issued on 11/21/2024 | Posted on 11/25/2024 | Report number: A-18-21-08014 To cut to the chase: What OIG Found OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR’s audits consisted…
UK: All outpatient appointments cancelled as Arrowe Park Hospital hit with ‘cyber attack’
Emma Dukes reports: Wirral University Teaching Hospital Trust said the incident began on Monday evening (November 25), with staff members at the hospital telling LiverpoolWorld that a “cyber attack” had caused the computer systems to go down. The Trust – which comprises Arrowe Park Hospital, Clatterbridge Hospitals and the Wirral Women and Children’s Hospital – confirmed that a “major…
Ca: LifeLab loses its last attempt to withhold data breach forensics report from public eyes
It’s been a long battle, but transparency has prevailed. LifeLabs LP v. Information and Privacy Commissioner of Ontario (IPC) stemmed from a cyberattack in 2019 that resulted in the compromise of 15 million Canadian’s data. LifeLab eventually complied with inquiries by the Privacy Commissioner, who requested that LifeLab provide its forensics report and other documents, but LifeLab…
Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
Rockford Gastroenterology Associates notifies 147,253 patients of December 2023 cyberattack
In December 2023, DataBreaches added Rockford Gastroenterology Associates (“RGA”) to a list of possible ransomware victims after seeing a listing for them on the leak site for threat actors known as RA World. However, it wasn’t until September 2024 that RGA posted a notice on its website, and not until October that they notified HHS…