Theresa Defino reports: Covered entities (CEs) and business associates (BAs) might be forgiven if the most recent HHS Office for Civil Rights (OCR) HIPAA enforcement action evoked little more than a yawn. Yes, the $175,000 payment isn’t a particularly large amount, and the sole alleged violation is a retread. Actually, it’s the 10th in OCR’s…
Category: Health Data
Vn: Major hospitals hit by cyberattacks, patient data sold on hacker forums
Over the years, DataBreaches has noted hospitals in APAC countries having data leaked or being hit with ransomware attacks, but I have not seen a lot of reviews. An article by Thai Khang in VietnamNet names mentions some of the bigger hospital breaches in Vietnam since 2024, and then continues: According to Thuy, in the…
California hospitals can escape fines if workers expose patient info
Scott Holland reports that a California state appeals court agreed with a hospital that it should not be held liable for employee misbehavior if they had a clear policy in place but the employee knowingly violated it: A state appeals panel has agreed hospitals can’t be sued if one of their employees posts confidential patient…
Harris Health discloses insider-wrongdoing breach that went on for a decade
Here is today’s reminder of the insider threat and why it may be challenging, but it’s still necessary, to monitor and audit employee access to patient records to spot any inappropriate access. Harris Health is notifying more than 5,000 patients that an employee — who was fired and referred to law enforcement when their wrongdoing…
Leak of patient records feared as Israeli hospital hit by cyberattack demanding ransom
The Times of Israel reports: The Assaf Harofeh Medical Center in the central city of Beer Yaakov was targeted by a cyberattack over Yom Kippur, according to a joint announcement from the hospital, the Health Ministry and the National Cyber Directorate. Authorities were investigating the possibility of a leak as a result of the attack….
Archer Health was leaking protected health information. Criminals appear to have found it. (2)
From our “No Need to Hack When It’s Leaking” files, a report involving Archer Health, an in-home healthcare provider. Website Planet recently reported a misconfigured bucket that was found by researcher Jeremiah Fowler. The unencrypted and non-password-protected database reportedly contained approximately 145k files (totaling 23 GB). “In a limited sampling of the exposed files, I…