From HHS OCR: The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules….
Category: Health Data
Data Breaches Cost Hospitals $4B Annually – survey
Jack O’Brien reports on findings from a recent survey of more than 2,870 security professionals from 733 provider organization. Spoiler alert: almost every IT professional agreed with the sentiment that data attackers are outpacing medical enterprises. The total cost of data breaches at healthcare organizations is projected to reach $4 billion by the end of…
Brooklyn Hospital Center notifies patients after data could be not be recovered after malware attack
Brooklyn Hospital Center has issued a press release about a data incident that may not have resulted in access or exfiltration of patient data (they couldn’t determine that) but did result in their inability to recover certain data related to specific patients. From their notice: In late July 2019, the Hospital became aware of unusual activity…
Washington University School of Medicine notifies patients of HIPAA breach
Washington University School of Medicine in St. Louis issued this notice on Nov. 1: Washington University School of Medicine announced today that it began mailing letters to patients whose information may have been involved in a recent security incident at its Department of Ophthalmology and Visual Sciences. On Sept. 3, 2019, the School of Medicine…
The Guidance Center notifies 1,235 patients after discovering insider wrongdoing
What havoc and costs a rogue insider/employee can cause. Here’s another example — this one from a new disclosure by external counsel for The Guidance Center in Long Beach, California. The Guidance Center (TGC) provides comprehensive mental health treatment to disadvantaged youth and their families. In their lawyer’s words: In late March of 2019, TGC…
AU: Cyber criminals hack Perth Anaesthetic Group
Eliza McPhee reports: Cyber criminals hacked a medical practice and stole patients’ confidential information in a terrifying security breach. Perth Anaesthetic Group in the city’s south was hacked on Thursday morning and criminals gained access into the hospital’s database. The cyber hackers sent out fake invoices to several patients demanding they submit payments for treatments. Read…