Nathan Eddy reports: Coffey Health System, a 25-bed critical access hospital in Kansas, has agreed to pay a $250,000 settlement for alleged False Claims Act violations related to its meaningful use attestation. Specifically, the U.S. Department of Justice charged that the hospital falsely attested that it had conducted the necessary security assessment to comply with…
Category: Health Data
Unsurprisingly, big numbers from the AMCA breach are starting to be revealed
On May 10, when DataBreaches.net first reported that the American Medical Collection Agency had been breached, we reported that information from 200,000 payment cards had been found for sale on a top-tier market by Gemini Advisory analysts, whose investigation linked those cards to AMCA. At the time, we did not know how many other payment…
Premera Reaches Proposed $74M Settlement Over 2014 Breach of 11M
Jessica Davis reports: Premera Blue Cross reached a proposed $74 million settlement with the 11 million patients impacted by its 2014 breach, caused by a sophisticated cyberattack that lasted for nearly one year before it was discovered. In January 2015, Premera officials discovered the breach that began nearly a year earlier in May 2014. Premera, Premera…
Understanding When Business Associates Are Directly Liable Under HIPAA
Aimee Jachym and Samantha A. Kopacz of Miller Canfield PLC write: New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place in order to avoid costly penalties. OCR recently released a Fact…
Ca: Weight Loss Grants posts customer health information without consent
Sean O’Shea reports: A company that promised to pay customers for losing weight has posted personal information about clients, including their names, weights, weight loss goals and even facial photographs on its website. Weight Loss Grants revealed the personal information without clients’ consent after news reports described how the organization failed to make payments to…
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…