Brett Kelman reports: Aspire Health, a large Nashville health care company that offers in-home treatment in 25 states, was hacked earlier this month and lost at least some patient information to an unknown cyberattacker. The hack, disclosed for the first time in federal court records filed on Tuesday, occurred after a phishing attack gained access to…
Category: Health Data
SingHealth data breach reveals several ‘inadequate’ security measures
Eileen Yu reports: Investigation into Singapore’s most severe cybersecurity breach has uncovered several poor security practices, including the use of weak administrative passwords and unpatched workstations. The findings were revealed on the first day of hearings led by the Committee of Inquiry (COI), a team set up to probe a July 2018 security breach that…
Unauthorized Disclosure of Patients’ Protected Health Information During “Boston Med” Filming Results in Multiple HIPAA Settlements Totaling $999,000
Today was not a good day for hospitals in Massachusetts. First, we saw the state’s attorney general announce a settlement between the state and UMass Memorial Healthcare and UMass Memorial Medical Centers involving insider breaches for fraudulent purposes. And now we see this announcement from the federal regulator, OCR: Today, the Department of Health and…
UMass Memorial Health Care Entities to Pay $230,000 to Resolve Massachusetts AG’s Lawsuit Over Data Breaches
From the Office of Attorney General Maura Healey, an announcement of a settlement in the wake of insider breaches: BOSTON — UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230,000 to resolve claims that two separate data breaches exposed the personal and health information of more than…
Ransomware attacks against hospitals: A timeline
Seth Rosenblatt and Pinguino Kolb report: Ransomware attacks are serious business for hackers―and often completely avoidable. Hospitals and health care systems, now in the business of collecting patient data as a side effect of treating physical maladies, struggle to keep that information secure. While there’s no ransomware-specific cost estimate to the health care business, Verizon’s…
Commentary: What Constitutes Negligence in Company Data Breaches?
Amy L. Hanna Keeney of Adams and Reese writes about an opinion in a court case that stemmed from one of TheDarkOverlord’s hacks: their attack on Athens Orthopedic Clinic (AOC). I had covered that breach extensively, including commenting on the fact that AOC did not offer any free services to patients whose data had not…