After providing some history the LabMD enforcement action by FTC, and the former’s appeal to the 11th Circuit, Tom Kulik of Scheef & Stone, LLP outlines what he considers the three biggest data security takeaways from the case. You can read his article on Above the Law.
Category: Health Data
Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History
From HHS/OCR, this record-setting announcement: Anthem, Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led…
Medical Information Leaked After Hackers Breach Israeli Emergency Responders’ Website
Amitai Ziv reports: Serious security breaches in the website of Magen David Adom, also known as MDA, have led to the leaking of identifying information about patients, sensitive medical information, financial information and even information on organization volunteers. A so-called white hat hacker – who finds breaches to improve cybersecurity rather than to attack sites…
$400K settlement reached in Capital Health patient privacy breach
Richard Woodbury reports: A proposed settlement worth about $400,000 has been reached in a Nova Scotia class-action lawsuit relating to the improper access of patients’s personal health information by an employee of the former Capital District Health Authority, according to a law firm involved in the case. The breaches by former employee Katharine Zinck Lawrence, who accessed the…
Minnesota DHS Notifies Residents After Discovering Two Successful Phishing Attacks
KSTP reports: The Minnesota Department of Human Services were victims of a phishing email scam, where someone had the ability to access the information of approximately 21,000 individuals who interacted with the department. DHS confirmed the potential breach Thursday in a statement. DHS sent out a letter dated Tuesday to those individuals whose information may…
Escaping Notice, by Laying Low
HIPAA lawyer Matt Fisher has a thoughtful commentary inspired by an OCR investigation first reported on this site. Unlike the FTC who have tended to demand 20-year monitoring plans as part of their settlements with entities that have data security breaches, OCR tends to use a more educative approach without monetary penalties or long-term monitoring in…