Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Category: Health Data
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
More than a year later, Lifeline Health Systems notifies 75,000 people of a data breach
Lifeline Health Systems is a HIPAA-covered entity, although not all the data involved in their 2022 breach was protected health information. Some of the data related to employees and family members. But here’s the timeline Lifeline provides in their notification template: On August 6, 2022, we identified unusual network activity. We immediately initiated our incident…
Do IT Consultants victim of attack by Ragnar_Locker
On September 2, Ragnar_Locker added Do IT Consultants in Canada to their “Wall of Shame.” For its listing, they wrote: Due to high level negligence and careless network security of DO IT employees, has been allowed a huge leak which affected on clients of the DO IT company. No matter that they are an IT…
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized…