Steve Alder reports: Mark Kevin Robison, a former vice president of Commonwealth Health Corporation (now Med Center Health) in Kentucky has been sentenced to 2 years’ probation and ordered to pay $140,000 in restitution after reaching a plea agreement with federal prosecutors over a HIPAA violation. Robison pled guilty to knowingly disclosing the protected health…
Category: Health Data
After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedures and raised concerns about patient safety. The Centers for Medicare & Medicaid Services, an arm of the Department of…
HMG Healthcare notifies employees and residents of cyberattack
HMG Healthcare has posted a notice of a data breach on its website, but most people are unlikely to notice the substitute notice because of the way it has been presented. If the purpose of a substitute notice under HIPAA is to reach people the covered entity may not have sufficient or current contact information…
Capital Health acknowledges a cyberattack last month but details are lacking
LockBit3.0 claims to have hit CapitalHealth.org in New Jersey. In a listing posted on their site on January 7, the threat actors write, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s…
Personal, pregnancy details of Midwives of Windsor patients breached
CBC reports: A data breach involving email has exposed the personal and pregnancy information of an unknown number of clients of the Midwives of Windsor, CBC News has learned. The breach was reported to Ontario’s Information and Privacy Commissioner months before it was disclosed to clients of the practice. Read more at CBC.
Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…