LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…
Category: Health Data
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
More than a year later, Lifeline Health Systems notifies 75,000 people of a data breach
Lifeline Health Systems is a HIPAA-covered entity, although not all the data involved in their 2022 breach was protected health information. Some of the data related to employees and family members. But here’s the timeline Lifeline provides in their notification template: On August 6, 2022, we identified unusual network activity. We immediately initiated our incident…
Do IT Consultants victim of attack by Ragnar_Locker
On September 2, Ragnar_Locker added Do IT Consultants in Canada to their “Wall of Shame.” For its listing, they wrote: Due to high level negligence and careless network security of DO IT employees, has been allowed a huge leak which affected on clients of the DO IT company. No matter that they are an IT…