And as this work week drew to a close, we also learned about these breaches involving patient data that were reported to HHS earlier this month: Dialyze Direct, LLC in New Jersey notified HHS that 14,203 patients were impacted by an incident they coded as a hacking/IT incident involving email. There is no statement on…
Category: U.S.
OCR Cybersecurity Newsletter: Defending Against Common Cyber-Attacks
From OCR’s newsletter today: Throughout 2020 and 2021, hackers have targeted the health care industry seeking unauthorized access to valuable electronic protected health information (ePHI). The number of breaches of unsecured ePHI reported to the U.S Department of Health and Human Service’s Office for Civil Rights (OCR) affecting 500 or more individuals due to hacking…
Arkansas AG Sues Defunct Health Provider for Mishandling Patient Records
Scott Carroll reports: Arkansas Attorney General Leslie Rutledge on Thursday announced a lawsuit against the defunct Eastern Ozarks Regional Health for failing to protect sensitive patient information after it closed. The former hospital in Cherokee Village is accused of leaving behind thousands of unsecured patient and employee records that contain social security numbers, driver’s license…
WA: Chelan Douglas Health District Warning Residents of 2021 Data Breach
Kyle Lamb reports: The Chelan Douglas Health District is warning the public of a data breach that may have led to the loss of identifiable personal and health information. The district said the hack occurred in early July of last year, with cybersecurity consultants finishing a review of the breach February 12th and the district…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security
The FTC has taken enforcement action against CafePress stemming, in part from a 2019 data breach previously reported on this site. In December, 2020, seven states settled charges with CafePress. The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and…