In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…
Category: U.S.
Ransomware attack cripples NYC DOE’s teacher disciplinary system
Susan Edelman reports: A ransomware attack has crippled the city’s teacher discipline system, The Post has learned. A contractor that provides hearing transcripts for the city Department of Education, the Ubiqus Group, said it “was hit by a ransomware-type cybersecurity incident” on Dec. 4. Read more on NY Post.
Georgia optometrist notifies patients of breach
So many breach disclosures get overlooked during the last week of the year as people focus on family and other issues. In addition to the Prestera and Mattapan news releases that appeared on December 31, I also came across a media report out of Georgia involving Five Points Eye Care in Athens, Georgia. On October…
MA: Mattapan Community Health Center notifies patients of breach
Well, I thought maybe the Prestera press release might be the last one of the year for my December PHI breach tracking purposes, but then I found this one. Mattapan Community Health Center in Massachusetts published this press release on December 31, too: MATTAPAN, Mass., Dec. 31, 2020 /PRNewswire/ — Mattapan Community Health Center (“MCHC”) is providing notice…
WV: Prestera Center notifies patients of data security incident
Prestera Center for Mental Health Services in West Virginia offers behavioral health care and addictions treatment programs, including outpatient treatment and residential substance abuse treatment. They issued a press release on December 31 and posted the following on their web site: December 31, 2020 Prestera Center Notifies Patients of Data Security Incident December 31, 2020…
Indiana attorney general says no charges recommended in fetal remains case
One of the most disturbing privacy and data security cases of the decade has come to an end of sorts. Rick Callahan of AP reports the update to a case first reported last year, but caution: this story may be triggering for some people. Indiana’s attorney general recommended no criminal charges or licensing actions Wednesday…