On January 9, DataBreaches noticed that Aviacode had been added to the leak site for 0mega. Aviacode, which is part of GeBBS Healthcare Solutions, offers medical coding services, medical coding audits, coding denial management, clinical documentation improvement, and revenue cycle management for billings and claims. As such, it is often a business associate for HIPAA-covered…
Category: Commentaries and Analyses
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…
U.K.: NHS call center advisor found guilty of accessing medical records illegally
From the ICO, this press release: A former 111 call centre advisor has been found guilty and fined for illegally accessing the medical records of a child and his family. Martin Swan, 56, from Pinner, London, worked as a service advisor at the NHS 111 call centre in Southall when he illegally accessed the records….
Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Year 2021- HHS OCR
From their report: Summary OCR received 609 notifications of breaches affecting 500 or more individuals, representing a decrease of 7% from the number of reports received in calendar year 2020. These reported breaches affected a total of approximately 37,182,558 individuals. The most commonly reported category of breaches was hacking, and the largest breach of this…
BD issues cybersecurity alert for hacking risk found in Alaris infusion pump software
Andrea Park reports: A vulnerability found in software used to monitor some of BD’s infusion pumps could potentially give hackers access to personal data stored in the system. BD posted a cybersecurity bulletin about the issue Thursday and said it has already notified the FDA and the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency…
Private Data Breach Litigation Comes of Age
Quinn Emanuel Urquhart & Sullivan, LLP write, in part: Companies face yet another major risk after a data breach—one which is increasing exponentially—data breach litigation brought by private plaintiffs, often in the form of class actions brought by sophisticated plaintiffs’ counsel who specialize in such cases. Private civil litigation is now a probability, not a…