Hannah Neprash and Alan Z. Rozenshtein write: In a new JAMA Health Forum Original Investigation, we and our co-authors address this data gap. We have created the Tracking Healthcare Ransomware Events and Traits (THREAT) database, a comprehensive accounting of 374 ransomware attacks on U.S. healthcare delivery organizations from 2016-2021. To assemble this database we used…
Category: Commentaries and Analyses
2023 New Year’s Resolution: Don’t Get “Whacked” By A State AG for Cybersecurity Compliance
Joe Lazzarotti of Jackson Lewis writes: It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically…
Oregon AG Rosenblum Settles with Avalon Healthcare over 2019 Data Breach
Although HHS OCR generally fails to take a hard enforcement line with reporting breaches by the “no later than 60 day” rule in HIPAA, state attorneys general may enforce even stricter deadlines. Read this press release: December 27 — Oregon Attorney General Ellen Rosenblum and Utah Attorney General Sean Reyes announced they’ve settled a data breach enforcement case…
Worst breach notifications of 2022
This is the time of year when many sites compile their lists of worst breaches of the year. Some consider all sectors, some confine themselves to one sector. Many base their lists on number reported to some regulator. Over the years, I have compiled my own annual lists where the “worst breaches” were not always…
NC: Monarch notifies HHS of breach, but where are the details and notice?
On September 1, a listing on a dark web site by a group calling themselves Don#t_Leaks named MonarchNC as a victim. The listing did not appear for long. The only “proof” offered at the time was a filetree and a screencap of what might be an index of an inbox showing monarchnc.org domain in email…
Keeping Bad Actors Out of K–12’s IP Surveillance System
Eileen Belastock reports: K–12 districts are investing a larger portion of their budgets in new security technologies to create safer environments for their school communities. A 2020 study conducted by Omdia on behalf of the Security Industry Association showed the market for physical security equipment in K–12 and higher education was $716 million in 2020. The K–12…