Commentaries and Analyses – Page 9

Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack

Posted on December 7, 2024 by Dissent

On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…

HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations

Posted on December 5, 2024 by Dissent

Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 incident affected 2,553 patients — as reported to HHS at the time. Today,…

Express Services disclosed a data breach. One month later, they learned they had a second data security problem.

Posted on December 4, 2024 by Dissent

Express Employment Professionals (“Express Pros“) describes itself as a leading staffing agency in the U.S., “specializing in matching job seekers with the best jobs for their skills and experience.” Express Pros is the flagship brand for Express Services and conducts business across the U.S., Canada, South Africa, Australia, and New Zealand. Express Pros operates as…

Recent Texas Case Highlights Increasing Relevance of Privacy and Security Laws to E-Discovery Process

Posted on December 2, 2024 by Dissent

Of note from Hunton Andrews Kurth: On November 6, 2024, a Texas state district court jury found that a large e-discovery vendor violated Title 7, Chapter 33 of the Texas Penal Code, which provides that accessing a computer without its owner’s permission is a Class B misdemeanor. This case highlights the importance for e-discovery vendors…

PDPC: Breach of the Protection Obligation by HMI Institute of Health Science

Posted on November 30, 2024 by Dissent

A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute of Health Science Pte. Ltd. (the “Organisation”) is a healthcare training provider in Singapore. On 2…

Changes Are Likely on the Horizon for the Federal Healthcare Portfolio, in Areas Including Cybersecurity and in Regulatory Enforcement

Posted on November 30, 2024 by Dissent

Nicole K. Macris and Gabriel S. Oberfield of Bond Schoeneck & King PLLC write: Federal healthcare administration undoubtedly will look different in 2025 than it does as we close 2024. In the aftermath of the Republican party victories during this month’s Federal elections – and if the past is prelude – the Federal focus concerning…