Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…
Category: Health Data
Lubbock Heart and Surgical Hospital sued for breach where no one knows for sure whether data was accessed or acquired
If the victim of a cyberattack cannot determine whether data was accessed or acquired, should that increase the damages sought by plaintiffs in a class action suit? Or should it get the suit tossed out because the plaintiffs can’t prove any theft of their data? Kelly Mehorter reports about a class action lawsuit filed against…
HK: Doctor suspended over medical records breach
A doctor has been suspended from clinical duties and reported to the police on suspicion of accessing medical records without their subject’s consent. A spokesman for North District Hospital said in a statement published on Tuesday night that they discovered the breach after a member of staff reported that she suspected her medical records had…
Sentara Health notifying 741 patients after mistake by Coronis Health employee
In a refreshingly straightforward breach disclosure, Sentara Health in Virginia reports that on December 19, an anonymous individual called their Compliance Hotline to alert them that while searching for something online, the called had stumbled across an exposed file with patients’ Medicare billing information. Sentara quickly verified the caller’s report and determined that the file…
Supreme Court Hears Healthcare Identity Theft Case
Marianne Kolbasuk McGee reports: Justices on the U.S. Supreme Court seem ready to restrict federal prosecutors’ use of a federal law criminalizing identity theft after hearing a case challenging its application in a Medicaid fraud case. Traditional identity theft involving appropriation of personal information for criminal ends, such as obtaining fraudulent prescriptions or submitting fake…
Social engineering attack on Boston labor union results in $6.4 million loss
AP reports: A cyberattack on a Boston-based labor union’s health fund resulted in the loss of $6.4 million, but it does not appear that the personal information of members was stolen or compromised, union officials said. Federal and local law enforcement agencies were notified of the attack at Pipefitters Local 537 that was discovered Feb….