NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities April 25, 2023 For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health…
Category: Health Data
Former Methodist employees plead guilty to HIPAA violations
There’s an update to a case announced in November 2022 in which five former Methodist Hospital employees in Memphis Tennessee were charged with criminal violations of HIPAA. According to the indictment, between November 2017 and December 2020, the five were charged with conspiring with Roderick Harvey to unlawfully disclose patient information in violation HIPAA. Harvey…
Federal office probes Guam Memorial Hospital network breach
Jolene Toves reports: The “unauthorized access” that prompted the Guam Memorial Hospital to shut down its network in March is now being investigated by the U.S. Department of Health and Human Services, according to an acceptance letter addressed to a whistleblower who is only identified as “Leaky Leaks.” The acceptance letter, dated April 18, notified…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we noted six entities that have disclosed the breach. Five of them are listed on Clop’s leak site with their…
Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records
Greg Davis reports: Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records. Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills. In the letter, hospital chief privacy…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far. (3)
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we note entities that have already disclosed the breach. In Part 2, we will note those entities that do not…