On February 3, Conti threat actors added Nocona General Hospital in Texas to their leak site, posting 20 files as proof that they had accessed the hospital’s files. Many of the files contained patient records from 2018, and appeared to be pdf scans or doc files. They did not appear to be records from any…
Category: Health Data
FR: The Dax hospital center targeted by a large-scale cyber attack
AC reports (translation): The telephone lines did not ring at midday. It was impossible to reach the Dax hospital center, which was targeted on Tuesday, February 9 by a large-scale cyber attack. “Our teams are doing their utmost to restore the situation as soon as possible,” said the establishment on its Twitter account. A crisis meeting…
When to Report a Breach: Consideration of Encryption States
Matt Fisher of Carium writes: Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not…
What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?
Here is some more commentary on the Fifth Circuit opinion in MD Anderson v. HHS. Elfin Noce, Liisa Thomas & Susan Ingargiola of SheppardMullin write, in part: On the ruling regarding the disclosure of ePHI, the Fifth Circuit held that HHS had failed to establish that MD Anderson disclosed ePHI to someone outside of the covered entity. The…
The M.D. Anderson Case and the Future of HIPAA Enforcement
Privacy law scholar Daniel Solove writes: The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2001), the 5th Circuit struck down a fine…
The Blackbaud ransomware breach — impact on school clients
In July, 2020, cloud software firm Blackbaud announced that it had been the victim of a ransomware attack that began in February of 2020 and continued until Blackbaud was able to kick the attackers out of their system in May. In order to try to protect their clients from having personal and sensitive information on…