Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
Category: Health Data
After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.
TX: Threat actors dump patient files from Nocona General Hospital
On February 3, Conti threat actors added Nocona General Hospital in Texas to their leak site, posting 20 files as proof that they had accessed the hospital’s files. Many of the files contained patient records from 2018, and appeared to be pdf scans or doc files. They did not appear to be records from any…
FR: The Dax hospital center targeted by a large-scale cyber attack
AC reports (translation): The telephone lines did not ring at midday. It was impossible to reach the Dax hospital center, which was targeted on Tuesday, February 9 by a large-scale cyber attack. “Our teams are doing their utmost to restore the situation as soon as possible,” said the establishment on its Twitter account. A crisis meeting…
When to Report a Breach: Consideration of Encryption States
Matt Fisher of Carium writes: Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not…
What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?
Here is some more commentary on the Fifth Circuit opinion in MD Anderson v. HHS. Elfin Noce, Liisa Thomas & Susan Ingargiola of SheppardMullin write, in part: On the ruling regarding the disclosure of ePHI, the Fifth Circuit held that HHS had failed to establish that MD Anderson disclosed ePHI to someone outside of the covered entity. The…