Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new…
Category: Health Data
Australian Digital Health Agency sees ‘inconsequential’ My Health Record data breach notices eroding trust
Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review [pdf], the agency (ADHA) asks for changes to the My Health Records Act under which…
Tasmania Police called in after ambulance patient details published online
Emily Baker reports: The private details of every Tasmanian who has called an ambulance since November last year have been published online by a third party in a list still updating each time paramedics are dispatched. The breach of Ambulance Tasmania’s paging system has been described as “horrific” by the Health and Community Services Union,…
Greater Baltimore Medical Center restoring electronic medical records after ransomware incident
Hallie Miller reports: One month after a crippling ransomware incident, Greater Baltimore Medical Center is beginning to restore the Towson hospital’s electronic medical records, officials said this week. GBMC previously disclosed little about the Dec. 6 cyberattack, which disrupted the health care system’s communication and data-keeping infrastructure and forced it to take systems offline and reschedule…
Aurora Cannabis breach exposes personal data of former, current workers
Solomon Israel reports: A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned. An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud…
“Without Undue Delay, Part 1:” Update on earlier ransomware cases
In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…