From HHS, yesterday: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces that it has settled its ninth enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health…
Category: Health Data
Community Health Systems settles charges by 28 states over 2014 data breach
It’s been an expensive few weeks for Community Health Systems and CHSPSC. First, a few weeks ago, HHS announced that CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential…
Dr Lal PathLabs, one of India’s largest blood test labs, exposed patient data
Zack Whittaker and Manish Singh report: Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months, TechCrunch has learned. The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing…
Medical data of 150 Toronto hospital patients allegedly used to extort money from company
Katherine DeClerq reports: A Toronto hospital says that roughly 150 patients have been impacted by a data breach after a third-party employee allegedly stole medical reports in an effort to extort money from their company after being let go. According to a letter sent on Sept. 30 by a privacy and information access specialist at Unity…
MS: AAA Ambulance Service experienced ransomware attack
The Journal of Emergency Medical Services reports that AAA Ambulance Service in Mississippi was the target of an attempted ransomware attack over the summer. A notice posted on the ambulance service’s site explains that on or about July 1, they discovered an attempted attack, and took immediate steps to prevent the encryption of their systems…
University Hospital Limerick writing to 630 patients after alleged major data breach which saw information posted on Twitter
David Raleigh reports: University Hospital Limerick (UHL) is in the process of sending letters to over 600 patients following an alleged major data breach concerning patient data, including details of 95 children, which was then posted on social media. Gardaí have also been informed of the alleged breach by a non-HSE employee. It’s alleged the…