On March 27, Brandywine Urology Consultants in Delaware began notifying the U.S. Department of Health and Human Services (HHS) and their patients about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27. Importantly, they state that the electronic medical records system (“EMR”) was not attacked…
Category: Health Data
WI: EVERSANA reports breach of protected health information that occurred in 2019
EVERSANA, a global commercial services provider to healthcare entities, has disclosed a data breach that occurred between between April 1 and July 3, 2019. The breach reportedly affected patient data stored in a legacy technology environment, which has since been updated. According to their notification, “Upon notification of unusual email activity, the firm immediately conducted…
Criminal investigation launched into breach of confidential patient records at Rand Memorial Hospital
The Public Hospitals Authority for the Bahamas issued the following: The Public Hospitals Authority (PHA) has launched a criminal investigation into the leak and dissemination on social media of a purported confidential document pertaining to clients of the Grand Bahama Health Services. The PHA has been assured that the matter which is now in the…
Alert from OCR: Individual Posing as OCR Investigator
From OCR, this alert: It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI). The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other…
Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do
Microsoft is doing its bit to help hospitals and care facilities to protect themselves from human-operated ransomware attacks. In a blog post published today, they write, in part: While a wide range of adversaries have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on…
First-Ever CCPA Cause of Action Filed in a Federal Court, but Is This Class Claim Short-Lived?
Cynthia J. Larose and Natalie Prescott of Mintz discuss a lawsuit previously noted on this site: Fuentes v. Sunshine Behavioral Health Group, LLC. The lawsuit followed a data leak of PHI due to a misconfiguration of a database. The leak was first reported by DataBreaches.net who had alerted the entity to their leak. I’m going…