Issued on 11/21/2024 | Posted on 11/25/2024 | Report number: A-18-21-08014 To cut to the chase: What OIG Found OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR’s audits consisted…
Category: Health Data
UK: All outpatient appointments cancelled as Arrowe Park Hospital hit with ‘cyber attack’
Emma Dukes reports: Wirral University Teaching Hospital Trust said the incident began on Monday evening (November 25), with staff members at the hospital telling LiverpoolWorld that a “cyber attack” had caused the computer systems to go down. The Trust – which comprises Arrowe Park Hospital, Clatterbridge Hospitals and the Wirral Women and Children’s Hospital – confirmed that a “major…
Ca: LifeLab loses its last attempt to withhold data breach forensics report from public eyes
It’s been a long battle, but transparency has prevailed. LifeLabs LP v. Information and Privacy Commissioner of Ontario (IPC) stemmed from a cyberattack in 2019 that resulted in the compromise of 15 million Canadian’s data. LifeLab eventually complied with inquiries by the Privacy Commissioner, who requested that LifeLab provide its forensics report and other documents, but LifeLab…
Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
Rockford Gastroenterology Associates notifies 147,253 patients of December 2023 cyberattack
In December 2023, DataBreaches added Rockford Gastroenterology Associates (“RGA”) to a list of possible ransomware victims after seeing a listing for them on the leak site for threat actors known as RA World. However, it wasn’t until September 2024 that RGA posted a notice on its website, and not until October that they notified HHS…
Cyberattack at French hospital exposes health data of 750,000 patients
Bill Toulas reports: A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. A threat actor using the nickname ‘nears’ (previously near2tlg) claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient…