One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia. Mind & Motion offers various types of therapeutic modalities. On September 30th, 2018, they discovered that their server had been attacked with ransomware. In a notification to patients, they write: We have…
Category: Health Data
No Data Breach, No Case
Michael Mayer of Faruki writes: An Ohio federal district court recently handed down a ruling that will make companies storing client data breathe a sigh of relief. In Williams-Diggins v. Mercy Health, Case No. 3:16-cv-1938 (N.D. Ohio), a patient sued a health system because of deficient patient information software. (The defendant-health system certified that it subsequently…
‘It cannot expect a private business to continue to clean up its errors’: Privacy czar blasts health authority for faxing patient records to computer store — again
Ragas Clan reports: Darryl Arnold would have unplugged his fax machine months ago if he didn’t need it for work. That’s because the Saskatchewan Health Authority keeps faxing him confidential patient information, most recently a five-page catheterization report that included a patient’s personal information, medical history and treatment recommendations. According to the provincial privacy czar,…
Aspire Health says stolen emails never opened, abandons hunt for hacker
Brett Kelman reports an update to a phishing incident in September: A large Nashville-based healthcare company that was hacked earlier this year said Tuesday an internal investigation has revealed the stolen emails were intercepted before they were ever opened by the cyberattacker. Aspire Health, which offers in-home treatment in 25 states, has also abandoned its legal hunt for the…
MN: About 500 impacted in Ramsey County Social Services data breach
Bisi Onile-Ere reports: A cyber attack on the Ramsey County Social Services may have comprised hundreds of clients’ private health information. In August, hackers gained access to the accounts of 28 employees in an attempt to divert their paychecks. “At Ramsey County this is the first time that we experienced something like this,” said John…
Pagosa Springs Medical Center pays $111,400 to settle OCR charges for failing to terminate employee’s access to ePHI after employment ended
Another enforcement action by HHS/OCR was announced today. This settlement involving Upper San Juan Health Service District (d/b/a Pagosa Springs Medical Center) is not an incident that I have been able to locate on HHS’s public breach tool or in this site’s records. According to the resolution agreement, the HHS investigation was opened in 2013. No,…