In March, Texas Medical Liability Trust on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance, Inc., a Risk Retention Group (collectively “TMLT”) filed a breach notification with the Maine Attorney General’s Office. That submission indicated that 625 individuals had been affected by a breach that occurred…
Category: Health Data
Hospital Sisters Health System’s CFO exits as it continues to handle ‘cybersecurity incident’
On August 29, DataBreaches reported that Hospital Sisters Health System (HSHS) and Prevea Health appeared to have been the victims of a ransomware attack. As of today, the notice on Prevea Health states, “HSHS and Prevea are experiencing a systemwide outage of clinical and administrative applications.” Prevea continues to describe it as a temporary outage….
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the details,…
Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health
On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities,…
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…