ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, have issued a press release about a data breach affecting patient data. Their notice states, “It was determined that in March 2022, an employee email account was compromised and accessed by an unauthorized third party.” The types of patient information that may have been…
Category: Health Data
San Bernardino Sheriff’s Department update: can’t rule out that PII and PHI were accessed in ransomware attack
The Fontana Herald News alerts us to an update by the San Bernardino County Sheriff’s Department concerning the ransomware attack they experienced in early April. The county now states that they have been unable to determine definitively if personally identifiable information (PII) and protected health information (PHI) were accessed. From the county’s June 23 notice:…
Mount Desert Island Hospital notifies 24,180 patients of April network attack
On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there…
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
Paying the ransom: Hospitals face hard choices in cyberattacks | Special Report
Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it. But what are they paying it…
Breach of the Protection Obligation by Fullerton Healthcare and Agape CP Holdings
From the Privacy and Data Protection Commission of Singapore, there’s an update to a breach that was previously disclosed in October 2021: A financial penalty of $58,000 and $10,000 was imposed on Fullerton Healthcare and Agape CP Holdings respectively for failing to put in place reasonable security arrangements to protect personal data belonging to Fullerton…