Following the Internet Organised Crime Assessment (IOCTA) 2023, today Europol published the spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”. It examines developments in cyber-attacks, discussing new methodologies and threats as observed by Europol’s operational analysts. The report also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting…
Category: HIPAA
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized…
HHS Security Risk Assessment Tool Version 3.4 and Webinars
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This tool is designed to aid small…
Health Data and Investigations: Between a Rock and a Hard Place
Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUMC disclosed records concerning treatment of transgender patients to the Tennessee Attorney General. According to the Attorney General, an investigation of…