Threat actors known as Vice Society have disclosed another attack on the healthcare sector. This time, the victim is United Health Centers of the San Joaquin Valley in California. Lawrence Abrams of BleepingComputer reports: On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United Health Centers was reeling from a…
Category: HIPAA
Reports of ePHI breaches are everywhere, but not always were you might look
There are a number of journalists or sites that monitor news and legal notices for disclosures of breaches involving protected health information (PHI). And it’s tempting, when you see that the entity is a business, to just skip on by. But don’t. If a business has a health plan for employees, then they may be…
Ransomware Resources for HIPAA Regulated Entities
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…
Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List
Theresa Defino writes: Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other HIPAA-regulated entities. And by all means, get cracking. In a series of interviews with RPP, two former Office for…
California Breach Regulations Applicable to Health Care Facilities Align “Breach” Definition with HIPAA, Expand Reporting Obligations, and Clarify Penalty Structure
Jennifer Hennessy, Chloe Talbert, and Jennifer Urban of Foley Lardner write: California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in…