Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new…
Category: HIPAA
“Without Undue Delay, Part 1:” Update on earlier ransomware cases
In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…
As 2020 draws to a close, it still takes too long to detect and notify patients of most breaches
The press release below the separator includes the kind of timeline that we often see in breach disclosures where an employee’s email account has been hacked. It continues to take many entities too long, in this blogger’s opinion, to detect breaches of their systems, then determine that PHI was involved, and then notify. In this…
EXCLUSIVE: Conti describes how they attacked Leon Medical Centers; shows DataBreaches.net almost 2 million patient-related files
I’ve always resisted any urge to write a “worst breaches of the year” piece at the beginning of December because I just know that if I do, there’s going to be something that would be on my “worst” list if only I had waited a few weeks. The Conti ransomware attack on Leon Medical Centers…
Riverside Community Care notifies clients of October ransomware attack
On November 9, DataBreaches.net posted a commentary calling for patients to be notified sooner when their data had been stolen and dumped by ransomware threat actors. In the companion article to that post, Without Undue Delay, specific victims were listed with comments as to whether they had notified patients or not. One of those victims who…
FL: Agency for Community Treatment Services, Inc. Notification of Ransomware Attack
Press release: TAMPA, Fla., Dec. 24, 2020 /PRNewswire/ — The Agency for Community Treatment Services, Inc. (“ACTS”) announced today that it has taken action after learning of a data security incident which may have compromised the personal information and/or protected health information of patients who received care from ACTS from 2000 through 2013. ACTS began providing notice…