Chris Riotta reports: The U.S. Department of Health and Human Services is ramping up digital efforts to protect Americans in a year that’s witnessed hackers targeting sensitive patient data and major breaches at Ascension and UnitedHealth. HHS is set to unveil a notice of proposed rulemaking requiring healthcare companies to encrypt data, conduct routine compliance…
Category: HIPAA
Kitsap Mental Health Services breach impacted sensitive patient information (1)
Update: DataBreaches did not spot it earlier, but on December 12, Kitsap Mental Health Services posted a notice on its website about a cyberattack that it reportedly detected on October 17, 2024. Investigation revealed that on September 17 and between October 8, 2024, and October 19, 2024, there was unauthorized access to their network and…
UT Southwestern Medical Center has disclosed at least four breaches since July 2023. Is HHS investigating?
How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…
Veterans Affairs’ Nurse Charged With Unlawfully Accessing Patient Health Information
Here’s today’s reminder of the insider threat. It’s a shame they don’t explain how the employee was able to access the patient’s information or why it was accessed. From the U.S.A.O. of the Western District of Michigan: GRAND RAPIDS – U.S. Attorney for the Western District of Michigan Mark Totten today announced that Jessica Nicole Pitcher,…
HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations
Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 incident affected 2,553 patients — as reported to HHS at the time. Today,…