DataBreaches recently posted a press release from HHS OCR that announced a settlement with Cascade Eye and Skin Centers following a ransomware investigation. Theresa Defino of Report on Patient Privacy (RPP) dug into the incident and investigation more, and her reporting services as a great reminder that HHS’s press releases frequently do not really answer…
Category: HIPAA
General Hospital Cybersecurity Requirements Take Effect in New York
Mark Furnish and Jane M. Preston of Greenberg Traurig, LLP write: A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect Oct. 2, 2024. All general hospitals must comply with the new provisions within one year of the adoption…
When you don’t know why you are being notified of a breach, Tuesday edition (2)
On March 19, 2024, DataBreaches reported a ransomware attack targeting New York Plastic Surgical Group (a division of Long Island Plastic Surgical Group). According to one of the threat actors involved, the attack occurred on January 7 and involved both RADAR and AlphV (BlackCat) groups working together — AlphV to encrypt files and negotiate the ransom…
HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
In April 20218, DataBreaches reported a ransomware incident in February 2018 that had affected 81,550 patients of the Center for Orthopaedic Specialists (COS) – Providence Medical Institute (PMI) in California. The entity’s notification at the time indicated that patients’ names, dates of birth, details about medical records, and Social Security numbers had been involved in the…
Alaska Corrections contractor denies ACLU claim of ‘massive’ prisoner health data breach
Sage Smiley reports: The American Civil Liberties Union of Alaska said that it uncovered a “massive” violation of medical privacy laws by a software company used by the Alaska Department of Corrections. But the software company at the center of the complaint claims that’s “false and misleading,” and that there was no breach of data…
Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle
Jonathan Greig reports: Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would provide $1.3 billion for the Department of…