Susan Morse reports: The Centers for Medicare and Medicaid Services and Wisconsin Physicians Service Insurance Corporation are mailing written notifications to 946,801 people whose protected health information or other personally identifiable information may have been compromised in a cyber breach. A security vulnerability was found in MOVEit software, a third-party application used in the transfer…
Category: HIPAA
HIPAA Security Rule Facility Access Controls – What are they and how do you implement them?
August 2024 OCR Cybersecurity Newsletter HIPAA Security Rule Facility Access Controls – What are they and how do you implement them? Available online at https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-august-2024/index.html In today’s environment of increased cyber-attacks and breaches of electronic protected health information (ePHI)1 caused by hacking, malware, or ransomware, HIPAA covered entities2 and business associates3 (collectively, “regulated entities”) may overlook the need for…
Business Associate Agreements Matter: Demystifying the Perceived Simplicity of HIPAA Agreements
Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…
Betances Health Center hit by ransomware attack; sensitive patient data leaked
On July 12, threat actors known as Hunters International added Betances Health Center in New York to their leak site. On July 25, they leaked what they claim is almost 125 GB of information consisting of 361,564 files. Betances Health Center describes itself as offering a full range of primary care and preventive services, as…
Why Did Change Health Lowball Its 1st Breach Report to Feds?
Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Insider Threat: Fake Therapist Fooled Hundreds Online Until She Died, State Records Say
In April 2023, Brightside Health, Inc. reported a breach to HHS that affected 767 patients. The incident was coded as “unauthorized access/disclosure” of information located in “EMR, other.” HHS’s closing statement on the public breach tool described the incident this way: The covered entity (CE), Brightside Health, reported that an unauthorized individual accessed the protected…