DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Category: HIPAA

The Office for Civil Rights Should Enhance Its HIPAA Audit Program to Enforce HIPAA Requirements and Improve the Protection of Electronic Protected Health Information

Posted on November 26, 2024 by Dissent

Issued on 11/21/2024 | Posted on 11/25/2024 | Report number: A-18-21-08014 To cut to the chase: What OIG Found OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR’s audits consisted…

Read more

HHS Office for Civil Rights Announces the Release of the Security Risk Assessment (SRA) Tool

Posted on November 1, 2024 by Dissent

Following up on a settlement yesterday that was HHS’s first enforcement action under OCR’s Risk Analysis Initiative, HHS OCR today released a security risk assessment tool.  Here is their statement about it: Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) are…

Read more

Summit Pathology Laboratories notified 1.8 million patients of a breach. Less than 48 hours later, they were sued. (1)

Posted on October 30, 2024November 2, 2024 by Dissent

On October 18, Summit Pathology and Summit Pathology Laboratories (“Summit”) in Colorado notified HHS of a breach affecting 1,813,538 patients. By October 21, personal injury law firms started reporting on the breach and recruiting potential plaintiffs. On October 22, Karen Alexander became aware that Summit had sent her and her family members notifications to their…

Read more

2nd Settlement Triggered by 2017 Ransomware Attack Costs WA Practice $100K; ‘Not a Breach’

Posted on October 21, 2024October 21, 2024 by Dissent

DataBreaches recently posted a press release from HHS OCR that announced a settlement with Cascade Eye and Skin Centers following a ransomware investigation. Theresa Defino of Report on Patient Privacy (RPP) dug into the incident and investigation more, and her reporting services as a great reminder that HHS’s press releases frequently do not really answer…

Read more

General Hospital Cybersecurity Requirements Take Effect in New York

Posted on October 9, 2024October 9, 2024 by Dissent

Mark Furnish and Jane M. Preston of Greenberg Traurig, LLP write: A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect Oct. 2, 2024. All general hospitals must comply with the new provisions within one year of the adoption…

Read more

When you don’t know why you are being notified of a breach, Tuesday edition (2)

Posted on October 8, 2024October 16, 2024 by Dissent

On March 19, 2024, DataBreaches reported a ransomware attack targeting New York Plastic Surgical Group (a division of Long Island Plastic Surgical Group).  According to one of the threat actors involved, the attack occurred on January 7 and involved both RADAR and AlphV (BlackCat) groups working together — AlphV to encrypt files and negotiate the ransom…

Read more
  • Previous
  • 1
  • …
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • …
  • 25
  • Next

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hunters International to provide free decryptors for all victims as they shut down
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.