HIPAA – Page 8 – DataBreaches.Net

HIPAA Security Rule Facility Access Controls – What are they and how do you implement them?

Posted on August 25, 2024 by Dissent

August 2024 OCR Cybersecurity Newsletter HIPAA Security Rule Facility Access Controls – What are they and how do you implement them? Available online at https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-august-2024/index.html In today’s environment of increased cyber-attacks and breaches of electronic protected health information (ePHI)1 caused by hacking, malware, or ransomware, HIPAA covered entities2 and business associates3 (collectively, “regulated entities”) may overlook the need for…

Business Associate Agreements Matter: Demystifying the Perceived Simplicity of HIPAA Agreements

Posted on August 23, 2024 by Dissent

Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…

Betances Health Center hit by ransomware attack; sensitive patient data leaked

Posted on August 10, 2024August 10, 2024 by Dissent

On July 12, threat actors known as Hunters International added Betances Health Center in New York to their leak site. On July 25, they leaked what they claim is almost 125 GB of information consisting of 361,564 files. Betances Health Center describes itself as offering a full range of primary care and preventive services, as…

Why Did Change Health Lowball Its 1st Breach Report to Feds?

Posted on August 2, 2024 by Dissent

Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…

Insider Threat: Fake Therapist Fooled Hundreds Online Until She Died, State Records Say

Posted on July 2, 2024 by Dissent

In April 2023, Brightside Health, Inc. reported a breach to HHS that affected 767 patients. The incident was coded as “unauthorized access/disclosure” of information located in “EMR, other.” HHS’s closing statement on the public breach tool described the incident this way: The covered entity (CE), Brightside Health, reported that an unauthorized individual accessed the protected…

HHS OCR: Covered entities affected by the Change Healthcare breach may delegate tasks of providing HIPAA breach notifications to Change Healthcare

Posted on June 1, 2024 by Dissent

May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…