From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This tool is designed to aid small…
Category: HIPAA
Health Data and Investigations: Between a Rock and a Hard Place
Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUMC disclosed records concerning treatment of transgender patients to the Tennessee Attorney General. According to the Attorney General, an investigation of…
One year later, Tift Regional Medical Center notifies patients of Hive attack
In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, including files with protected health information. On October 14, Tift notified HHS of an…
Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin
Columbus Regional Healthcare System (CRHS) is a non-profit organization in North Carolina licensed for 154 beds. The Daixin ransomware group claims that on May 18, they encrypted the hospital’s servers after exfiltrating data and deleting backups. A Ransom Demand and Failed Negotiations A spokesperson for Daixin tells DataBreaches that three days after they encrypted the…
HHS OCR settles charges against Manasa Health Center for disclosing PHI in response to a negative online review
New Jersey psychiatry practice pays $30,000 to settle complaint about impermissible disclosure of protected health information by disclosing this information in online review Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announces a settlement with Manasa Health Center, LLC, a health care provider in New Jersey that provides…
Two ransomware groups claimed to have attacked Albany ENT & Allergy Services and leaked data, but AENT doesn’t mention that at all in their notification?
On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…