Of Note – Page 2 – DataBreaches.Net

HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information

Posted on January 8, 2025 by Dissent

Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…

PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts (2)

Posted on January 8, 2025January 9, 2025 by Dissent

Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…

HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems

Posted on January 7, 2025 by Dissent

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…

India’s Digital Data Protection Framework: Safety, Trust and Resilience

Posted on January 3, 2025January 3, 2025 by Dissent

Samaya Dharmaraj reports: In an era where digital transformation shapes every aspect of governance, business, and daily life, safeguarding citizens’ personal data has become a top priority for India. Recognising the critical need for a secure andaccountable digital ecosystem, the government has taken significant steps to establish a robust framework for data protection and cyber resilience. At…

No need to hack when it’s leaking: Roomster edition (1)

Posted on January 2, 2025January 9, 2025 by Dissent

There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…

Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations

Posted on December 31, 2024 by Dissent

TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…