Catalin Cimpanu has a good write-up about the multistate lawsuit against Medical Informatics that I noted earlier this week: Attorneys general from twelve US states have joined together to file the first-ever joint cross-state HIPAA lawsuit against a healthcare provider that got hacked in the summer of 2015. The lawsuit, filed in an Indiana court…
Category: Subcontractor
Florida contractor physicians’ group settles HHS claims after they failed to have a BA agreement in place with a vendor who had a breach
There is a follow-up to a 2014 breach reported on this site at the time. But it turns out there was an interesting twist to this case that HHS followed up. Here is their press release: Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the…
Medical Informatics sued by multiple states over 2015 breach
A 2015 hack of Medical Informatics stayed in the headlines for quite a while because it compromised the data, including health information, of 3.9 million people. In addition to suits filed by consumers, state attorneys general have also sued the business associate, as Dave Gong reports: Fort Wayne-based Medical Informatics Engineering Inc. failed to secure…
Indio Water Authority notifies residents of Click2Gov breach
In reviewing the Click2Gov breaches, I just discovered another one from October that I hadn’t posted on this site. Let’s remedy that now. Statement on Click2Gov Data Security Incident INDIO, CA (October 12, 2018) – Indio Water Authority (IWA) was informed in September of a cybersecurity incident potentially affecting the credit card information of customers…
IA: Data breach found in city of Ames’ parking ticket payment system. It’s Click2Gov, again.
The Ames Tribune reports on yet another breach report involving Click2Gov (by CentralSquare Technologies): A data breach to the city’s parking ticket payment system may have affected 4,600 customers who paid a city-issued ticket on the city’s online payment system between Aug. 10 and Nov. 19, city officials said Friday in a news release. […]…
Amendments to data breach notification law in Colorado impact HIPAA-regulated entities
Kiss that 60-days to notify patients HIPAA bit goodbye if you’re doing business in Colorado. Julie A. Sullivan and Loreli Wright of Greenberg Traurig, LLP write: Passed during the 2018 state legislative session, House Bill 18-1128 went into effect on Sept. 1, changing Colorado’s law on the protection of personally identifying information and the procedure businesses must…