In August, I noted a ransomware attack on Marin Medical Practices Concepts (MMPC), a business associate providing billing and EMR services to many physicians. The ransomware prevented the physicians from accessing patient records for more than 10 days, and Marin decided to pay an undisclosed amount of ransom. In an August 4 statement, however, they…
Category: Subcontractor
Newest OCR settlement highlights need to review and update Business Associate Agreements
A newly announced settlement between HHS OCR and Care New England reinforces what DataBreaches.net and Protenus, Inc. have been trying to remind everyone of this week: pay more attention to your business associate agreements and do so regularly. Care New England Health System (CNE), on behalf of each of the covered entities under its common ownership…
Napa Valley Dentistry notifies patients after theft of server from storage facility
A dental practice that purchased another dentist’s practice in 2012 finds itself having to notify their patients and his former patients after the theft of a server from a storage facility. In a letter to their patients and those of Dr. Justin Quinn, Dr. Justin Newberry of Napa Valley Dentistry states that on August 11, they discovered that a password-protected…
MA: Codman Square Health Center notifies members after breach at NEHEN
Notice of breach of unsecured health information This is a notice for patients whose information is accessible through New England Healthcare Exchange Network (NEHEN). On July 13, 2016, Codman Square Health Center was notified that a health information exchange was accessed without authorization and against Codman’s policies. The individual accessed information of many individuals that…
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Vendor to offer protection to those affected by fishing and hunting licenses hack
Well, from reading news coverage, I knew this was coming, but here’s the official announcement: ACTIVEOutdoors, the vendor involved in the hack of several states’ hunting and fishing license sites, will be offering two years of credit monitoring services to people in three states. Here is their announcement: ACTIVEOutdoors announced today that on August 22, 2016, it became…