Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…
Category: Subcontractor
From the “I Wouldn’t Hold My Breath Department”
We understand why courts issue such injunctions and rulings, but still… PA News Agency reports: Hackers responsible for a cyber attack that led to more than 10,000 NHS appointments being cancelled have been ordered by a High Court judge to “unmask” themselves and return or delete stolen data. Pathology services provider Synnovis was targeted by…
Surgery Center of Mid Florida notifies patients of February ransomware attack
On or about February 21, Surgery Center of Mid Florida (“SCOMF”) experienced a ransomware attack. No group has publicly claimed responsibility for the attack, but it originated with an attack on their now-former IT vendor. The attack on the unnamed vendor gave the attackers access to SCOMF. In August, SCOMF notified regulators, explaining, in part:…
Number of appointments at NHS trusts impacted by cyber attack passes 10,000
The Jersey Evening Post reported: More than 10,000 appointments have been cancelled at the two London NHS trusts that were worst affected by a cyber attack earlier this summer, new figures have revealed. Pathology services provider Synnovis was the victim of a ransomware attack by Russian cyber gang Qilin on June 3. An update from…
UK: Provisional decision to impose £6m fine on software provider Advanced following 2022 ransomware attack
The following statement by the Information Commissioner’s Office concerns a devastating 2022 ransomware attack by LockBit3.0 on Advanced Computer Software Group (“Advanced”), an IT vendor for the UK’s National Health Service (NHS). Here is the ICO’s statement about Advanced: We have provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m, following an initial…
Cencora confirms patient health info stolen in February attack
Over on Bleeping Computer, Lawrence Abrams reports that Cencora confirmed that protected health information was involved in the February cyberattack in its recent SEC filing, As DataBreaches previously reported, a number of Cencora—-Lash Group’s clients disclosed that personal and protected health information (PHI) was involved when they sent out notifications to their patients in May…