A second big settlement from HHS this week (you can find the first one here). HHS’s press release concerning a case that was previously reported on this site in 2014 follows. The incident also resulted in a class action lawsuit that was settled in 2019. CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the…
Category: Subcontractor
Are covered entities unnecessarily giving fundraisers PHI on patients?
I have no doubt that numerous sites will start generating “lessons learned” or “five takeaways” from the Blackbaud breach — if they haven’t done so already. And perhaps one of the consequences of this mega-breach needs to be a discussion of whether some entities are unnecessarily giving their fundraising arms or business associates too much…
Interim Report on the Blackbaud Breach: 3.4 Million Patients and Counting
The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some…
SC: In September, Roper St. Francis was busy sending notifications on two separate breaches
On September 3, ABC reported that Roper St. Francis was notifying 6,000 patients about a breach involving their protected health information. This week, you may have read that Roper St. Francis is notifying almost 93,000 patients. There are two unrelated incidents. The first involved the compromise of an employee’s email account in June that the…
CU Collections Notifies Customers of Data Security Incident
The following press release was released on Friday, September 11, after 5 pm. It appears to be the same press release CU Collections issued on July 29, with the exception that this one specifically mentions Wellspring Credit Union: CU Collections, LLC (“CU Collections” or the “Company”) announced today that it had suffered a data security…
CA: Enloe Medical Center also notifying patients after Blackbaud ransomware incident
Add Enloe Medical Center to those notifying donors and patients because of the ransomware incident that Blackbaud disclosed in July. You can read their notification here.