The Medical Review Institute of America (“MRIoA”) collects protected health information (PHI) as part of providing clinical peer review for covered entities that request it (if the patient consents to provide info for the review). MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds…
Category: U.S.
Ninth Circuit overturns $1.7 million restitution order for Russian hacker
Maria Dinzeo reports: Russian hacker Yevgeniy Nikulin is off the hook for $1.7 million in restitution a federal judge ordered him to pay four tech companies whose user databases he breached in 2012. The Ninth Circuit overturned the award Wednesday, finding insufficient support for the amount of resources the companies claim to have spent trying to repair…
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate
Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and HHS. But the time frame for discovery and notification has resulted in a potential…
N.J. volunteer EMS agency says patient data was breached
Leila Merrill reports: A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees. The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are…
Former Uber Chief Security Officer to Face Wire Fraud Charges
SAN FRANCISCO – A federal grand jury handed down a superseding indictment today adding wire fraud to the list of charges pending against Joseph Sullivan for his role in the alleged attempted cover-up of the 2016 hack of Uber Technologies Incorporated, announced Acting United States Attorney Stephanie M. Hinds and FBI Special Agent in Charge…
WV: Monongalia Health System notifies patients and employees of data breach
Some reportable HIPAA breaches occur in the context of bad actors trying to re-route wire payments. Monongalia Health System in West Virginia seems to have suffered that type of breach. The incident impacted the email system of Monongalia Health System and its affiliated hospitals, Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company….