Excellus Health Plan, Inc. has agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach…
Category: U.S.
Ronald McDonald House notifying almost 18,000 guests of Blackbaud breach
Those of us who frequently check state attorneys general sites are well aware that there are still many consumers and patients who are first being notified of the Blackbaud ransomware incident last year. Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. …
Co: Pitkin County COVID-19 case investigations inadvertently exposed online
PITKIN COUNTY, Colo., Jan. 14, 2021 /PRNewswire/ — Pitkin County learned of an incident that may affect the privacy of certain information and is providing notice so that affected individuals may take steps to better protect their personal information, should they feel it is appropriate to do so. To date, Pitkin County has seen no evidence that any personal information…
M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated
This is huge. Mary Anne Pazanowski reports: The University of Texas’s M.D. Anderson Cancer Center dodged a $4.3 million fine for losing over 35,000 people’s protected health information after the Fifth Circuit ruled Thursday that HHS acted arbitrarily and capriciously in finding that the provider violated two information security regulations. You can read more on…
Puget Sound Educational Service District reports data breach
Q13Fox reports: The Puget Sound Educational Service District (PSESD) sent out a notice to current and former students, and employees of King and Pierce County Schools, after learning of a data breach within their computer network. According to PSESD, they first learned of “unusual activity” in its network on or about July 25th of last year. Soon…
Unauthorized access of Stormont Vail’s internal vaccine scheduling site
Sarah Motter reports: TOPEKA, Kan. (WIBW) – News today from Stormont Vail CEO Dr. Robert Kenagy that their internal vaccine scheduling website was shared outside of their health system. Dr. Kenagy said that it appears as though an employee(s) shared the online vaccine scheduling program with people outside of Stormont Vail. In an email to…