U.S. – Page 486 – DataBreaches.Net

Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach

Posted on July 27, 2020 by Dissent

In April, 2017, Lifespan issued a statement disclosing a stolen laptop incident involving unencrypted protected health information. In at least two places in their statement they claim that they are committed to protecting the security and confidentiality of patient data. Today, OCR announced a settlement with Lifespan in which Lifespan is to pay more than…

White House Tells EPIC to Delete COVID-19 Records, EPIC Declines

Posted on July 26, 2020 by Dissent

I usually post items from EPIC.org over on PogoWasRight.org, but this one gets posted as a government breach on this site, too. In an unusual development, the White House directed EPIC this week to delete a set of records that EPIC recently obtained from the Office of Science & Technology Policy—a request which EPIC declined….

University of Utah notifying patients after phishing attack

Posted on July 25, 2020 by Dissent

Did University of Utah Health really have three phishing incidents this year? Maybe not. I was confused when I saw a new listing on HHS’s public breach tool this week. The incident, reported to HHS on July 20, reportedly affected 10,000 patients and involved PHI located in email. As such, it seemed to match an…

Keizer discloses costs of recovering from recent ransomware attack

Posted on July 24, 2020 by Dissent

When Keizer, Oregon was attacked in June with ransomware, the attackers demanded $48,000, and the city paid. Now Keizer Times reports that the costs of recovering city data and preventing future digital strikes have already exceeded $60,000. Among the costs, which will be detailed more at a later date: — To handle negotiations with the…

Garmin services and production go down after ransomware attack

Posted on July 23, 2020 by Dissent

Catalin Cimpanu reports: Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official…

Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements

Posted on July 23, 2020 by Dissent

There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…