OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …
Category: U.S.
Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains; Two Other Chains Also Notifying Customers
Brian Krebs reports: Two financial industry sources who track payment card fraud and asked to remain anonymous for this story said the four million cards were taken in breaches recently disclosed by restaurant chains Krystal, Moe’s, McAlister’s Deli and Schlotzsky’s. Krystal announced a card breach last month. The other three restaurants are all part of the same parent company and…
PA: UPMC Susquehanna admits employee snooped in co-worker’s medical records
John Beauge reports: UMPC Susquehanna admits that one of its employees improperly looked at the protected health information of a co-worker who had missed work following a brutal assault. The admission is contained in a letter attached to the Lycoming County court complaint of Taylor Fausnaught, who is suing the health system and employee Tasha…
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Dark Reading reports: The New York Police Department (NYPD) pulled its LiveScan fingerprint tracking system offline after a ransomware virus spread to 23 machines connected to the database over the weekend. The incident began on October 5, when a contractor installing a digital display at a Queens police academy plugged in an infected NUC mini-PC,…
NE: Great Plains Health hit by ransomware
NBC reports: According to Great Plains Health officials, around 7 p.m. Monday, ransomware was detected in the Great Plains Health computer network. The hospital’s information systems team immediately identified the issue and worked through the night to minimize the impact to local health services. Read more on NBC.
Paterson school district spent $13,800 on data breach investigation. But won’t make findings public.
Jayed Rahman reports on a breach that has been characterized by substandard incident response by the school district from the outset: Superintendent Eileen Shafer’s administration spent $13,816 in public funds in its investigation of the data breach that claimed tens of thousands of school district passwords, according to public documents reviewed by the Paterson Times….