Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful. In the complaint filed Tuesday in a Texas federal court,…
Category: U.S.
Patients at an Ohio rehab hospital were notified of breach. Was that breach part of a coordinated attack on Ernest Health hospitals?
Lauren Lindstrom reports: An undisclosed number of patients at the Rehabilitation Hospital of Northwest Ohio had their personal data compromised after “unauthorized access” to employee email accounts in October, hospital officials said. Patient data, including names, Social Security numbers, driver’s license information, dates of birth, and health insurance and patient care information, was contained in…
PA: Community College of Allegheny County discloses breach of former students’ info
Oof. Community College of Allegheny County responded to a public records request concerning former students. They redacted student PII,in the spreadsheets, but due to “technical failures in the redaction process,” the data could be unmasked. Read the notification to the Vermont Attorney General’s Office.
Two newly revealed phishing attacks in 2018 potentially compromised 41,000 patients’ ePHI
Every time I think I’m ready to total out the March data on health data attacks or incidents, another incident pops up belatedly on HHS’s site. This time, there were two reports that I had to add yesterday. One was a report from Palmetto Health in South Carolina (now part of Prisma). Palmetto reported that…
Hacker breached Minnesota state agency e-mail, placing data of 11,000 at risk
Chris Serres reports: A data breach last year at the state agency that oversees Minnesota’s health and welfare programs may have exposed the personal information of approximately 11,000 individuals. The state Department of Human Services (DHS) notified lawmakers Tuesday that an employee’s e-mail account was compromised as a result of a cyberattack on or about…
Yahoo strikes $117.5 million data breach settlement after earlier accord rejected
Jonathan Stempel reports: Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She…