I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
Category: U.S.
Co-conspirator in Steubenville computer-hacking case is sentenced to 8 months
Greg Kocher reports: A computer hacker was sentenced Monday to eight months in prison for his role in helping a Winchester resident known online as “KYAnonymous” compromise a website and get involved in a controversy surrounding a rape case in Steubenville, Ohio. Noah McHugh, 26, of Alexandria, Va., had pleaded guilty in September to one…
Marijuana dispensaries hit by hack of tracking software system
Dan Adams reports: Marijuana shops across the country, including seven medical dispensaries in Massachusetts, are being affected by the apparent hack of a sales and inventory system widely used in the cannabis industry. […] MJ Freeway, a Denver company whose “seed-to-sale” tracking software is used by hundreds of marijuana companies to comply with state regulations,…
Cosmetic surgery center discloses ransomware attack
The Susan M. Hughes Center is a cosmetic surgery and medical spa with locations in New Jersey and Pennsylvania. On December 27, they notified HHS of a ransomware incident affecting 11,400 patients. The following is their statement about the incident: The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This…
Princeton University becomes victim of MongoDB ransom attacks
Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back. The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access…
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…