Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the details,…
Category: U.S.
Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health
On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities,…
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…
MS: Hinds County computer system remains under ransomware attack
Angela Williams reports: Hinds County is still experiencing computer issues following a cyberattack. The tax collector’s office will remain closed on Monday. The Circuit Clerk Office has also canceled jury duty for the week. Hinds County Administrator, Kenny Wayne Jones said in a statement, “Our systems and networks are being assessed, the process is intricate…
Russian man with Kremlin ties gets 9 years in US prison for hacking and insider trading scheme
Alanna Durkin Richer reports: A wealthy Russian businessman with ties to the Kremlin was sentenced Thursday to nine years in prison for his role in a nearly $100 million stock market cheating scheme that relied on secret earnings information stolen through the hacking of U.S. computer networks. Vladislav Klyushin, who ran a Moscow-based information technology company that…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…