From the SDNY, a press release involving an unnamed hospital in NYC. I’ll tell you more about this one after the press release: Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced that RICHARD LIRIANO was sentenced yesterday to 30 months in prison for engaging in a scheme to…
Search Results for: HCA
Ca: Two Telus Health medical service providers pay ransom after 60K client files accessed
David Paddon reports: The Medisys Health Group and its affiliate Copeman Healthcare say they paid an unspecified ransom to retrieve personal information for about 60,000 clients after detecting a security breach on Aug. 31. An email from Medisys head office in Montreal says privacy officials were notified Sept. 4, four days after the breach was…
Legal action underway over University of Cumbria data breach
Cumbria Crack reports: Students, staff and partners of universities across the UK who may have had their personal details leaked online are preparing to take legal action against the organisations amidst concerns that more should have been done to protect their data. Confidential information including names, dates of birth, addresses, phone numbers and email addresses…
Montefiore employee terminated after data breach affected up to 4,000 patient records
Jeff Lagasse reports: On Friday, Montefiore Medical Center alerted patients that a former employee had recently stolen personal information from roughly 4,000 patient records, which led Montefiore to terminate the employee upon learning of the security breach and potential identity theft. Read more on Healthcare Finance. Their story appears to have a typo in it, though: the…
Are covered entities unnecessarily giving fundraisers PHI on patients?
I have no doubt that numerous sites will start generating “lessons learned” or “five takeaways” from the Blackbaud breach — if they haven’t done so already. And perhaps one of the consequences of this mega-breach needs to be a discussion of whether some entities are unnecessarily giving their fundraising arms or business associates too much…
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often…