In a recent white paper I co-authored with Protenus, Inc., we noted the significant risks of a breach involving a vendor or business associate. In following up in a subsequent post, I also included a “pop quiz” for readers to use to test their understanding about the terms of any contract they have in terms of…
Search Results for: HCA
GA: Martin Army Community Hospital can’t individually notify 1,000 patients impacted by insider breach that began in 2011
Larry Gierer reports: All patients who received care through the Martin Army Community Hospital healthcare system are alerted that a possible HIPAA breach occurred at Fort Benning between January 2011 and December 2013. According to a news release on Sunday, the breach was discovered after the hospital was alerted of undetected criminal activity involving identity…
UPDATE: 5,000 Marin Medical Practices Concepts patient records lost during recovery from ransomware attack
In August, I noted a ransomware attack on Marin Medical Practices Concepts (MMPC), a business associate providing billing and EMR services to many physicians. The ransomware prevented the physicians from accessing patient records for more than 10 days, and Marin decided to pay an undisclosed amount of ransom. In an August 4 statement, however, they…
Two more hacks with ransom demands, but is anyone paying? Part 2.
As noted in Part 1, hackers continue to issue ransom demands, but going to the media to put pressure on hacked entities does not seem to have improved their chances of convincing their victims to pay the ransom. In Part 1, I reported on what appears to be a hack of VI Pay, Inc., a payroll…
Two more hacks with ransom demands, but is anyone paying? Part 1.
Over the past few months, DataBreaches.net has reported on a number of hacking incidents where the attackers demanded ransom if the victims did not want to see their data publicly dumped or put up for sale. Some of the incidents involved TheDarkOverlord, who attacked a number of clinics in the healthcare sector. Other incidents involved a self-described…
Newest OCR settlement highlights need to review and update Business Associate Agreements
A newly announced settlement between HHS OCR and Care New England reinforces what DataBreaches.net and Protenus, Inc. have been trying to remind everyone of this week: pay more attention to your business associate agreements and do so regularly. Care New England Health System (CNE), on behalf of each of the covered entities under its common ownership…