Long-time readers may recall a story in January 2017 about a luxury hotel that reportedly paid extortion to ransomware attackers because guests were locked in their rooms. Some of the story was ultimately considered to be fake news, although the whole scenario initially seemed possible at the time. Fast forward more than six years and …
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the details,…
California Privacy Protection Agency publishes new draft regulations addressing AI, risk assessments, cyber audits
Philip N. Yannella, Gregory P. Szewczyk, and Timothy Dickens of Ballard Spahr write: The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve…
Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health
On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities,…
Brazil’s government convicted for data leak exposed by The Brazilian Report
Amanda Audi reports: Federal government agencies were convicted for leaking data of beneficiaries of Auxilio Brasil, a flagship federal aid program now renamed as Bolsa Familia, to financial agencies offering payroll deduction loans to low-income Brazilians. Prior to elections last year, the administration of former President Jair Bolsonaro launched a program allowing people enrolled in…
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…