Jose Fabian provides details on a Sacramento County phishing incident reported to HHS last month: Hundreds of records containing personal information of Sacramento County residents were exposed in a phishing attack last year, the county said. Sacramento County said 2,096 protected health information and 816 personal identifiable records were exposed during a cyber attack on June…
Revised Health Breach Notification Rule resources spell out companies’ legal obligations
Lesley Fair writes: Shoppers can find a plethora of apps, trackers, and sensors that hold or capture almost every conceivable form of personal health information. If your business or nonprofit offers products like that or provides certain services to entities that do – and you aren’t subject to HIPAA – you may be covered by…
HHS Brief: Log4J Vulnerabilities and the Health Sector
The HHS Cybersecurity Program has issued a new brief this week: Log4J Vulnerabilities and the Health Sector You can access it at https://www.hhs.gov/sites/default/files/log4j-vulnerabilities-health-sector.pdf
New Loop: Data Breach to Lawsuit
Matt Fisher writes: A recurring pattern has developed when it comes to data breaches. The first part of the pattern is that healthcare is under constant cyber attacks that challenge security measures while aiming to get access to private and sensitive information within the systems. The prevalence of data breach notifications underscores how frequently security…
NYU Langone notified 1,123 patients of privacy issue due to mailing vendor error
NYU Langone Health notified patients the week of January 4, 2022, about a potential privacy incident resulting in misdirected, limited patient information. The incident occurred on or about November 12, 2021, when a communication was sent via U.S. mail to inform patients of a planned relocation of an NYU Langone Health oncology surgeon originally based…
GA: Peachtree Orthopaedic Clinic reports breach to HHS
It appears that Peachtree Orthopaedic Clinic in Georgia reported a breach to HHS on January 3 that impacted 53,686 patients. They reported the breach as “hacking — other.” There is nothing on their website at this time to explain the incident and so far, I have found no press release. The only additional information at…