Scott Ikeda reports: While it is far from uncommon for an organization to announce that it has been hit by a ransomware attack, two in one week is an unusual event. Brazil’s Health Ministry is looking at extended downtime for the system that processes Covid-19 vaccination data as it attempts to recover from this exact…
The Medical Review Institute of America notifies patients of ransomware incident (updated)
The Medical Review Institute of America (“MRIoA”) collects protected health information (PHI) as part of providing clinical peer review for covered entities that request it (if the patient consents to provide info for the review). MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds…
Ninth Circuit overturns $1.7 million restitution order for Russian hacker
Maria Dinzeo reports: Russian hacker Yevgeniy Nikulin is off the hook for $1.7 million in restitution a federal judge ordered him to pay four tech companies whose user databases he breached in 2012. The Ninth Circuit overturned the award Wednesday, finding insufficient support for the amount of resources the companies claim to have spent trying to repair…
Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe.
Odia Kagan of Fox Rothschild writes: A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe. According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages…
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate
Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and HHS. But the time frame for discovery and notification has resulted in a potential…
N.J. volunteer EMS agency says patient data was breached
Leila Merrill reports: A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees. The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are…