Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...
Does Amazon Web Services Comply with HIPAA?
Under the Healthcare Insurance Portability and Accountability Act, all providers of a product or service that ‘touches’ PHI are deemed to be business associates and are required to comply with HIPAA Rules. That means appropriate safeguards must be implemented to ensure the confidentiality, integrity, and availability of any PHI that is available through their products or services. Any healthcare entity or vendor obligated to comply...
Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People
The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that is was hit by a ransomware attack in which the personal and protected health information of patients of St. Mary’s Health Care System in Athens, GA may have been accessed or obtained by cybercriminals. An unauthorized person obtained access...
Lack of Encryption & Other HIPAA Breaches Leads to $1m HIPAA Penalty for Lifespan
The HHS’ Office for Civil Rights has sanctioned a $1,040,000 HIPAA penalty on Lifespan Health System Affiliated Covered Entity (Lifespan ACE)after identifying systemic noncompliance with the HIPAA Rules. Lifespan is a not-for-profit health system located in Rhode Island that has many healthcare provider affiliates in the state. On April 21, 2017, a breach report was submitted with OCR by Lifespan Corporation, the parent company and...
Portals Accessed Using Stolen Credentials of Health Plan Members
Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...