More Stringent Application of HIPAA Right of Access Rules by OCR Results in $200,000 Penalty
There is further evidence of the increasingly stringent application of the HIPAA Right of Access Rules by the HHS’ Office for Civil Rights (OCR) on healthcare providers that are not providing patients with timely access to their medical records following the announcement that a settlement had been reached with Banner Health to bring a HIPAA Right of Access investigation to a conclusion for $200,000. Under the HIPAA Privacy Rule...
Ransomware Attack Impacts Lake Region Healthcare
On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The attack caused disruption to daily processes and procedures at its offices in Fergus Falls, Battle Lake, Ashby, and Barnesville. They moved swiftly to mitigate the attack and implemented their downtime procedures that had been developed for situations such as...
Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients
The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020. The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data. There has been no breach notification...
OCR Confirms HIPAA Rules on Disclosures of PHI to Health Information Exchanges
The Department of Health and Human Services’ Office for Civil Rights has published guidance on the Health Insurance Portability and Accountability Act (HIPAA) Rules related to disclosures of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). HIEs are organizations that facilitate the sharing of electronic PHI (ePHI) between more than two...
SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach
SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation to a 2019 data breach that exposed consumers’ personal private data. The Nevada-based emergency services provider was made aware by security expert Jeremiah Fowler in 2019 that it had an improperly configured Elasticsearch database that was leaking patient private data. The...