More Stringent Application of HIPAA Right of Access Rules by OCR Results in $200,000 Penalty
Jan15

More Stringent Application of HIPAA Right of Access Rules by OCR Results in $200,000 Penalty

There is further evidence of the increasingly stringent application of the HIPAA Right of Access Rules by the HHS’ Office for Civil Rights (OCR) on healthcare providers that are not providing patients with timely access to their medical records following the announcement that a settlement had been reached with Banner Health to bring a HIPAA Right of Access investigation to a conclusion for $200,000. Under the HIPAA Privacy Rule...

Read More
Ransomware Attack Impacts Lake Region Healthcare
Jan13

Ransomware Attack Impacts Lake Region Healthcare

On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The attack caused disruption to daily processes and procedures at its offices in Fergus Falls, Battle Lake, Ashby, and Barnesville. They moved swiftly to mitigate the attack and implemented their downtime procedures that had been developed for situations such as...

Read More
Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients
Jan02

Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients

The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020. The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data. There has been no breach notification...

Read More
OCR Confirms HIPAA Rules on Disclosures of PHI to Health Information Exchanges
Dec21

OCR Confirms HIPAA Rules on Disclosures of PHI to Health Information Exchanges

The Department of Health and Human Services’ Office for Civil Rights has published guidance on the Health Insurance Portability and Accountability Act (HIPAA) Rules related to disclosures of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). HIEs are organizations that facilitate the sharing of electronic PHI (ePHI) between more than two...

Read More

SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach

SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation to a 2019 data breach that exposed consumers’ personal private data. The Nevada-based emergency services provider was made aware by security expert Jeremiah Fowler in 2019 that it had an improperly configured Elasticsearch database that was leaking patient private data. The...

Read More