According to this article, 2021 has been a “particularly dire year” for health care data breaches. So, it may not seem shocking that a hacker gained access to the protected health information of approximately 400,000 Planned Parenthood Los Angeles patients in October. What is unusual about this particular hacking incident is its timing. Planned
Holiday Weekends Provide No Time Off From Cyber Threats
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory aimed at reminding businesses to be on guard over the Labor Day and other holiday weekends against cyberattacks.
History has shown threat actors often ramp up ransomware and other attacks over holidays when businesses let down their guard.
Nate
No Signs of Slowing Down: The OCR Settles another Investigation under the HIPAA Right of Access Initiative
Prior to the holiday, the OCR settled its thirteenth enforcement action under the HIPAA Right of Access Initiative, which involved a primary care physician practicing in the State of Georgia. Dr. Peter Wrobel, M.D., P.C., operating under the fictitious name of Elite Primary Care, became subject to an OCR investigation (twice) for his alleged violations
The OCR Remains Increasingly Active under the HIPAA Right of Access Initiative
The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently settled four more investigations under the HIPAA Right of Access Initiative, which totals 11 settlements thus far. In September, the OCR released a press release detailing its settlement of five additional actions under the HIPAA Right of Access Initiative. In
Which Privacy Protections Apply? HIPAA, FERPA and COVID-19
A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their
Employer Collection of COVID-19 Data and Employee Privacy
The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.
OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department
FTC Offers Tips for Data Protection in Products Related to Fighting COVID-19
From Fox Rothschild’s Privacy Compliance & Data Security blog
The Federal Trade Commission (FTC) has offered tips for data protection during the COVID-19 crisis.
- Consider privacy and security as you’re developing your products and services, and not after launch. Although we will be flexible and reasonable when it comes to bringing enforcement actions against companies
Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords
A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.
Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are
New York Attorney General Warns Health Care Industry of COVID-19 Cyber Scams
The New York Attorney General has issued a warning to healthcare providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information. Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on
OCR Warning: Phone Scammer Posing as Investigator to Obtain PHI
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning that it has received reports that someone has been impersonating an OCR inspector in an effort to access HIPAA Protected Health Information (PHI).
According to the agency: “The individual identifies themselves on the telephone as an OCR investigator, but