A large New York hospital system learned this lesson the expensive way. According to a U.S. Department of Health and Human Services (HHS) press release issued earlier this week, the
Continue Reading One of Three $3 Million Lessons: Encrypt Mobile Devices
breach
Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information…
Continue Reading Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
Ransomware Claims A Victim
A two-physician practice in Battle Creek, Michigan is reportedly the first health care provider to cease operations as a result of a ransomware attack. The Minneapolis Star Tribune reports that…
Continue Reading Ransomware Claims A Victim
Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s…
Continue Reading Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
The Heavy Hit of HIPAA: Violations May Send You to Jail
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that…
Continue Reading The Heavy Hit of HIPAA: Violations May Send You to Jail
Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable)
Individuals who have received notice of a HIPAA breach are often offered free credit monitoring services for some period of time, particularly if the protected health information involved included social…
Continue Reading Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable)
Lack of Preparedness and Government Access Top Data Security Agenda
The private sector is still not prepared – and generally lacks the knowledge – to respond effectively to a major cyber breach, according to 80 percent of respondents in a…
Continue Reading Lack of Preparedness and Government Access Top Data Security Agenda
Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
The following post was contributed by our colleague Lucy Li.
HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses…
Continue Reading Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
Health System Settles for $1.5 Million for Failing To Implement Business Associate Agreement
Matthew Redding contributed to this post.
It’s a familiar story: a HIPAA breach triggers an investigation which reveals systemic flaws in HIPAA compliance, resulting in a seven-figure settlement. A stolen…
Continue Reading Health System Settles for $1.5 Million for Failing To Implement Business Associate Agreement
Hackers: Take My Health Information, But Please Don’t Take My Health
We know by now that protected health information (PHI) and other personal information is vulnerable to hackers. Last week, the Washington Times reported that the Department of Health and Human…
Continue Reading Hackers: Take My Health Information, But Please Don’t Take My Health