ransomware

Holiday Weekends Provide No Time Off From Cyber Threats

By Fox Rothschild LLP on September 3, 2021

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory aimed at reminding businesses to be on guard over the Labor Day and other holiday weekends against cyberattacks.

History has shown threat actors often ramp up ransomware and other attacks over holidays when businesses let down their guard.

Nate

…

How the Grinch Steals Health Care Data: OCR Warnings and Tips in Time for the Holidays

By Elizabeth G. Litten on December 4, 2019

More and more often, health care data is stolen or made inaccessible by targeted ransomware attacks. The Office for Civil Rights (OCR) published a newsletter this week that provides warnings for HIPAA covered entities and business associates. It also provides practical tips to prevent and help you survive these attacks.

OCR’s warnings should resonate with…

Ransomware Claims A Victim

By William Maruca on April 17, 2019

A two-physician practice in Battle Creek, Michigan is reportedly the first health care provider to cease operations as a result of a ransomware attack. The Minneapolis Star Tribune reports that Brookside ENT experienced a malware attack that deleted and overwrote every medical record, bill and appointment in the practice’s system, including backups, and created encrypted…

Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches

By Elizabeth Litten on September 14, 2016

Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer than 500 individuals). The week before that, my partner and fellow blogger Michael Kline wrote about OCR’s guidance on responding to cybersecurity incidents. Today, TechRepublic…

Eight Tips to Confront the New Initiative by HHS on PHI Security

By Michael Kline on September 5, 2016

In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its emphasis is more on privacy of protected health information (“PHI”) than on security of PHI. Its July 2016 article draws attention to the need by…

Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA

By Elizabeth Litten on March 28, 2016

The following post was contributed by our colleague Lucy Li.

HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA. Similarly, when…

Hacked Health Records Prized for their Black Market Value

By William Maruca on March 16, 2015

I received a disturbing robo-call over the weekend informing me that someone had attempted to use my credit card number fraudulently in a retail store in the next county. When I called back and verified these were not legitimate charges, my card issuer assured me that I would not be financially responsible, canceled my card…

menu

HIPAA & Health Information Technology