News
Broward Health Data Breach Affects 1.3 Million Individuals

On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed...

Read more
News
New Jersey Settles with Cancer Center Over Business Email Compromise

One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess...

Read more
News
No Private Right of Action under HIPAA, but State Law Claims May Still be Asserted

A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information.  Nonetheless,...

Read more
News
OCR Announces 20th Settlement Under Right of Access Initiative

The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in...

Read more
News
Hospital Continues to Divert Patients Over a Week After Ransomware Attack

Eskenazi Health in Indianapolis has been diverting emergency department patients arriving by ambulance to other area hospitals since it shut down its network following a ransomware attack on August 4, 2021....

Read more
News
Fertility Clinic That Sent Sensitive Email to a Patient’s Work Group Faces Lawsuit

A fertility clinic in California cannot escape a lawsuit brought by a patient after the clinic sent private information to the individual’s entire work team. The clinic, Lane Fertility Institute for...

Read more
News
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health...

Read more
News
Connecticut Enacts Legislation to Incentivize Adoption of Cybersecurity Safeguards and Expand Breach Reporting Obligations

On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state. Cybersecurity risks...

Read more
News
HHS Warns Hospitals to Fix Security Vulnerability in PACs

In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture...

Read more
News
Las Vegas’ University Medical Center Hit with REvil Ransomware

University Medical Center in Las Vegas announced that it recently became the victim of a ransomware attack by REvil, a well-known threat actor that has attacked many hospitals and health systems...

Read more