Broward Health Data Breach Affects 1.3 Million Individuals
On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed...
New Jersey Settles with Cancer Center Over Business Email Compromise
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess...
No Private Right of Action under HIPAA, but State Law Claims May Still be Asserted
A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information. Nonetheless,...
OCR Announces 20th Settlement Under Right of Access Initiative
The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in...
Hospital Continues to Divert Patients Over a Week After Ransomware Attack
Eskenazi Health in Indianapolis has been diverting emergency department patients arriving by ambulance to other area hospitals since it shut down its network following a ransomware attack on August 4, 2021....
Fertility Clinic That Sent Sensitive Email to a Patient’s Work Group Faces Lawsuit
A fertility clinic in California cannot escape a lawsuit brought by a patient after the clinic sent private information to the individual’s entire work team. The clinic, Lane Fertility Institute for...
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI
The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health...
Connecticut Enacts Legislation to Incentivize Adoption of Cybersecurity Safeguards and Expand Breach Reporting Obligations
On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state. Cybersecurity risks...
HHS Warns Hospitals to Fix Security Vulnerability in PACs
In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture...
Las Vegas’ University Medical Center Hit with REvil Ransomware
University Medical Center in Las Vegas announced that it recently became the victim of a ransomware attack by REvil, a well-known threat actor that has attacked many hospitals and health systems...