Logan Health has agreed to settle a class action lawsuit related to a 2021 hacking incident that exposed the protected health information of 213,543 individuals. Under the terms of the settlement, Logan Health has agreed to create a fund of $4.3 million to cover claims from individuals affected by the breach. Logan Health, formerly Kalispell… Read More »
Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data. CommonSpirit Health announced in early October that it was dealing with a cyberattack that took down… Read More »
For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), albeit only by 1.13% with 707 data breaches of 500 or more records reported. Even with that reduction, 2022 still ranked as the second-worst-ever… Read More »
A round-up of data breaches that have recently been reported to the HHS’ Office for Civil Rights and state Attorneys General. BayCare Clinic Announced Pixel-Related Data Breach The Wisconsin-based healthcare provider, BayCare Clinic, LLP, has recently announced that the protected health information of up to 134,000 of its patients has been impermissibly disclosed to unauthorized… Read More »
It has been almost 27 years since the Health Insurance Portability and Accountability Act (HIPAA) was signed into law, more than 2 decades since the Privacy Rule was enacted, and this February will be the 20th anniversary of the HIPAA Security Rule. This article is the second in a series that explores the benefits of… Read More »
There are many benefits of using AI in healthcare, including the acceleration of drug development and medical image analysis, but the same AI systems that benefit healthcare could also be used for malicious purposes such as malware development. The Health Sector Cybersecurity Coordination Center (HC3) recently published an analyst note summarizing the potential for artificial… Read More »
An inspection of information security at Tuscaloosa VA Medical Center in Alabama by the VA Office of Inspector General (OIG) uncovered deficiencies in three of the four assessed security control areas. The OIG inspection covered configuration management, contingency planning, security management, and access controls, with deficiencies identified in configuration management, security management, and access controls.… Read More »
A Washington therapist, Robert S. Miller LICSW, ACSW (RSM), has recently notified 640 current and former clients about a phishing incident that resulted in the exposure of some of their protected health information. State laws require notifications to be sent to state attorneys general when there has been a breach of the private information of… Read More »
ADEC Innovations Healthcare has recently been confirmed as being in full compliance with all appropriate provisions of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules, and the HITECH Act. ADEC Innovations Healthcare is a service provider to the healthcare industry, providing a range of services to reduce the administrative burden on healthcare organizations, including… Read More »
The Massachusetts-based medical device company, Insulet Corporation, has recently notified 29,000 of its Omnipod DASH customers about a recent privacy breach. A Medical Device Correction letter was recently sent to customers. Due to the importance of applying the update, a follow-up receipt acknowledgment request was sent via email on December 1, 2022. The emails included… Read More »