The Wilsonville, OR-based home health care service provider and nursing home operator, Avamere Holdings, is facing a class action lawsuit over a major data breach that affected 96 senior living and healthcare facilities and resulted in the exposure of the protected health information of more than 380,000 individuals. The breach occurred Avamere Health Services –… Read More »
EmergeOrtho, a North Carolina orthopedic practice, has recently notified 75,200 patients that some of their protected health information has been accessed by unauthorized individuals. According to EmergeOrtho’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on May 18, 2022. The forensic investigation confirmed that the threat actors behind the attack had accessed… Read More »
A cyberattack and data breach has been reported by LastPass, the provider of the world’s most popular password management solution. According to LastPass, there are around 30 million users of its password manager solution globally, including 85,000 business customers. Notifications have been sent to customers to inform them about the cyberattack and provide reassurances that while… Read More »
Sensitive information is being shared with data brokers and advertisers for the purpose of serving targeted advertisements, and not just by health apps and fitness trackers. HIPAA-covered entities are also sharing the health data without patient consent, which puts them at risk of regulatory fines and lawsuits. Many consumer health apps collect sensitive health data,… Read More »
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the Healthcare and Public Health Sector (HPH) about a relatively new ransom threat group called Karakurt, which is known to have conducted hacking and extortion attacks on the HPH sector. These attacks are similar to attacks conducted… Read More »
Methodist McKinny Hospital in Texas has recently announced that its systems have been accessed by unauthorized individuals who removed files containing sensitive data from its systems. The security incident was detected on July 5, 2022, and a third-party cybersecurity firm was engaged to investigate the nature and scope of the incident. The investigation confirmed that… Read More »
Humana & Cotiviti have agreed to settle a class action lawsuit to resolve claims from individuals affected by a 2020 data breach that exposed the PHI of 64,654 individuals. Humana had contracted with Cotiviti to assist with medical record requests to verify the data it reports to the HHS’ Centers for Medicare and Medicaid Services.… Read More »
Compliancy Group has confirmed that My Office Apps Inc. has demonstrated its good faith effort toward HIPAA compliance and was found to have taken all the necessary steps to comply with all appropriate provisions of the Health Insurance Portability and Accountability Act (HIPAA). My Office Apps is a developer of business improvement software and automation solutions, including… Read More »
Onyx Technologies, a Largo, MD-based provider of Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), has recently notified 96,814 health plan members that some of their protected health information has potentially been compromised. On June 28, 2022, Onyx discovered its computer systems had been accessed by unauthorized individuals, who… Read More »
Massachusetts-based New England Dermatology P.C., dba New England Dermatology and Laser Center (NDELC), has agreed to settle a HIPAA violation case with the HHS’ Office for Civil Rights (OCR) and has paid a $300,640 penalty to resolve alleged violations of the HIPAA Privacy Rule. On May 11, 2021, NDELC notified OCR about a privacy breach… Read More »