The Government Accountability Office (GAO) has launched a rapid response survey of healthcare organizations and business associates covered by the Health Insurance Portability and Accountability Act (HIPAA) seeking feedback on their experiences reporting data breaches to the Secretary of the Department of Health and Human Services (HHS). The questionnaire will remain open until 4 p.m.… Read More »

Advocates Inc., a Massachusetts-based nonprofit provider of support services for individuals experiencing life challenges such as addiction, autism, brain injury, intellectual disabilities, mental health, and behavioral health, has announced it recently experienced a sophisticated cyberattack and data theft incident. Advocates was informed on October 1, 2021, that an unauthorized individual had gained access to its… Read More »

2021 has been a tough year for the healthcare industry with huge numbers of data breaches occurring and vast numbers of healthcare records exposed as hackers stepped up their attacks on healthcare providers and ransomware actors ran riot.  The HHS’ Office for Civil Rights has continued to impose large numbers of fines on covered entities… Read More »

Data breaches have recently been reported by Houston Area Community Services, County of Kings in California, and NYU Langone Health. Avenue 360 Health and Wellness Reports Breach of Employee Email Accounts Houston Area Community Services, Inc., doing business as Avenue 360 Health and Wellness, has discovered an unauthorized individual has gained access to the email… Read More »

A misconfiguration of an internal website portal used by a Florida county drug screening lab has exposed sensitive information online for a period of more than four years. St. Lucie County’s drug screening lab (SLC Lab) provides drug testing services for employment, court cases, and other purposes. The configuration error was discovered on October 13,… Read More »

Marietta Area Health Care Inc., doing business as Memorial Health System, is facing a class action lawsuit over a cyberattack and data breach that was detected by Memorial Health System on August 14, 2021. The investigation into the attack confirmed the attackers first gained access to company servers on or around July 10, 2021, and… Read More »

Excellus Health Plan Inc., its affiliated companies, and the Blue Cross Blue Shield Association (BCBSA) have reached a settlement to resolve a class action lawsuit that was filed in relation to a cyberattack discovered in 2015 involving the personally identifiable information (PII) and protected health information (PHI) of more than 10 million members, subscribers, insureds,… Read More »

The Troy, MI-based integrated financial services and business advisory firm Rehmann has been confirmed as having implemented an effective HIPAA compliance program and is fully compliant with all appropriate provisions of the Health Insurance Portability and Accountability Act (HIPAA) Rules. As a provider of accounting and assurance, business solutions and outsourcing, specialized consulting, and wealth… Read More »

The first settlement of 2022 to resolve a healthcare data breach has been announced by New York Attorney General Letitia James. The Ohio-based vision benefits provider EyeMed Vision Care has agreed to pay a financial penalty of $600,000 to resolve a 2020 data breach that saw the personal information of 2.1 million individuals compromised nationwide,… Read More »

The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule places a strict time limit on issuing notifications to individuals whose protected health information has been exposed or impermissibly disclosed. The maximum time limit is 60 days from the date of discovery of the data breach, although notification letters should be sent “without unreasonable… Read More »