The Alaska Department of Health and Social Services (DHSS) is about to start mailing notification letters to all individuals in the state telling them their personal and health information may have been compromised in a highly sophisticated cyberattack conducted by a nation state threat actor. The cyberattack was detected on May 2, 2021 and the… Read More »
Wilmington, DE-based Simon Eye Management has suffered a breach of its email environment and hackers potentially gained access to the protected health information of 144,373 patients. Simon Eye identified suspicious activity in certain employee email accounts on or around June 8, 2021. Action was immediately taken to secure the accounts and prevent further unauthorized access,… Read More »
Resource Anesthesiology Associates (RAA) of California has started notifying certain patients of Dignity Health’s Mercy Hospital Downtown and Mercy Hospital Southwest that some of their protected health information was stored on a laptop computer that has been stolen. RAA of California provides anesthesiology services at the Dignity Health hospitals, which requires access to patient data.… Read More »
The Department of State Hospitals – Coalinga (DSH-C) in California has notified 1,738 patients that some of their protected health information has been impermissibly disclosed by a DSH-C employee. The United States District Court, Eastern District of California had made a request to be provided with DSH-C patient rosters in order to determine whether patients… Read More »
Austin Cancer Centers is alerting 36,503 patients about a security incident discovered on August 4, 2021 in which some of their protected health information was exposed. Unauthorized individuals were discovered to have gained access to computer systems and installed malware. To prevent further unauthorized access, computer systems were immediately shut down and law enforcement was… Read More »
“Covered Entities” are required to comply with the Health Insurance Portability and Accountability Act (HIPAA). Covered entities are healthcare providers, health plans, and healthcare clearinghouses, which must ensure they are fully compliant with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules. There is a common misconception that HIPAA only applies to these entities, when… Read More »
Developers of health apps and wearable devices such as fitness trackers that collect health data have been warned by the Federal Trade Commission (FTC) that they are required to comply with the FTC Health Breach Notification Rule and must notify consumers about data breaches. The FTC Health Breach Notification Rule was introduced in 2009 as… Read More »
The personal data of individuals who took a COVID-19 test at a Walgreens pharmacy has been exposed over the Internet due to vulnerabilities in its COVID-19 test registration system. It is currently unclear how many individuals have been affected, although they could well number in the millions given the number of COVID-19 tests Walgreens has… Read More »
A class action lawsuit has been filed against St. Joseph’s/Candler Hospital Health System in response to a ransomware attack that occurred on June 17, 2021. The attack resulted in the encryption of files and forced the hospital’s IT systems offline. The systems accessed by the hackers contained the protected health information of 1.4 million patients,… Read More »
Queen Creek, AZ-based Desert Wells Family Medicine has started notifying 35,000 patients that their protected health information has been compromised in a recent ransomware attack. The attack occurred on May 21, 2021 and resulted in the encryption of data, including its electronic health record (EHR) system. All data had been backed up prior to the… Read More »