Compliance and Regulations

MNGI Digestive Health consented to resolve a class action lawsuit associated with its negligence for not securing sensitive patient data. The lawsuit is a result of a ransomware attack on the Minnesota gastroenterology practice by … Read more

HealthEC LLC faced multiple class action lawsuits because of a data breach that affected about 4.5 million people. Hackers acquired access to the population health management system of HealthEC from July 14 to July 23, … Read more

WellNow Urgent Care (earlier known as Five Star Urgent Care), a community of walk-in urgent care centers in Illinois, New York, Ohio, and Michigan, has decided to pay $4.4 million to resolve a class action … Read more

According to the cybersecurity company Morphisec, a new ransomware group known as ELENOR-corp is targeting the healthcare sector. Researchers confirmed that ELENOR-corp is utilizing version 7.5 of Mimic ransomware, a ransomware strain first discovered in … Read more

UnitedHealth Group has taken a confrontational approach to retrieve outstanding balances on loans released to HIPAA-covered healthcare companies impacted by the Change Healthcare ransomware attack in February 2024. The attack resulted in an extended outage … Read more

The Health Insurance Portability and Accountability Act of 1996 required the creation of a national patient identifier – a unique ID for all U.S. citizens that would reliably link medical records to the correct persons. … Read more

Whether it is a HIPAA violation to say someone is your patient is an event-specific determination that depends on factors such as who is speaking, who they are speaking to, and the context of the … Read more

The University of Washington and Fred Hutchinson Cancer Center have decided to settle a proposed class action data breach lawsuit for $11,500,000 and set aside $13,500,000 to enhance cybersecurity. The lawsuit is a result of … Read more

Ex-HIPAA officer Darlene Morris filed a lawsuit against the Rhode Island Quality Institute (RIQI) for allegedly being fired from work for exposing its impermissible disclosures of HIE information. As a state government contractor of Rhode … Read more

Critical access hospital Morrison Community Hospital in Illinois has decided to settle a lawsuit for $675,000. The lawsuit was associated with a ransomware attack and data breach in 2023. The BlackCat/ALPHV ransomware group behind the … Read more

Florida health system South Broward Hospital District, also known as Memorial Healthcare System, has consented to resolve an alleged HIPAA Right of Access violation determined by the U.S. Department of Health and Human Services’ Office … Read more

The HHS’ Office for Civil Rights (OCR) has reported reaching a settlement that ended the investigation of a ransomware attack. Because Virtual Private Network Solutions failed to perform a HIPAA-compliant risk analysis, it will pay … Read more

In April 2024, the HHS Office for Civil Rights (OCR) released the HIPAA Privacy Rule to assist the Reproductive Healthcare Privacy Final Rule. The new rule became effective on June 23, 2024, but the last … Read more

How often you have to do HIPAA training depends on factors such as material changes to HIPAA policies and procedures, the frequency of security awareness training, the outcomes of risk analyses and evaluations, and employers’ … Read more

HIPAA security awareness training should have the objective of showing members of the workforce why it is important to protect the confidentiality, integrity, and availability of individually identifiable health information as well as explaining cybersecurity … Read more

In December 2023, the Department of Health and Human Services (HHS) published its cybersecurity strategy for the healthcare sector, detailing a list of actions to be implemented to improve cybersecurity across the healthcare industry, including … Read more

UMC Health System based in Lubbock, Texas reported the progress of its recovery from the ransomware attack in September. The ransomware attack impacted several systems, including the systems used by Texas Tech Physicians and Texas … Read more

HIPAA compliance software helps a covered entity deal with the issues of HIPAA by streamlining and automating compliance and undertaking comprehensive risk management processes. Smaller organizations that have less than 100 employees assign the responsibility … Read more

The European Court of Justice’s July 16th 2020 Schrems II judgment had major implications for the use of US cloud services. Since that case, every US cloud service provider has been obliged to verify the … Read more

A new bill known as the “Health Infrastructure Security and Accountability Act of 2024,” has been introduced to the U.S. Senate to strengthen cybersecurity standards for healthcare information systems. This legislative proposal aims to implement … Read more

The U.S. House Homeland Security Committee has introduced new legislation aimed at strengthening the nation’s cybersecurity defences against threats from China. This bill establishes an interagency task force to assess the risks by state-sponsored cyber … Read more

Recent big data breaches that affected third-party vendors like Change Healthcare targeted critical security risk management issues for business associates and vendors. These breaches have proven the necessity of security measures and comprehensive monitoring of … Read more

The Department of Labor’s Occupational Safety and Health Administration (OSHA) has introduced a new online dashboard designed to simplify searching its severe injury report database and tracking workplace injury trends in states under federal OSHA … Read more

Searchlight Cyber1 reported a 57% increase in the number of active ransomware groups. In H1 of 2023, 46 active ransomware groups were identified from posts on dark web data leak sites compared to 72 active … Read more

Atlantic General Hospital in Berlin, MD, has proposed a $2.24 million settlement to resolve a class action lawsuit associated with a ransomware attack in 2023. The settlement proposal was given preliminary approval by the court. … Read more

What comes to mind first when the words ‘Data security’ are mentioned to most workers? Chances are, it is thoughts of things like; frequent password changes, oversensitive spam folders, the inability to make personal calls … Read more

The U.S. water and wastewater systems are dealing with an increasingly serious threat from cyberattacks, which could have lasting consequences for public health and environmental safety. A report from the U.S. Government Accountability Office (GAO) … Read more

In effect since May 25th, 2018 the General Data Protection Regulation (GDPR), is a landmark piece of legislation in data protection. GDPR has revolutionized how personal data is managed across the European Union (EU). The … Read more

Acadian Ambulance reported a cyberattack in June 2024 that upset the functionality of selected computer systems. Daixin Team said it was behind the ransomware attack and threatened to release the stolen information to the public … Read more

Overview of the Data Breaches The health information technology company “NextGen Healthcare”, is currently embroiled in a legal battle following two data breaches that took place in 2023. These incidents exposed sensitive patient information, leading … Read more

A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included … Read more

Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network … Read more

It is not a violation of HIPAA to email medical records as long as the reason for emailing PHI is a required, permissible, or excepted reason under the Privacy Rule, as long as the disclosure … Read more

The digital mental health solutions company Aptihealth based in Saratoga Springs, NY has reported the exposure or theft of the protected health information (PHI) of 19,805 patients. It uses its digital platform to provide mental … Read more

Consulting Radiologists is a radiology services firm based in Edina, Minnesota. The companybegan sending personal notifications to approximately 512,000 patients impacted by a cyberattack in February 2024. Consulting Radiologists provides 22 hospitals and clinics with … Read more

Columbia University Irving Medical Center (CUIMC) submitted a data breach report to the HHS’ Office for Civil Rights on May 6, 2024 indicating that 29,629 individuals were affected. New York-Presbyterian (NYP) and CUIMC were informed … Read more

Ascension has reported the theft of files from a few servers during its latest ransomware attack. Some files included personally identifiable information (PII) and protected health information (PHI). The attackers accessed servers that were employed … Read more

The MicroDicom DICOM Viewer medical image viewer was found to have two high-severity vulnerabilities. One vulnerability can result in arbitrary code execution. The other vulnerability could enable an attacker to get sensitive data, put new … Read more

The monitoring of employees has become an indispensable practice for organizations to guarantee security, productivity, and compliance with regulations. Sensitive patient data is handled in the healthcare sector every day, making the stakes even higher. … Read more

Senate Finance Committee chair, Senator Ron Wyden sent a letter to the Department of Health and Human Services (HHS) through Secretary Xavier Becerra asking big healthcare organizations to improve their cybersecurity protocols. One factor in … Read more

Revenue cycle management company, Designed Receivable Solutions based in Cypress, CA, is facing a class action lawsuit associated with a data breach that impacted more or less half a million people. The company detected an … Read more

Certified Community Behavioral Health Clinic, Texas Panhandle Centers (TPC) based in Amarillo, TX uncovered unauthorized access to its computer network and the compromise of 16,394 patients’ personal data and protected health information (PHI). TPC, which … Read more

The Final Rule ensures the privacy protection of the health records of women, their members of the family, and physicians who are seeking, getting, offering, or assisting legal reproductive health care. The Biden-Harris Administration and … Read more

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) is warning the healthcare and public health (HPH) sector concerning business email compromise (BEC) attacks. BEC attacks refer to a type … Read more

What is a class action? Since the 1820 case of West v. Randall, the class action lawsuit has been firmlyestablished as a powerful tool in the federal judicial system of the USA. A class actionenables … Read more

11 Vulnerabilities Discovered in GE HealthCare Ultrasound Products About 12 vulnerabilities were discovered in GE HealthCare Vivid Ultrasound devices that threat actors can exploit to access and modify patient information, and possibly install ransomware to … Read more

The way to make ChatGPT HIPAA compliant is to deploy anonymizing software between users and the ChatGPT program in order that no Protected Health Information is disclosed to ChatGPT. However, when using this solution, it … Read more

Settlement Offered to Settle Gifted Healthcare Data Breach Lawsuit Gifted Healthcare has offered to settle a class action lawsuit that claimed negligence for not implementing appropriate cybersecurity steps that resulted in a data breach. The … Read more