Healthcare Information Security

Data Breaches

Healthcare Data Breach Costs Remain Highest Among Industries

July 12, 2018 - In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breach costs average $408 per record, the highest of any industry for the eighth straight year and nearly three times higher than the cross-industry average of $148 per record. This compares with an average cost of $380 per record for a healthcare data breach from last year’s...


More Articles

Children’s Mercy Faces Lawsuit Over Healthcare Data Breach

by Fred Donovan

A class action lawsuit was filed this week against Kansas City, Missouri-based Children’s Mercy Hospital in response to a healthcare data breach that affected more than 60,000 individuals earlier this year, the Kansas City Star reported...

Employee Fired for HIPAA Violation Gets Personal Data from Agency

by Fred Donovan

Tracy Ryans, a former employee of the Texas Health and Human Services Commission fired for an alleged HIPAA violation, recently received a box full of state assistance applications chock full of personal information from her former employer,...

Healthcare Data Breaches Now Covered by Arizona Law

by Fred Donovan

Arizona is now including healthcare data breaches in its data breach notification law. Under legislation introduced in January and signed into law by Arizona Governor Doug Ducey earlier this month, information about an individual's medical...

Applying Inogen Data Breach Lessons to Healthcare Providers

by Fred Donovan

The recent Inogen data breach, in which hackers were able to penetrate an employee’s email account, highlights the need for healthcare organizations to use multifactor authentication (MFA) to control access and to get robust cyber...

Integrated Rehab Consultants Admits to 2016 Healthcare Data Breach

by Fred Donovan

Chicago-based Integrated Rehab Consultants is just now admitting to a healthcare data breach that it knew about back in 2016.  In December 2016, IRC received a tip from a healthcare researcher about patient data posted on a public repository....

Virtua To Pay NJ $418,000 for HIPAA Violation

by Fred Donovan

Virtua Medical Group has agreed to pay a $418,000 fine and to beef up its data security in a settlement with the New Jersey government over allegations that it failed to protect patient data of more than 1,650 individuals, resulting in a HIPAA...

HIPAA Covered Entities Get Pass on OR Data Breach Notification Law

by Fred Donovan

HIPAA covered entities in Oregon are exempt from a new requirement that organizations in the state report data breaches within 45 days of discovery. Oregon Governor Kate Brown signed into law at the end of March amendments (Senate Bill 1551)...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information and...

Proposals Made for Improved State Data Breach Laws

by Elizabeth Snell

The large-scale Equifax data breach has pushed some states into creating more stringent state data breach laws, looking to close gaps in how sensitive consumer information is protected. The Vermont House Committee on Commerce and Economic Development...

Researchers Question Previous Health Data Breach Study

by Elizabeth Snell

Claiming that larger healthcare facilities have a higher risk of experiencing a health data breach “neglects inherent biases in data collection and reporting practices,” according to a letter published in the Journal of the American...

PHI of 13K Involved in Ransomware Attack at PA Health Clinic

by Kate Monica

On April 24, 2017, Family Tree Health Clinic discovered a ransomware attack potentially affecting PHI stored in its IT system, according to an online statement. The Pennsylvania health clinic immediately restored its system data using backup...

Unauthorized PHI Access at Coney Island Hospital Impacts 3.4K

by Kate Monica

On March 10, 2017, NYC Health + Hospitals at Coney Island discovered that it had suffered unauthorized PHI access occurring over the course of three months from December 2016 to March 2017. The incident involved a volunteer working in the Phlebotomy...

Texas Hospital Email Hack Exposes PHI of over 8K Patients

by Kate Monica

On February 21, 2017, an unauthorized individual accessed an employee email account containing PHI at Hill Country Memorial Hospital in Fredericksburg, Texas. Hill Country stated the email hack appears to be the result of intentional criminal...

PHI Security of 20K Possibly Affected from RI Laptop Theft

by Kate Monica

On February 25, 2017, Lifespan Corporation suffered a possible healthcare data breach in which an employee’s laptop was stolen. The theft occurred when an individual broke into an employee’s car and stole several items, including...

Stolen, Unencrypted Drive Causes Data Security Concern for 15K

by Kate Monica

Western Health Screening (WHS) recently issued a letter notifying individuals of a possible data security breach in which a WHS-owned vehicle containing an unencrypted jump drive was stolen. The jump drive contained the personal information of...

Kentucky Health Center Ensures PHI Security After Email Gaffe

by Kate Monica

On February 3, 2017, Women’s Care of Somerset (WCS) employees erroneously disclosed the email addresses of all recipients of an informative email regarding health-related services to the other recipients. According to a written press release,...

Do Healthcare Data Breach Lawsuits Have Reasonable Standards?

by Elizabeth Snell

Being able to prove fault in a healthcare data breach class action lawsuit is inherently difficult, but it is also important to understand the privacy expectations, according to a recent Corporate Clients Insight blog post. Data breach cases...

TN Updates Data Breach Notification Law for Encrypted Data

by Elizabeth Snell

Any person or business that conducts business in Tennessee is only required give data breach notification if the information acquired was unencrypted, according to a recently passed amendment. Amended Senate Bill 547 states that encrypted data...

55K Potentially Affected by Virus Encrypting Pediatric Servers

by Kate Monica

On February 6, 2017, ABCD Pediatrics discovered a virus had gained access to the healthcare organization’s servers and encrypted patient data. The Texas-based pediatric facility immediately contacted IT personnel to take all servers offline...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks