Healthcare Information Security

Healthcare Breach Notifications

EMR Vendor Ransomware Attack Impacts 16,000 Patient Records

December 7, 2018 - California-based Redwood Eye Center notified the California Attorney General of a potential breach caused by a ransomware attack on its EMR hosting vendor IT Lighthouse. The third-party vendor hosts and stores the specialist’s patient data. On Sept. 20, officials were notified by IT Lighthouse of a ransomware attack the previous day. Redwood worked with the third-party vendor, a...


More Articles

OCR Fines Florida Physicians Group $500,000 for HIPAA Failures

by Jessica Davis

Florida-based Advanced Care Hospitalists was fined $500,000 by the Office for Civil Rights for multiple HIPAA compliance failures, including sharing protected health information with an unknown vendor. According to officials, ACH...

HealthEquity Email Hack Breaches Data of 190K Patients

by Jessica Davis

An email hack on two employee email accounts potentially breached the personal data of 190,000 HealthEquity customers. HealthEquity provides health savings accounts and similar services to more than 3.4 million individuals. This is the...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Federal Lawsuit Filed Following Alleged CVS Health Data Breach

by Elizabeth Snell

Three plaintiffs filed a federal lawsuit on March 21, 2018, claiming that a CVS Health data breach exposed the PHI of over 6,000 individuals, including revealing the HIV status of the individuals.  CVS Health, Caremark LLC (a...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

Nebraska Data Breach Notification Bill Passes Unanimously

by Elizabeth Snell

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

Proposed Iowa Data Breach Bill Accounts for Health Data

by Elizabeth Snell

Recently proposed updates to Iowa’s data breach bill would include medical information and health insurance information under the definition of “personal information.” Organizations would also need to provide notification...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information...

Potential WV Health Data Breach from Laptop Theft Affects 43K

by Elizabeth Snell

West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to...

Single National Data Breach Notification Standard Proposed

by Elizabeth Snell

A recently proposed bill calls for a single national data breach notification standard, which would replace the existing state notification laws and “clarify and strengthen” organizations’ reporting obligations. Rhode...

Tech Company Agrees to $264K Vermont Data Breach Settlement

by Elizabeth Snell

Technology company SAManage USA, Inc. recently agreed to pay $264,000 as part of a data breach settlement with the Vermont Attorney General, following a July 2016 incident. SAManage provides cloud-based IT support, which was used by WEX...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...