Healthcare Information Security

Healthcare Breach Notifications

Ransomware Attack on Florida’s FABEN OB-GYN Results in Data Loss

February 1, 2019 - Florida-based FABEN Obstetrics and Gynecology was hit with a ransomware attack in November, which encrypted server files and caused some data to be permanently lost. On November 21, officials discovered a GandCrab ransomware infection on a server containing patient files from January 2007 through April 2017. The variant is spread through malvertising campaigns that direct users to a...

Read More


More Articles

The 10 Biggest U.S. Healthcare Data Breaches of 2018

by Jessica Davis

The threat landscape has continued to evolve throughout the year, with hackers ramping up targeted, sophisticated attacks. Ransomware continued to plague the healthcare sector, while phishing attacks and insider errors led to some of the...

EMR Vendor Ransomware Attack Impacts 16,000 Patient Records

by Jessica Davis

California-based Redwood Eye Center notified the California Attorney General of a potential breach caused by a ransomware attack on its EMR hosting vendor IT Lighthouse. The third-party vendor hosts and stores the specialist’s...

OCR Fines Florida Physicians Group $500,000 for HIPAA Failures

by Jessica Davis

Florida-based Advanced Care Hospitalists was fined $500,000 by the Office for Civil Rights for multiple HIPAA compliance failures, including sharing protected health information with an unknown vendor. According to officials, ACH...

HealthEquity Email Hack Breaches Data of 190K Patients

by Jessica Davis

An email hack on two employee email accounts potentially breached the personal data of 190,000 HealthEquity customers. HealthEquity provides health savings accounts and similar services to more than 3.4 million individuals. This is the...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Federal Lawsuit Filed Following Alleged CVS Health Data Breach

by Elizabeth Snell

Three plaintiffs filed a federal lawsuit on March 21, 2018, claiming that a CVS Health data breach exposed the PHI of over 6,000 individuals, including revealing the HIV status of the individuals.  CVS Health, Caremark LLC (a...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

Nebraska Data Breach Notification Bill Passes Unanimously

by Elizabeth Snell

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

Proposed Iowa Data Breach Bill Accounts for Health Data

by Elizabeth Snell

Recently proposed updates to Iowa’s data breach bill would include medical information and health insurance information under the definition of “personal information.” Organizations would also need to provide notification...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information...

Potential WV Health Data Breach from Laptop Theft Affects 43K

by Elizabeth Snell

West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to...

Most Read Stories

Upcoming Webcasts

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...