HIPAA Compliance

UPDATE: UHS Health System Confirms All US Sites Affected by Ransomware Attack

by Jessica Davis

Universal Health Services, one of the largest US health systems, confirmed on October 3 that the ransomware attack reported last week has affected all of its US care sites and hospitals, spurring...

Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M

by Jessica Davis

A multi-state coalition made up of 44 states and Washington, D.C reached a $39.5 million settlement with Anthem, to resolve breach claims stemming from the...

Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase

by Jessica Davis

The ransomware hackers behind the massive Blackbaud ransomware attack and subsequent data breach likely had access to more unencrypted data than previously disclosed, including bank account...

Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights settled with Premera Blue Cross for $6.85 million and a corrective action plan, after an audit into the insurer’s...

OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights reached a $2.3 million settlement with CHSPSC, which provides services to hospitals and...

Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance

by Jessica Davis

The Office for Civil Rights reached a settlement with the Athens Orthopedic Clinic for $1.5 million over a 2016 data breach caused by the notorious hacking group...

Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health

by Jessica Davis

The patients impacted by two separate data breaches of Assured Imaging and BJC Healthcare have filed lawsuits against the providers, alleging security failings were behind...

HIPAA Compliance: ONC Updates Security Risk Assessment Tool

by Jessica Davis

The Office of the National Coordinator (ONC) in collaboration with the Office of Civil Rights released an update to the Department of Health and Human Services Security Risk Assessment Tool designed to...

OCR Settles with 5 Providers Over HIPAA Right of Access Violations

by Jessica Davis

The Office for Civil Rights closed investigations and announced settlements with five providers over separate HIPAA right of access violations, which brings the total number of...

Cyber Resilient Vendor Relationships for Healthcare’s Threat Landscape

by Jessica Davis

The threats targeting healthcare continue to increase in both their frequency and sophistication. And if the latest third-party vendor security incident is any indication, the need for developing a cyber resilient vendor management process...

Patient Data Privacy Lawsuit Against Google, UChicago Dismissed

by Jessica Davis

The patient data privacy lawsuit brought against Google and the University of Chicago Medical Center was dismissed by a federal judge in Illinois on September 4, ruling that patient who filed the...

Assured Imaging Ransomware Causes Data Theft Affecting 245K Patients

by Jessica Davis

Arizona-based Assured Imaging is notifying 244,813 patients that some of their data was potentially exfiltrated after a ransomware attack in May.  On May 19, Assured...

OCR Updates HIPAA Resource for mHealth Apps, Cloud Computing

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights updated and renamed its former Health App Developer Portal as a HIPAA resource page for mobile health apps, APIs, and...

OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

by Jessica Davis

The Office for Civil Rights recently shared a detailed list of IT asset inventory steps, which can help covered entities and their business associates better fulfill the HIPAA Security Rule...

Blackbaud Ransomware Hack Affects 657K Maine Health System Donors

by Jessica Davis

A ransomware attack on healthcare business associate Blackbaud compromised the data from 657,392 donors, potential donors, and patients who support the Northern Light Health...

Moderna COVID-19 Vaccine Data Targeted by Nation-State Hackers

by Jessica Davis

Massachusetts-based Moderna, a research firm currently tasked with the development of a COVID-19 vaccine, was targeted by hackers with ties to the government of China, in an effort designed to...

Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft

by Jessica Davis

The Office for Civil Rights reached a settlement with Lifespan Health System Affiliated Covered Entity over the theft of an unencrypted laptop in 2017. The Rhode...

OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights has reached a settlement with North Carolina-based Metropolitan Community Health Services, DBA Agape Health Services, over...

SAMHSA Revises Privacy Rule 42 CFR Part 2 for Substance Use Patients

by Jessica Davis

The Department of Health and Human Services’ Substance Abuse and Mental Health Services (SAMHSA) announced the agency has revised the Confidentiality of...