As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
Servers at Virginia Commonwealth University were recently hacked, potentially exposing Social Security numbers for more than 176,000 faculty, staff, students and affiliates at the university and the VCU Health System.
Just four months after agreeing to pay an $865,000 penalty for a series of HIPAA violations, UCLA Health System has revealed a breach incident involving the theft of an external hard drive from a former employee's home.
TRICARE, the military health program, has directed its business associate, Science Applications International Corp., to offer one year's worth of free credit monitoring and restoration services to the 4.9 million affected by a recent breach.