Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.
Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year. How are trends shifting?
HealthEquity, which administers healthcare benefits plans for employers, has notified the U.S. Securities and Exchange Commission of a data exfiltration breach involving the compromised credentials of a third-party vendor. The incident did not disrupt IT systems or processes.
A Chicago pediatrics hospital is notifying nearly 800,000 people that their information was compromised in a ransomware attack earlier this year. Cybercrime group Rhysida had demanded a $3.4 million ransom for data it claims to have stolen in the incident. The hospital said it did not pay.
The U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found during an investigation into a 2017 ransomware attack involving NotPetya. It's HHS' third enforcement action in a ransomware case.
Two weeks ago, Change Healthcare began notifying thousands of medical practices about a massive data breach affecting millions of patients. The healthcare software firm says it will handle breach notifications, but industry groups want to ensure the government will go along with that plan.
Infosys McCamish Systems, an insurance software product and services vendor, is notifying nearly 6.1 million people of a 2023 ransomware incident that potentially comprised their sensitive data, including Social Security numbers, medical treatment, and financial and biometric information.
Change Healthcare says it has begun to notify customers whose data was compromised in the February ransomware attack that affected scores of healthcare providers, health insurance plans and other organizations. The company will begin to notify affected individuals in late July.
A Texas federal court ruled the U.S. Department of Health and Human Services overstepped its authority in guidance warning HIPAA-regulated entities that it's unlawful to use online tracking tools to capture IP addresses in visits to websites containing information about maladies.
A Minnesota-based radiology practice is notifying more than 500,000 individuals that their information was accessed and potentially acquired by hackers. The incident is one of several major health data breaches reported by radiologists in recent months as affecting hundreds of thousands of patients.
Blackbaud will pay $6.75 million and improve its data security practices under a settlement with California's attorney general. The settlement is the latest between the fundraising software firm and state and federal regulators in the wake of a 2020 hack that compromised sensitive data of millions.
It's critical for CISOs to study what went wrong in major ransomware IT disruptions and breaches hitting the healthcare sector and to look closely within their own organizations for similar gaps or vulnerabilities, said Michael Prakhye, CISO of Adventist HealthCare.
The 2023 hack at medical transcription firm Perry Johnson & Associates, which affected dozens of clients and about 14 million individuals, triggered the largest health data breach reported to regulators last year. Now the incident appears to be under federal criminal investigation.
Two U.S. senators are demanding UnitedHealth Group report a HIPAA breach and notify affected individuals no later than June 21, alleging the company is already violating HIPAA by dragging out the notification process in the aftermath of the Feb. 21 cyberattack on Change Healthcare.
A high-ranking U.S. senator is urging the Department of Health and Human Services to get tougher on healthcare sector cyber requirements. He says its failure to regulate the cyber practices of top healthcare organizations is contributing to the "major epidemic" of attacks such as Change Healthcare.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.