You may have been hearing a lot about HIPAA breach notification reporting lately and for a good reason. The deadline to report small-scale breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is March 1st. When reporting breaches to the HHS OCR, they require you to submit a HIPAA Breach Notification Form. Before completing the form, [...]
A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon: [...]
Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]
In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts. These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]
With at least six weeks before final numbers are in, the Department of Health and Human Services HIPAA Breach Reporting Tool website is reporting 713 major healthcare data breaches in 2021, an increase of more than 7.5 percent. By the Numbers: Major Healthcare Data Breaches Increase in 2021 Protected health information (PHI) from more than 45.7 million patient records was affected by [...]
According to a Reuters report, Accellion Inc., now rebranded as Kiteworks, has reached an $8.1 million settlement to end litigation following a 2020 healthcare data breach that affected companies and patients worldwide. Background on Accellion Healthcare Data Breach The breach occurred in December 2020 when cybercriminals exploited zero-day vulnerabilities in the company’s File Transfer Appliance (FTA). The breaches affected federal, state, local, [...]
Electronic Health Record (EHR) services provider QRS Inc. is facing a data breach lawsuit following an August cyberattack that may have compromised the privacy of 319,778 patients. Background of QRS Data Breach Lawsuit In a statement on their website, QRS confirmed their discovery on August 26, 2021, that a threat actor had accessed a server and may have obtained electronic protected health [...]
FlexBooker is an online appointment scheduling platform that services small businesses across several industries, including the healthcare industry. On December 23, 2021, FlexBooker disclosed that it had suffered a breach that resulted in the theft of sensitive data, some of which has been posted to the dark web. According to reports from Have I Been Pwned, the FlexBooker breach has affected 3,756,794 users thus far. [...]
An October 2021 cyberattack on Broward Health resulted in the extraction of up to 1.3 million pieces of protected health information (PHI) from the system’s computer network during the hospital data breach. What Occurred in the Broward Hospital Data Breach Broward Health is a public non-profit hospital system composed of four hospitals in the greater Ft. Lauderdale, Flordia area. According to a [...]
Healthcare information management company Ciox announced they have begun notifying business associates following an employee email breach of protected health information (PHI) affecting the patients of at least 32 healthcare providers nationwide. What We Know About the Ciox Vendor Email Breach In a post on their website, the Alpharetta, Georgia-based company admitted that an unauthorized person accessed one Ciox employee’s email account [...]
