FTC Breach Notification Rule Expands for Health Applications

A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon:  [...]

2023-07-27T13:57:52-04:00January 31st, 2022|

Don’t Miss the 2022 HIPAA Breach Notification Rule Deadline

Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]

2023-07-27T13:58:58-04:00January 28th, 2022|

2021 HIPAA “Wall of Shame” Healthcare Data Breaches Up 7.5%

With at least six weeks before final numbers are in, the Department of Health and Human Services HIPAA Breach Reporting Tool website is reporting 713 major healthcare data breaches in 2021, an increase of more than 7.5 percent. By the Numbers: Major Healthcare Data Breaches Increase in 2021 Protected health information (PHI) from more than 45.7 million patient records was affected by [...]

2023-07-27T14:19:36-04:00January 25th, 2022|

Accellion Settles Healthcare Data Breach Suit for $8.1 Mil

According to a Reuters report, Accellion Inc., now rebranded as Kiteworks, has reached an $8.1 million settlement to end litigation following a 2020 healthcare data breach that affected companies and patients worldwide. Background on Accellion Healthcare Data Breach The breach occurred in December 2020 when cybercriminals exploited zero-day vulnerabilities in the company’s File Transfer Appliance (FTA).  The breaches affected federal, state, local, [...]

2023-07-27T14:25:52-04:00January 20th, 2022|

Data Breach Lawsuit Filed After Theft of Nearly 320k Records

Electronic Health Record (EHR) services provider QRS Inc. is facing a data breach lawsuit following an August cyberattack that may have compromised the privacy of 319,778 patients. Background of QRS Data Breach Lawsuit In a statement on their website, QRS confirmed their discovery on August 26, 2021, that a threat actor had accessed a server and may have obtained electronic protected health [...]

2023-07-27T14:36:25-04:00January 14th, 2022|

3.7 Million Affected By FlexBooker Breach

FlexBooker is an online appointment scheduling platform that services small businesses across several industries, including the healthcare industry. On December 23, 2021, FlexBooker disclosed that it had suffered a breach that resulted in the theft of sensitive data, some of which has been posted to the dark web. According to reports from Have I Been Pwned, the FlexBooker breach has affected 3,756,794 users thus far. [...]

2023-07-27T14:43:26-04:00January 10th, 2022|

Broward Hospital Data Breach Nets Hackers 1,300,000 Records

An October 2021 cyberattack on Broward Health resulted in the extraction of up to 1.3 million pieces of protected health information (PHI) from the system’s computer network during the hospital data breach. What Occurred in the Broward Hospital Data Breach Broward Health is a public non-profit hospital system composed of four hospitals in the greater Ft. Lauderdale, Flordia area. According to a [...]

2023-07-27T14:45:15-04:00January 7th, 2022|

At Least 32 Providers Affected by Ciox Vendor Email Breach

Healthcare information management company Ciox announced they have begun notifying business associates following an employee email breach of protected health information (PHI) affecting the patients of at least 32 healthcare providers nationwide. What We Know About the Ciox Vendor Email Breach In a post on their website, the Alpharetta, Georgia-based company admitted that an unauthorized person accessed one Ciox employee’s email account [...]

2023-07-27T15:08:53-04:00January 6th, 2022|

535,489 Patients’ Data Compromised in Texas ENT Breach

A hacker extracted the protected health information (PHI) of 535,489 patients from Texas ENT Specialists in August 2021. Although the Texas ENT breach occurred in August, it was not listed on the Office for Civil Rights portal until December 2021. Details of Texas ENT Breach Officials at Texas ENT Specialists first learned of the incident on October 19, 2021. The investigation revealed [...]

2023-07-27T15:14:22-04:00January 3rd, 2022|

2021 Cost of Healthcare Data Breach Average Balloons to $9.3 Million

The 2021 cost of healthcare data breaches soared to an average of $9.3 million per occurrence, according to a report released by IBM Security –  a 29.5 percent increase over 2020’s average of $7.13 million. The average percentage increase of healthcare data breaches was nearly three times higher and nearly twice as costly as the global industry average. The report found that the average cost of a data [...]

2023-07-27T15:22:28-04:00December 28th, 2021|