Tag Archives: health care breaches

Recent OCR Newsletter Highlights Growing Cyber Extortion Threat for Healthcare Organizations

The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and theft of protected health information (PHI). Each type of attack poses unique challenges that may affect an organization in different ways. However, all cyber extortion disrupts … Continue Reading

North Dakota Breach Notification Law – Personal Information Includes Health Information

North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of  “personal information” to include “medical information” and health insurance information.”  Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, … Continue Reading

Be Careful What You Wish For: The Final Rule Is Out

The long awaited HIPAA/HITECH final rule is out. Data Privacy Monitor contributors Theodore J. Kobus III and Lynn Sessions held a webinar that covered what stands out as big changes and how healthcare organizations need to prepare. Have the standards just been juggled or will healthcare organizations need to change their approach? View Webinar Recording.  Ted and Lynn have helped … Continue Reading

Reminder Annual OCR Breach Reporting is Due March 1, 2013

The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013. For breaches affecting fewer than 500 individuals, a covered entity must submit to OCR its annual notification of all breaches occurring … Continue Reading

Record UK Fine Data Breach of Healthcare Information

The United Kingdom’s Information Commissioner’s Office (“ICO”) levied a $499,460 civil monetary penalty (“CMP”) to Brighton and Sussex University Hospitals after discovering staff and patients’ sensitive data contained on hard drives sold on Ebay in late 2010.  The breach reportedly exposed tens of thousands of patients’ health information, including HIV status and treatment, other diagnostic … Continue Reading

The A to Z of Healthcare Data Breaches

I recently presented on the topic of Healthcare Data Breaches–A to Z at the annual American Society for Healthcare Risk Management (ASHRM) conference in Phoenix.  Attendees at any conference are always looking for practical takeaways to share with their colleagues and to help guide them even before a crisis event occurs.  During my presentation, with … Continue Reading