DBR ON DATA

Security, Privacy and Information Governance

Tag: Data Breach (page 1 of 2)

Business Associate Exposes Protected Health Information of 19,000 Patients

Share

An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.

Continue reading

New Report Finds Health Care Industry Bears Highest Data Breach Costs

Share

Health care data breaches cost health care entities an average $408 per record– the highest of any industry for the eighth straight year, according to IBM and the Ponemon Institute’s 2018 Cost of a Data Breach Report, and three times higher than the cross-industry average of $148 per record. The cost for a health care data breach increased from last year’s reported average of $380 per record. Contributing factors to the high costs include compliance with laws and regulations and abnormally high churn rates due to consumer mistrust.

Continue reading

$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation

Share

A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties  to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.

Continue reading

Eleventh Circuit Vacates FTC LabMD Order but Does Not Challenge FTC Authority

Share

The U.S. Circuit Court of Appeals for the 11th Circuit vacated the LabMD Federal Trade Commission order but did not challenge the Commission’s ability to use its unfairness authority to challenge inadequate data security practices in  a closely watched case that tested the commission’s enforcement powers.

Continue reading

Massive Data Breach Exposes 500,000 Patients’ Medical Records

Share

LifeBridge Health in Maryland is the most recent health system to have its patient records impermissibly accessed through a malware cyberattack. Indication of an attack was first detected in March 2018, upon which the hospital hired a national forensic firm to investigate the attack and determined that an unauthorized person had accessed LifeBridge’s server in September 2016.

Continue reading

SEC Cyber Unit Brings Groundbreaking Data Breach Case

Share

The Securities and Exchange Commission (SEC) announced its most significant case ever filed against a respondent for one of the world’s largest data breaches. Albata, Inc., f/d/b/a Yahoo! Inc., (“Yahoo”) settled with the SEC to charges of violating Section 17(a)(2) and 17 (a)(3) of the Securities Act of 1933 (“Securities Act”), amongst other charges, and agreed to various remedies, including a $35 million penalty.

Continue reading

Older posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy