Tag: Data Breach (page 1 of 2)

House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies

Share

After a 14-month investigation into the 2017 Equifax data breach, which was one the largest in U.S. history, the House Oversight and Government Reform Committee released a report in December.

Continue reading

Business Associate Exposes Protected Health Information of 19,000 Patients

Share

An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.

Continue reading

New Report Finds Health Care Industry Bears Highest Data Breach Costs

Share

Health care data breaches cost health care entities an average $408 per record– the highest of any industry for the eighth straight year, according to IBM and the Ponemon Institute’s 2018 Cost of a Data Breach Report, and three times higher than the cross-industry average of $148 per record. The cost for a health care data breach increased from last year’s reported average of $380 per record. Contributing factors to the high costs include compliance with laws and regulations and abnormally high churn rates due to consumer mistrust.

Continue reading

$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation

Share

A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties  to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.

Continue reading

Eleventh Circuit Vacates FTC LabMD Order but Does Not Challenge FTC Authority

Share

The U.S. Circuit Court of Appeals for the 11th Circuit vacated the LabMD Federal Trade Commission order but did not challenge the Commission’s ability to use its unfairness authority to challenge inadequate data security practices in  a closely watched case that tested the commission’s enforcement powers.

Continue reading

Massive Data Breach Exposes 500,000 Patients’ Medical Records

Share

LifeBridge Health in Maryland is the most recent health system to have its patient records impermissibly accessed through a malware cyberattack. Indication of an attack was first detected in March 2018, upon which the hospital hired a national forensic firm to investigate the attack and determined that an unauthorized person had accessed LifeBridge’s server in September 2016.

Continue reading

Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy