The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through

In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it

Another day in the healthc are industry, another big data breach.

This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals to navigate the breach reporting website so they can find information relating to data breaches, and allows organizations to report a data breach with more ease.

The tool is also designed to provide guidance to the health care industry on the most recent threats, and how data breaches are resolved by the OCR, “which can help industry improve the security posture of their organizations.”
Continue Reading OCR Releases “Improved Web Tool” for Breach Reporting

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings.

The settlement

The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary.

Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical