The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through

In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it

Another day in the healthc are industry, another big data breach.

This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals to navigate the breach reporting website so they can find information relating to data breaches, and allows organizations to report a data breach with more ease.

The tool is also designed to provide guidance to the health care industry on the most recent threats, and how data breaches are resolved by the OCR, “which can help industry improve the security posture of their organizations.”
Continue Reading OCR Releases “Improved Web Tool” for Breach Reporting

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings.

The settlement

The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary.

Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical

Wendy’s may be the latest in a number of companies with Central Ohio operations that have suffered data breaches in recent years. On January 27, Wendy’s announced that it hired a cybersecurity firm to investigate claims of a possible credit card breach at some of its locations.  Initially, the company was notified by its payment