I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just goes to show how long I have been working on data breaches.) It is always written in language that is easy to understand, not super techy, and provides a great summary of
Data Breach
Chicago Public Schools Notifying Students and Staff of Vendor’s Ransomware Attack
The Chicago Public Schools system is in the process of notifying students, families and some current and former employees that their personal information was compromised as a result of a ransomware attack against a technology vendor, Battelle for Kids.
According to the notification letter, parents of students who attended a Chicago public school between…
Data Breach Class Action Against Radiology Companies Dismissed for Lack of Standing
Last week, New York federal judge Vincent L. Bricetti dismissed a data breach class action against Northeast Radiology PC (Northeast) and Alliance HealthCare Services (Alliance) because the plaintiffs failed to allege a cognizable injury.
In July 2021, Jose Aponte II and Lisa Rosenberg filed suit alleging that Northeast and Alliance failed to protect their sensitive…
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate
A professional accounting firm in Illinois received an unwanted holiday “gift” in the form of a class action complaint stemming from its alleged failure to secure personally identifiable information (PII) and to timely notify affected parties of a data breach.
On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers…
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI
The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care…
Excellus Health Plan Pays $5.1M to OCR in Settlement Following Data Breach
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through…
Capital One Settles with Bank Regulator for $80M for Data Breach
The U.S. Office of the Comptroller of the Currency (OCC) announced this week that it has entered into a Consent Order and fined Capital One $80 million for the data breach the company experienced last year. The OCC announced the fine and stated that it was the result of an investigation that found that Capital…
Choice Hotels Contacts 700,000 Customers About Data Breach Caused by Vendor
In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it…
Quest Diagnostics Reports Data Breach Affecting 11.9M Patients in Securities Filing
Another day in the healthc are industry, another big data breach.
This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card…
OCR Releases “Improved Web Tool” for Breach Reporting
The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals to navigate the breach reporting website so they can find information relating to data breaches, and allows organizations to report a data breach with more ease.
The tool is also designed to provide guidance to the health care industry on the most recent threats, and how data breaches are resolved by the OCR, “which can help industry improve the security posture of their organizations.”…
Continue Reading OCR Releases “Improved Web Tool” for Breach Reporting