Atlanta Women's Health Group notifying patients of April 2023 data breach
Atlanta Women's Health Group (AWHG) notified over 30,000 patients of a data breach that occurred in April 2023.
The breach resulted in the unauthorized access of files containing patients' protected health information.
It is unclear why it took AWHG until January 2024 to notify patients, despite HIPAA and HITECH requiring notification within 60 days of discovery. [ more ]
Texas AG's pursuit of transgender medical records stirs privacy concerns
Texas Attorney General Ken Paxton is demanding medical records from health-care providers outside of Texas who may have treated transgender youth from Texas.
Paxton's use of a HIPAA exception for law enforcement investigations may allow him to obtain the records he is seeking. [ more ]
If you're in Rock County, Wisconsin, do NOT read this post. Absolutely do not read this post.
The IT Director and Corporation Counsel of Rock County, Wisconsin are withholding information about a September ransomware attack from the public.
The county is required to notify affected individuals and the U.S. Department of Health and Human Services (HHS) within 60 days of discovering the breach. [ more ]
Attorney General James Secures $300,000 from NewYork-Presbyterian Hospital for Failing to Protect Patient Data
New York Attorney General Letitia James secured $300,000 from NewYork-Presbyterian Hospital for violating HIPAA by disclosing healthcare information of website visitors.
The hospital used advertising tools on its website that collected and shared private and personal information with third-party tech companies. [ more ]
HHS' Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation
Lafourche Medical Group has settled with the U.S. Department of Health and Human Services following a cybersecurity breach that affected nearly 35,000 patients.
The breach was the result of a phishing attack, highlighting the vulnerability of healthcare systems to this type of cyber threat.
This settlement marks the first resolution by OCR involving a phishing attack under HIPAA Rules. [ more ]