Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018.
Here, the OCR reached an agreement with a medium-size private healthcare provider following a ransomware attack relating to potential violations of the HIPAA Security Rule.
When Colorado enacted the Colorado Privacy Act (CPA), it included “biometric data that may be processed for the purpose of uniquely identifying an individual.” However, the CPA as originally drafted did not cover the personal data of individuals acting in a commercial or employment context. Last week, Colorado amended the CPA to broaden the protections
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities. The breach also may require
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling and reporting of cybersecurity breaches. It turns out that such boards and departments may not be the only ones following the SEC’s increased focus
When hit with a cybersecurity attack, organizations are often not inclined to bring in federal law enforcement. Recent comments by FBI Director Christopher Wray at Mandiant’s annual mWISE 2023 conference seek to encourage the private sector to reconsider, as reported in CIODive. Doing so is an important consideration and depending on certain factors, it
The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course, the Report as a whole is well worth the read, but if you don’t have the time to
What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of Information Security Media Group’s (ISMG’s)
The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the financial and manufacturing sectors.” Industry analysts cite to many reasons for this, including the sensitivity
The Cyber Safety Review Board (Board) issued a report entitled, Review of the Attacks Associates with Lapsus$ and Related Threat Groups (Report), released by the Department of Homeland Security on August 10, 2023. The Report begins with a message from the Board’s Chair and Vice Chair discussing WarGames, a movie with interesting parallels to
In a 2019 post about increasing cyber risks in K-12 schools, we cited a report, “The State of K-12 Cybersecurity: 2018 Year in Review,” that contained sobering information about cybersecurity in local school districts across the country. According to that report, in 2018, there were 122 publicly-disclosed cybersecurity incidents affecting school districts across