23andMe based in San Francisco has proposed an agreement to resolve a class action lawsuit that was submitted because of a breach of consumer information in 2023. The breach happened in October 2023 and the attacker stole the data of around 6.9 million people, about...

A class action lawsuit was filed against Pruitt Health over a ransomware attack in 2023 that resulted in the compromise of the protected health information (PHI) of 56,405 individuals. Pruitt Health manages 180 care centers in Georgia, Florida, North and South...

A substitute breach notice has been published on the Change Healthcare website regarding its February 2024 cyberattack and mentioned the start of sending notification letters to the impacted persons on July 20, 2024.  Change Healthcare stated that the data analysis is...

Palomar Health Medical Group has informed its patients that an April 2024 cyberattack may have affected their data. The company is a primary and specialty care provider to North San Diego County locals. Patients' protected health information (PHI) may have been...

Mass General Brigham based in Boston, MA, reported the termination of two employees because of a privacy breach discovered on April 4, 2024. According to the investigation of the health system, the two employees permitted a third person, who wasn't working at Mass...

The healthcare and public health (HPH) sector has been cautioned about the Qilin ransomware group that has been attacking healthcare providers because of their dependence on uptime and the sensitive data they maintain. About 7% of ransomware attacks were conducted on...

ComplianceJunction’s training course, “HIPAA Training for Organizations,” has recently received accreditation from the American Health Information Management Association (AHIMA). AHIMA (American Health Information Management Association) is a global nonprofit...

California Attorney General Rob Bonta has reported reaching a settlement with Adventist Health Hanford concerning alleged violations of California’s Confidentiality of Medical Information Act (CMIA), the Health Insurance Portability and Accountability Act (HIPAA), the...

Native American Health Center (NAHC) is a nonprofit government-qualified health center that provides services to the local community (American Indians and Alaska Natives) in the California Bay Area. The health center encountered a cybersecurity attack on November 19,...

The cyberattack on Ascension has led to the shutdown of some hospitals' critical systems for over three weeks. Although Ascension has downtime procedures in place, doctors are under pressure because of the burden of using pen and paper for recording, and many have...

ComplianceJunction has released a new online training course designed to enhance cybersecurity awareness among front-line staff at healthcare organizations. The course complements existing HIPAA training and provides a comprehensive approach to managing and securing...

Cencora, Inc. (earlier known as AmerisourceBergen), and its Lash Group affiliate, were impacted by a cyberattack. Cencora reported the incident in a Securities and Exchange Commission (SEC) filing in February 2024. During that time, the scope of the data breach is not...

The American Privacy Rights Act (APRA), the replacement of the American Data Privacy and Protection Act (ADPPA), has been questioned by 15 State Attorneys General who are asking Congress not to move forward with the recommended government data privacy legislation in...

All healthcare and public health (HPH) sector {organizations|providers} received {an alert|a warning} to {apply|employ} mitigations against Black Basta ransomware attacks, {because|since} the ransomware-as-a-service (RaaS) group is attacking the HPH sector. In 2023,...

The Occupational Safety and Health Administration (OSHA) has recommended penalizing a home healthcare company with $163,627 for allegedly failing to safeguard workers against serious dangers of work violence. OSHA cited New England Home Care Inc., and Jordan Health...

UnitedHealth Group (UHG) CEO Andrew Witty recently gave a testimony at a House subcommittee hearing. The Senators confronted Witty concerning the Change Healthcare ransomware attack and because one-of-three Americans might be impacted. Witty apologized for the...

Kaiser Permanente Health Plan Inc. is informing 13.4 million people about disclosing some of their personal information to third parties including X (Twitter), Microsoft (Bing), and Google due to the use of tracking codes on its web pages and applications. This is the...

American Healthcare Systems and Rutgers Robert Wood Johnson Medical School have spotted email incidents due to the unauthorized access/disclosure of patient information, while Cherry Health Services suffered a ransomware attack. Email Security Incident at Randolph...

Medicare Data Compromised in Boston Consulting Agency Data Breach A data breach at Boston consulting agency, Greylock McKinnon Associates, Inc., (GMA) affected 341,650 persons. Based on the GMA breach notification, the agency discovered a security incident on May 30,...

The HHS Office for Civil Rights issued one more financial penalty for a HIPAA Right of Access violation. Essex Residential Care, LLC, also known as Hackensack Meridian Health, West Caldwell Care Center in New Jersey, was directed to pay a $100,000 civil monetary...

Avem Health Partners Pays $1.45 Million to Settle Class Action Data Breach Lawsuit Avem Health Partners agreed to pay a $1.45 million settlement to settle claims associated with a 2022 data breach affecting the protected health information (PHI) of 271,303 persons....

Each regular U.S. hospital has 10 to 15 medical devices, so this means a 1,000-bed hospital can have about 15,000 medical devices, which considerably increases the attack surface. Medical devices may include clinical IoT devices, imaging devices, and surgery devices....

ComplianceJunction's training course, "HIPAA Training for Organizations," has recently received accreditation from the Society of Corporate Compliance and Ethics (SCCE).  The SCCE supports compliance and ethics professionals across the industry as part of the...

Financial Assistance Program Offered by UnitedHealth Group On March 8, 2024, about 2 weeks after the ransomware attack on Change Healthcare, UnitedHealth Group presented a schedule on when it is trying to have its systems and services available. UnitedHealth Group...