Dissent Doe :cupofcoffee:<p>Jackson Health System has disclosed another insider-wrongdoing breach. This one affected about 2000 patients. The employee's motivation was reportedly related to boosting their personal healthcare business. </p><p>In their notice, JHS tries to portray themself as a victim. That didn't go over too well with me, as this is not the first time they have had a long-running insider wrongdoing breach. </p><p>In 2019, they settled HHS OCR charges after three breaches -- one of which involved insider wrongdoing over 5 years that affected 24k patients. There was no corrective action plan as part of the settlement. Perhaps there should have been? </p><p>Read more:<br><a href="https://databreaches.net/2025/06/07/data-breach-of-patient-info-ends-in-firing-of-miami-hospital-employee/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/06/07/da</span><span class="invisible">ta-breach-of-patient-info-ends-in-firing-of-miami-hospital-employee/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/insiderthreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insiderthreat</span></a> <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/insiderwrongdoing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insiderwrongdoing</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
225active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#securityrule
0 posts · 0 participants · 0 posts today
Dissent Doe :cupofcoffee:<p>HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan</p><p>[It's an insider wrongdoing case from 2018 that we never heard about at the time]</p><p><a href="https://databreaches.net/2025/05/29/hhs-ocr-settles-hipaa-security-rule-investigation-baycare-health-system-for-800k-and-corrective-action-plan/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/05/29/hh</span><span class="invisible">s-ocr-settles-hipaa-security-rule-investigation-baycare-health-system-for-800k-and-corrective-action-plan/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/InsiderThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InsiderThreat</span></a> <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a> <a href="https://infosec.exchange/tags/HHSOCR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHSOCR</span></a> <a href="https://infosec.exchange/tags/BayCare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BayCare</span></a></p>
Dissent Doe :cupofcoffee:<p>No need to hack when it’s leaking: Atrium Health edition:<br><a href="https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking-atrium-health-edition/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/24/no</span><span class="invisible">-need-to-hack-when-its-leaking-atrium-health-edition/</span></a></p><p><a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leak</span></a> <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Dissent Doe :cupofcoffee:<p>16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected:</p><p><a href="https://databreaches.net/2025/04/04/16-months-after-they-experienced-a-ransomware-attack-dameron-hospital-notifies-those-affected/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/04/16</span><span class="invisible">-months-after-they-experienced-a-ransomware-attack-dameron-hospital-notifies-those-affected/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/notifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>notifications</span></a> <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a></p>
Dissent Doe :cupofcoffee:<p>Great thanks to <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> for getting people together to think about this issue and to make recommendations to <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a> under the <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> Security Rule. </p><p><a href="https://shostack.org/blog/security-researcher-comment-on-hipaa-security-rules/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shostack.org/blog/security-res</span><span class="invisible">earcher-comment-on-hipaa-security-rules/</span></a></p><p>Direct link to comments to HHS by <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span>, <span class="h-card" translate="no"><a href="https://infosec.exchange/@dykstra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dykstra</span></a></span>, Fred Jennings, Chloé Messdaghi, and me:</p><p><a href="https://downloads.regulations.gov/HHS-OCR-2024-0020-4673/attachment_1.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">downloads.regulations.gov/HHS-</span><span class="invisible">OCR-2024-0020-4673/attachment_1.pdf</span></a></p><p><a href="https://infosec.exchange/tags/GoodFaith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoodFaith</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/VDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VDP</span></a></p>
Dissent Doe :cupofcoffee:<p>So... apart from the fact that I don't think they should have dropped charges against this doctor, is HHS going to investigate why the hospital gave access to patient data to a former employee/resident who no longer worked there and was never these patients' doctor? </p><p>US Justice Department drops case against Texas doctor charged with leaking transgender care data:<br><a href="https://www.wfaa.com/article/news/local/us-justice-department-drops-case-against-doctor-charged-with-leaking-transgender-care-data/287-3e8a394d-41fb-41bf-bf72-fd012b87851b" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wfaa.com/article/news/local/us</span><span class="invisible">-justice-department-drops-case-against-doctor-charged-with-leaking-transgender-care-data/287-3e8a394d-41fb-41bf-bf72-fd012b87851b</span></a></p><p><a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HealthSec</span></a> <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/confidentiality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>confidentiality</span></a> <a href="https://infosec.exchange/tags/insiderthreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insiderthreat</span></a> <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a> <a href="https://infosec.exchange/tags/HHSOCR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHSOCR</span></a></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>froge</span></a></span> I agree. If this is just the beginning of a new campaign that addresses timely notification too. They have announced the campaign on risk assessment already and have already announced a few settlements over that. But there's been no formal announcement or press release about any campaign specifically targeting timely notification. </p><p>I haven't finished up our 2024 gap analyses between discovery of breaches and notifications, but too many do not or cannot comply with the regulation. And then there all the entities that don't even report their breaches at all, and I wonder how we will get HHS OCR to address <em>that</em> unless I send them a massive watchdog complaint that lists about 150 regulated entities that didn't disclose breaches this past year when it appears that they did have reportable breaches. </p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/Notification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Notification</span></a> <a href="https://infosec.exchange/tags/HITECH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HITECH</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/Transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Transparency</span></a></p>
Dissent Doe :cupofcoffee:<p>Anyone else think that the HHS OCR monetary penalty imposed on Solara Medical was too steep? $3M is one of the steepest monetary penalties HHS OCR has imposed. </p><p>I'm glad to see enforcement of the timely notification requirement, but so many entities have blown the risk assessment requirement and the 60 day notification regulations so why is Solara being hit with such a stiff penalty? </p><p><a href="https://databreaches.net/2025/01/14/hhs-office-for-civil-rights-settles-hipaa-phishing-cybersecurity-investigation-with-solara-medical-supplies-llc-for-3000000/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/01/14/hh</span><span class="invisible">s-office-for-civil-rights-settles-hipaa-phishing-cybersecurity-investigation-with-solara-medical-supplies-llc-for-3000000/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/enforcement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>enforcement</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/risk_assessment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>risk_assessment</span></a> <a href="https://infosec.exchange/tags/notification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>notification</span></a></p>
Dissent Doe :cupofcoffee:<p>Westend Dental agrees to pay Indiana $350K and to implement a corrective action plan to settle charges of multiple HIPAA violations.</p><p>This is one of THE WORST incident responses I have ever read and I've read a lot of bad ones over the years. But it's not just an incident response disaster. They were routinely violating HIPAA privacy and security rules.</p><p>Kudos to the state of Indiana for going after the dental practice and investigating to find out all the problems. </p><p>Don't ask me what HHS OCR did, because I don't think they were ever even told about this 2020 ransomware attack.</p><p>Read more here, where you will also find the court filings I've uploaded so you can read how bad this one was:</p><p><a href="https://databreaches.net/2024/12/31/westend-dental-agrees-to-pay-indiana-350k-and-to-implement-corrective-action-plan-to-settle-charges-of-multiple-hipaa-violations/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/31/we</span><span class="invisible">stend-dental-agrees-to-pay-indiana-350k-and-to-implement-corrective-action-plan-to-settle-charges-of-multiple-hipaa-violations/</span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compliance</span></a> <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/backup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backup</span></a> <a href="https://infosec.exchange/tags/PrivacyRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyRule</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/ransparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransparency</span></a> <a href="https://infosec.exchange/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disclosure</span></a> <a href="https://infosec.exchange/tags/notification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>notification</span></a> </p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>zackwhittaker</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@jgreig" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jgreig</span></a></span></p>
Dissent Doe :cupofcoffee:<p>HHS OCR settles charges that Inmediata Health Group was exposing patient protected health info online for 3 years due to a webpage error. </p><p>Inmediata previously settled a class action lawsuit stemming from the 2016-2019 leak. They also settled a lawsuit by 33 state attorneys general last year. The HHS OCR settlement was for $250k monetary penalty; no corrective action plan was needed since the states' settlement already included a corrective action plan.</p><p>Direct link to the resolution agreement:</p><p><a href="https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/inmediata-health-group-ra-cap/index.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">hhs.gov/hipaa/for-professional</span><span class="invisible">s/compliance-enforcement/agreements/inmediata-health-group-ra-cap/index.html</span></a></p><p>Press release: <a href="https://www.hhs.gov/about/news/2024/12/10/hhs-office-civil-rights-settles-health-care-clearinghouse-inmediata-health-group-hipaa-impermissible-disclosure.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">hhs.gov/about/news/2024/12/10/</span><span class="invisible">hhs-office-civil-rights-settles-health-care-clearinghouse-inmediata-health-group-hipaa-impermissible-disclosure.html</span></a></p><p>Inmediata even had trouble with their incident response, as noted on my blog at the time: <a href="https://databreaches.net/2019/04/30/in-the-process-of-notifying-patients-of-a-web-exposure-breach-inmediata-experiences-a-mail-exposure-breach/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2019/04/30/in</span><span class="invisible">-the-process-of-notifying-patients-of-a-web-exposure-breach-inmediata-experiences-a-mail-exposure-breach/</span></a> </p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/HHSOCR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHSOCR</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/Exposure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exposure</span></a> <a href="https://infosec.exchange/tags/Databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Databreach</span></a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataleak</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/Infosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosecurity</span></a></p>
Dissent Doe :cupofcoffee:<p><a href="https://infosec.exchange/tags/HHSOCR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHSOCR</span></a> announced a $1.19M monetary penalty for Gulf Coast Pain Consultants stemming from a 2019 <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a>. Now we find out that the "third party" that accessed the data was a former contractor.</p><p>The covered entity got hit with a fine for failure to:</p><ul><li>conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;</li><li>implement procedures to regularly review records of activity in information systems;</li><li>implement procedures to terminate former workforce members’ access to ePHI; and</li><li>implement procedures for establishing and modifying workforce members’ access to information systems.</li></ul><p><a href="https://databreaches.net/2024/12/03/hhs-office-for-civil-rights-imposes-a-1-19-million-penalty-against-gulf-coast-pain-consultants-for-hipaa-security-rule-violations/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/03/hh</span><span class="invisible">s-office-for-civil-rights-imposes-a-1-19-million-penalty-against-gulf-coast-pain-consultants-for-hipaa-security-rule-violations/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HealthSec</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/InsiderThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InsiderThreat</span></a> <a href="https://infosec.exchange/tags/Access" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Access</span></a></p>
Dissent Doe :cupofcoffee:<p>An announcement from HHS OCR:</p><p>"In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October to provide awareness and education for organizations covered under the HIPAA Rules on ransomware and how compliance with the HIPAA Security Rule can help such organizations combat ransomware.</p><p>This video updates the health care industry on the ransomware trends OCR sees in its cybersecurity investigations, OCR guidance and resources, best practices and practical advice on how HIPAA compliance can help HIPAA regulated entities prevent, detect, respond to, and recover from ransomware attacks. Topics include:</p><ul><li>OCR breach and ransomware trend analysis</li><li>Review of prior OCR ransomware guidance and materials</li><li>Analysis of the ransomware attack chain</li><li>Explore how Security Rule compliance can combat ransomware</li></ul><p>The video presentation may be found on OCR’s YouTube channel at: <a href="https://www.youtube.com/watch?v=nBKUlAy1OFA" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=nBKUlAy1OF</span><span class="invisible">A</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a> <a href="https://infosec.exchange/tags/OCR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OCR</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HealthSec</span></a></p>
Dissent Doe :cupofcoffee:<p>In August 2023, El Centro Del Barrio ("CentroMed") reported a breach that affected 350,000 patients. Now they have reported a second <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a>. This one reportedly affected 400,000 patients.</p><p>The first breach was claimed by Karakurt, who does not seem to have ever leaked the data they claimed to have acquired. The second breach hasn't been claimed by any group -- at least, not yet. </p><p>So... will about 350,000 patients find their data has been stolen a second time in a year? </p><p>Not a good look for <a href="https://infosec.exchange/tags/CentroMed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CentroMed</span></a></p><p><a href="https://databreaches.net/2024/05/21/tx-centromed-discloses-a-second-data-breach-within-one-year/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/05/21/tx</span><span class="invisible">-centromed-discloses-a-second-data-breach-within-one-year/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HealthSec</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>extortion</span></a> <a href="https://infosec.exchange/tags/ransom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransom</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload