#securityrule — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securityrule, aggregated by home.social.
-
NEW by me:
Insightin Health discloses its second data security incident in two years:
https://databreaches.net/2026/03/10/insightin-health-discloses-its-second-data-security-incident-in-two-years/#databreach #healthsec #thirdparty #dataleak #cybersecurity #HIPAA #SecurityRule
-
I recently asked #HHS #OCR how any personnel and regional cuts would affect their investigation of breaches of the #HIPAA #SecurityRule and #Notification Rule.
They didn't exactly answer my question as to how many investigators have been laid off, but they did outline their priorities for 2026.
You can read their response to my inquiries in my new post at:
https://databreaches.net/2026/01/15/hhs-ocr-comments-on-its-2026-priorities/
#databreach #healthsec #cybersecurity #ransomware #hacking #risk
-
Methodist Homes of Alabama and Northwest Florida is notifying residents and employees of its second data breach in seven months.
I wonder what #HHSOCR will do when they investigate.
#HIPAA #SecurityRule #RiskAssessment #cybersecurity #healthsec
-
The second part of my interview with Rachel Seeger of North Country Communications is now online. If you know any HIPAA-regulated SMBs struggling with compliance issues or seeking great information and advice, point them to Rachel's consultancy.
HIPAA Compliance and Breach Communications: Helpful Tips for SMBs:
https://databreaches.net/2026/01/06/hipaa-compliance-and-breach-communications-helpful-tips-for-smbs/or download a copy od the interview:
https://databreaches.net/wp-content/uploads/HIPAA-Compliance-and-Breach-Communications.pdfDirect link to North Country Communications: https://northcountrycommunications.com/
#HIPAA #compliance #BreachNotification #PrivacyRule #SecurityRule #BusinessAssociates
-
NEW: Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
#databreach #incident_management #healthsec #HIPAA #SecurityRule #PrivacyRule
-
HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
[It's an insider wrongdoing case from 2018 that we never heard about at the time]
-
Great thanks to @adamshostack for getting people together to think about this issue and to make recommendations to #HHS under the #HIPAA Security Rule.
https://shostack.org/blog/security-researcher-comment-on-hipaa-security-rules/
Direct link to comments to HHS by @adamshostack, @dykstra, Fred Jennings, Chloé Messdaghi, and me:
https://downloads.regulations.gov/HHS-OCR-2024-0020-4673/attachment_1.pdf
-
So... apart from the fact that I don't think they should have dropped charges against this doctor, is HHS going to investigate why the hospital gave access to patient data to a former employee/resident who no longer worked there and was never these patients' doctor?
US Justice Department drops case against Texas doctor charged with leaking transgender care data:
https://www.wfaa.com/article/news/local/us-justice-department-drops-case-against-doctor-charged-with-leaking-transgender-care-data/287-3e8a394d-41fb-41bf-bf72-fd012b87851b#HealthSec #HIPAA #SecurityRule #databreach #privacy #confidentiality #insiderthreat #HHS #HHSOCR
-
HHS OCR settles charges that Inmediata Health Group was exposing patient protected health info online for 3 years due to a webpage error.
Inmediata previously settled a class action lawsuit stemming from the 2016-2019 leak. They also settled a lawsuit by 33 state attorneys general last year. The HHS OCR settlement was for $250k monetary penalty; no corrective action plan was needed since the states' settlement already included a corrective action plan.
Direct link to the resolution agreement:
Inmediata even had trouble with their incident response, as noted on my blog at the time: https://databreaches.net/2019/04/30/in-the-process-of-notifying-patients-of-a-web-exposure-breach-inmediata-experiences-a-mail-exposure-breach/
#HIPAA #HHSOCR #SecurityRule #Exposure #Databreach #dataleak #healthsec #Infosecurity
-
#HHSOCR announced a $1.19M monetary penalty for Gulf Coast Pain Consultants stemming from a 2019 #databreach. Now we find out that the "third party" that accessed the data was a former contractor.
The covered entity got hit with a fine for failure to:
- conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;
- implement procedures to regularly review records of activity in information systems;
- implement procedures to terminate former workforce members’ access to ePHI; and
- implement procedures for establishing and modifying workforce members’ access to information systems.
-
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million:
Another #HIPAA #SecurityRule #enforcement action but this was from an #insider wrongdoing #databreach that police notified the center about in 2015. The theft occurred in 2013. Why is #HHSOCR first settling this NOW?