Electronic Health Records

Ransomware cyber attacks have been a prominent threat to the healthcare industry. In this case, First Choice Dental, a large dental practice with multiple locations across Wisconsin, was targeted by hackers in October 2023. The hackers gained access to sensitive information including patient names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers

On July 2, the U.S. Department of Justice (DOJ) and Department of Health and Human Services (HHS) announced the formation of the DOJ-HHS False Claims Act Working Group to strengthen “their ongoing collaboration to advance priority enforcement areas” in combating healthcare fraud. The two agencies cited the long history of partnership between them in enforcing

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a patient complained to OCR in 2018 that her medical record was accessed by an unauthorized individual.

The patient told OCR that she

23andMe’s recent Chapter 11 bankruptcy filing has sparked significant concerns over the privacy and security of genetic data belonging to its 15 million customers.

Founded in 2006, 23andMe built its business around direct-to-consumer DNA testing, offering insights into ancestry and health risks. However, declining demand, financial struggles, and a major data breach in October 2023

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following a security breach that affected over 34,000 individuals.

Gulf Coast filed a breach notification report with OCR, as required

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) imposed a $240,000 civil monetary penalty against Providence Medical Institute in connection with a ransomware attack that revealed vulnerabilities in the Institute’s systems and potential HIPAA violations.

The Institute was the victim of a series of ransomware attacks in 2018 that compromised

The Office of the New York State Attorney General announced on August 13 that Letitia James, along with the Attorneys General of Connecticut and New Jersey, fined Enzo Biochem, Inc. $4.5 million for failing to adequately safeguard its patients’ health data.

Enzo conducts drug research and development, and provides diagnostic services. In 2023, hackers accessed

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that it ordered American Medical Response (AMR) to pay a civil monetary penalty of $115,200 for failing to comply with the patient right of access rule under HIPAA.

HIPAA requires that all covered entities provide timely access to a patient’s