Top Stories
HHS OCR Asks Congress for Big Funding Boost - GovInfoSecurity
The proposal asks for $78 million in appropriations for the Office of Civil Rights within the Department of Health and Human Services - an amount that would nearly double the office's current annual appropriation of $40 million.
US House of Representatives impacted by health insurance data breach | Engadget
Sensitive information for members of Congress and their staff and family members has been exposed in a data breach, according to House leaders. The FBI was able to purchase leaked information from health insurance marketplace DC Health Link on the dark web, House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries wrote in a letter.
Breaches
Cerebral Notifies 3.1M Users of Healthcare Data Breach Stemming From Pixel Use
Telehealth platform Cerebral reported a healthcare data breach to HHS impacting more than 3.1 million individuals. Cerebral provides online therapy and medication management to millions of users.
3.2 million patients caught in Cerebral data breach
More than 3 million patients were affected in a data breach involving telemental health company Cerebral, according to a notice to HHS' Office of Civil Rights.
CHS to Notify 1 Millions in Breach Linked to Software Flaw
Community Health Systems will soon begin notifying up to 1 million individuals believed to have been affected by a data breach when attackers exploited a zero-day vulnerability in a third-party vendor's secure managed file transfer software.
Heart Device Maker Says Hack Affected 1 Million Patients
Emergency medical device provider Zoll Medical is notifying more than 1 million individuals - including employees, patients and former patients - of a hacking incident that compromised their personal information.
Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop
That file contained more than 67,500 unique entries. CyberScoop confirmed the authenticity of the data belonging to one individual in the data set, which includes names, email addresses, dates of birth, home addresses, Social Security numbers and details about insurance policies.
1M Individuals Impacted By Healthcare Data Breach at Medical Device Company
ZOLL Medical Corporation recently began notifying more than one million individuals of a healthcare data breach. According to its website, ZOLL Medical develops novel resuscitation and acute critical care technology.
Oregon Health System Uncovers 9-Year HIPAA Violation by Physician
Asante, an Oregon-based health system, has informed patients about a HIPAA violation caused by a physician who compromised protected health information (PHI) without a valid clinical need. For nearly nine years, the employee inappropriately accessed over 8,834 patient records.
Feds fine Florida children's health insurance site for massive 2020 hack | SC Media
Jelly Bean Communications didn’t patch known flaws in its website, which led to the hacking of over 500,000 applications of a Florida children's health insurance site, DoJ argued.
Healthcare provider ILS warns 4.2 million people of data breach
Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals. The number of impacted individuals makes this the largest data breach in the healthcare sector disclosed this year.
Europe
Inadvertent Data Destruction After a Cyberattack Can Violate EU Privacy Rules
Companies could be violating European privacy laws if they mishandle personal data in the aftermath of a cyberattack, according to a recent ruling in Ireland. The country’s data protection commissioner fined Dublin-based medical group Centric Health Ltd. €460,000, equivalent to $485,000, citing the inadvertent destruction of about 2,500 patient files and other data deletions following a 2019 ransomware attack.
EDPB launches coordinated enforcement on role of DPOs
Data protection officers could be "solicited" by their data protection authority in the "weeks and months to come" as part of the European Data Protection Board’s freshly launched 2023 coordinated enforcement action, Deputy Head of the EDPB Secretariat Gwendal Le Grand told DPOs at the IAPP Data Protection Intensive: France 2023.
Misc
Oregon Business - ONA Accuses Hospital System of Wage Theft in Class-Action Suit
Nurses sue after cyberattack. Chicago-based CommonSpirit Health withheld pay from members of the Oregon Nurses Association as the nonprofit hospital chain worked to recover from a ransomware strike in October, according to the lawsuit.
Dangers from Hacks Stretch Beyond Broken Computer Systems
When hackers strike, responding to the damage becomes an all-encompassing affair. Business leaders who communicate poorly about an incident, including about steps to recovery, alienate customers and stakeholders, executives who have experienced cyberattacks say.