Security News

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. Heidell, Pittoni, Murphy and Bach represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information.

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.

The Federal Trade Commission has proposed to ban the online counseling service BetterHelp from sharing its customers' sensitive mental health data with advertising networks and marketers. A settlement between the FTC and BetterHelp also requires the company to pay $7.8 million as restitution to its users whose sensitive data has been shared with third parties such as Facebook and Snapchat.

As the NHS in England is set to launch a competition for a far-reaching patient data platform, a public consultation has said decisions about health data sharing should not be taken by politicians. A report by England's National Data Guardian, an independent watchdog for health data appointed by the Secretary of State for Health and Social Care, found that in citizen juries consulted on health data, "Very few jurors wanted decisions about the future of these initiatives to be taken by the minister or organization accountable for them. Most believed that an independent body of experts and lay people should assess the data sharing initiatives."

Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. Founded in 1945, Kaiser Permanente provides health care services to over 12.5 million members from 8 U.S. states and Washington, D.C. The company revealed in a notice published on its website that an attacker accessed an employee's email account containing patients' protected health information on April 5, 2022, without authorization.

A report of the European Union Agency for Cybersecurity explores how pseudonymization techniques can help increase the protection of health data. This is especially true since providing health services today implies an extended exchange of medical information and of health data among different healthcare service providers.

Amazon Web Services announced the general availability of Amazon HealthLake, a HIPAA-eligible service for healthcare and life sciences organizations to ingest, store, query, and analyze their health data at scale. Using Amazon HealthLake, organizations can easily move their FHIR-formatted health data from on-premises systems to a secure data lake in the cloud.

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. What is known about the data breach at the psychotherapy center?

There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals. "As healthcare systems and corporations continue to grapple with data challenges associated with COVID-19 - whether that's more sophisticated, targeted cyber-attacks or the new requirements around interoperability and data sharing, concerns around personal data and consumer awareness of privacy rights will only continue to grow," said Caleb Barlow, president and CEO of CynergisTek.