Malware, Unauthorized Access Lead to Healthcare PHI Breaches
By Jill McKeon
October 14, 2021 – New cyber threats are constantly emerging, leaving organizations vulnerable to healthcare protected health information (PHI) breaches, ransomware, and unauthorized access incidents.
Recent data breaches consist of PHI exposure at two fertility clinics, stolen patient records, and unauthorized access to patient files by a terminated executive. In New Jersey, one clinic is facing consequences for allegedly failing to safeguard PHI in the face of a data breach. AG Announces $495K Settlement for Improper Data Security Measures at NJ Fertility Clinic
The office of Andrew J. Bruck, acting attorney general of New Jersey, along with the Division of Consumer Affairs, announced a $495,000 settlement with Diamond Institute for Infertility and Menopause. The Essex County clinic allegedly failed to conduct cybersecurity risk assessments and improperly handled a data breach. Diamond disputed all allegations.
The data breach compromised the personal information of 14,663 patients and allowed multiple instances of unauthorized access to the provider’s network between 2016 and 2017. The Division of Consumer Affairs alleged that Diamond violated the HIPAA Privacy Rule, the HIPAA Security Rule, and the New Jersey Consumer Fraud Act when it removed technical and administrative safeguards for protected health information.
The allegations argued that Diamond […]