HIPAA Blog

[ Monday, June 15, 2020 ]

Today's news brings a couple of actions in recent data breaches.

Individual patients of Community Care Physicians in Albany, NY have sued Community's CPA firm, which suffered a ransomware attack that resulted in the data of Community patients being available for sale on the dark web. Interestingly, the patients did not sue Community; it will be interesting to see if the case moves forward as a class action, and whether the lack of privity between the patients and the CPA firm proves to be a defense.
Magellan Health has announced that it was the subject of a potential ransomware attack. Unlike the hack on Community Care Physicians' CPA firm, it does not appear that there was any data exfiltration as a result of the hack.

Comments:

Is saying that there is no evidence of "misuse" of data equivalent to claiming that there is no evidence that data has been exfiltrated? I don't view the two as identical.

# posted by

Dissent : 10:54 AM

Good point, Doe; it's not the same. I either misread the initial press report or saw something else that led me to believe that they claimed no exfiltration; maybe it was the use of data being "affected" rather than "accessed."

# posted by

Jeff : 3:34 PM