Earlier this year, ransomware known as Wannacry crippled Britain’s National Health Service and spread across the globe affecting many other organizations, large and small. Now, many organizations are grappling with a new onslaught caused by similar ransomware dubbed Petya.
On May 10, 2017, the US Department of Health & Human Services (HHS) announced a settlement with Texas-based Memorial Hermann Health System (MHHS) for $2.4 million due to MHHS’s unauthorized disclosure of patient protected health information (PHI). HHS also announced that HHS and MHHS entered into a Resolution Agreement, and MHHS agreed to a corrective action plan.
On March 27, 2017, Rachel Yount attended the Health Care Compliance Association’s Compliance Institute 2017, where Illiana Peters, a senior advisor at Health and Human Services, Office for Civil Rights (“OCR”), provided an “OCR Enforcement Update.”
A recent decision from the Fourth Circuit Court of Appeals in Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), adds to the list of circuit courts of appeal that have held that that the mere threat of future harm resulting from a data breach, without more, is insufficient to satisfy the injury-in-fact requirement for Article III standing.