惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
Security Latest
Security Latest
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
S
Secure Thoughts
PCI Perspectives
PCI Perspectives
Simon Willison's Weblog
Simon Willison's Weblog
D
DataBreaches.Net
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
V
Visual Studio Blog
aimingoo的专栏
aimingoo的专栏
H
Hackread – Cybersecurity News, Data Breaches, AI and More
IT之家
IT之家
V
V2EX
Last Week in AI
Last Week in AI
有赞技术团队
有赞技术团队
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tenable Blog
T
Threat Research - Cisco Blogs
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
Lohrmann on Cybersecurity
F
Full Disclosure
H
Help Net Security
博客园 - Franky
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
A
Arctic Wolf
O
OpenAI News
S
Securelist

New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000 New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach
HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company
2026-04-09 · via New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced a settlement with MMG Fusion, LLC (“MMG”), a Maryland-based health care software company, to resolve the company’s alleged noncompliance with the HIPAA Privacy, Security and Breach Notification Rules.

According to OCR’s announcement, MMG operates as a business associate that receives protected health information (“PHI”) from covered entities and provides software used to communicate directly with patients. The investigation was initiated in March 2023 following a complaint regarding an unreported security incident and the appearance of PHI on the dark web.

OCR’s investigation determined that in December 2020, an unauthorized actor infiltrated MMG’s systems and accessed PHI, including names, phone numbers, mailing addresses, email addresses, dates of birth and appointment information, affecting approximately 15 million individuals.

OCR concluded that MMG: (i) impermissibly disclosed PHI; (ii) failed to conduct an accurate and thorough risk analysis to assess risks and vulnerabilities to the confidentiality, integrity and availability of electronic PHI ; and (iii) failed to timely notify covered entities of the breach, as required under the HIPAA Breach Notification Rule.

Settlement Terms and Corrective Action Plan

Under HHS’s resolution agreement, MMG agreed to:

  • conduct and complete an accurate and thorough HIPAA risk analysis;
  • develop and implement a risk management plan to address identified risks and vulnerabilities;
  • develop, maintain and revise written policies and procedures to comply with the HIPAA Privacy and Security Rules;
  • provide workforce training on HIPAA Privacy and Security Rule requirements; and
  • conduct a breach risk assessment of the December 2020 incident and provide affected covered entities with appropriate breach notification information.

OCR will monitor MMG’s compliance with the corrective action plan for three years. MMG also agreed to pay $10,000 to OCR, with the agency noting that it considered MMG’s financial condition in determining the settlement amount.