Buffalo Nonprofit Penalized for HIPAA Breach
A breach of patient privacy earlier this year will cost the Arc of Erie County $200,000. The Buffalo-based nonprofit discovered in February that clients’ electronic personal health information was published on its website. While the Arc of Erie County said the website was for internal use only, the exposed ePHI is considered a violation of the Health Insurance Portability and Accountability Act (“HIPAA”). The organization must now provide a risk analysis, evaluate its policies and procedures, and present its findings to the New York attorney general’s office. Find out more about the Arc of Erie County’s data breach on the Nonprofit Quarterly website.
SEC Computers Compromised Last Year
Securities and Exchange Commission (“SEC”) Chairman Jay Clayton has announced that the agency’s computers were breached in 2016, possibly causing private information in its Electronic Data Gathering And Retrieval (“EDGAR”) filing system to be used for making illegal trades. In a statement issued on Wednesday, Clayton said an investigation is underway, but the SEC believes the security breach did not create unauthorized access to personally identifiable information, endanger the market regulator’s operations, or lead to systemic risk. Aside from stating that it detected the breach last year, the SEC has provided few details. The SEC did note that it realized. Read More.