Welcome to News Worthy Around The World. Our goals is to presents news worthy happening that are related to data security and compliance. When news worthy presents a press release, any corrective action necessary has been achieved. If you would like to contribute to news worthy, please complete the form below.
News Worthy Around the world
Walgreens Ordered to Pay $3.5 Million for Improper Disposal of Hazardous Waste at California Stores
Oakland, CA – Alameda County District Attorney Nancy E. O’Malley announced today that a $3.5 million stipulated judgment against Walgreen Co. (“Walgreens”) has been approved by the Alameda County Superior Court which settles allegations that Walgreens unlawfully disposed of hazardous waste in violation of state laws and injunctive terms from a 2012 stipulated judgment.
The current settlement follows an investigation by prosecutors of Walgreens’ conduct between 2013 and 2020, during which time prosecutors allege that the company improperly disposed of hazardous waste into company trash bins destined for municipal landfills that are not authorized to accept hazardous waste. The hazardous waste included items such as over-the-counter and prescription medication, electronic devices, batteries, aerosol products, cleaning agents, as well as other hazardous items generated through the company’s regular business activities. This settlement also resolves allegations that Walgreens failed to shred or otherwise destroy customer records containing confidential information before disposal.
“These COVID-19 times are challenging for everyone. We have no intention of complicating matters even more.” – Tyrone Witherspoon, Portis, Inc. CEO. The focus of Portis, Inc. is to protect your privacy by completely destroying hard drives that contain any proprietary information (PI), personal identifying information (PII), protected health information (PHI), and electronic protected health information (e-PHI).
Nashville, TN, December 02, 2020 –(PR.com)– Portis, Inc.’s COVID-19 Business Relief is now available to all businesses within a 30 mile radius of Nashville, TN. During this COVID-19 period, businesses are moving forward by keeping doors open, employees paid, everyone safe, and staying compliant with their specific governmental regulations such as HIPAA. To reduce expenses for some necessary services, Portis, Inc. is currently offering businesses a name your price option for all services. Yes, a name your price option.
“These COVID-19 times are challenging for everyone. We have no intention of complicating matters even more.” – Tyrone Witherspoon, Portis, Inc. CEO. Visit https://portisinc.com/covid-19-business-relief/ for complete details on the COVID-19 Business Relief name your price option for all services.
The focus of Portis, Inc. is to protect your privacy by completely destroying hard drives that contain any proprietary information (PI), personal identifying information (PII), protected health information (PHI), and electronic protected health information (e-PHI).
“The improper disposal that resulted in this sanction goes back four years and is a reminder that historical bad practices eventually come home to roost,” wrote Johnson, who also authored a blog post about the case. “It is also likely that clients’ professional liability underwriters are paying close attention, and that clients will be required to demonstrate intense vendor selection due diligence in order to maintain their insurance coverages.”
On Oct. 8, the Office of the Comptroller of the Currency (OCC), part of the Treasury Department that regulates banks, released a consent order detailing the fine. The penalty, which Morgan Stanley Bank and Morgan Stanley Private Bank agreed to pay, was based on the failure of the banks to exercise proper oversight of the 2016 decommissioning of two Wealth Management business data centers in the U.S., according to an OCC press release. In 2019, the banks experienced similar vendor management control deficiencies while decommissioning other network devices with customer data, the release states.
Press Release Posted September 23, 2020
CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over six million people. CHSPSC provides a variety of business associate services, including IT and health information management, to hospitals and physician clinics indirectly owned by Community Health Systems, Inc., in Franklin, Tennessee.
In April 2014, the Federal Bureau of Investigation (FBI) notified CHSPSC that it had traced a cyberhacking group’s advanced persistent threat to CHSPSC’s information system. Despite this notice, the hackers continued to access and exfiltrate the protected health information (PHI) of 6,121,158 individuals until August 2014. The hackers used compromised administrative credentials to remotely access CHSPSC’s information system through its virtual private network.
Press Release Posted September 21, 2020
On June 26, 2016, a journalist notified Athens Orthopedic that a database of their patient records may have been posted online for sale. On June 28, 2016, a hacker contacted Athens Orthopedic and demanded money in return for a complete copy of the database it stole. Athens Orthopedic subsequently determined that the hacker used a vendor’s credentials on June 14, 2016, to access their electronic medical record system and exfiltrate patient health data. The hacker continued to access protected health information (PHI) for over a month until July 16, 2016.
On July 29, 2016, Athens Orthopedic filed a breach report informing OCR that 208,557 individuals were affected by this breach, and that the PHI disclosed included patients’ names, dates of birth, social security numbers, medical procedures, test results, and health insurance information.