The University of Texas MD Anderson Cancer Center was fined $4.3 million by the Department of Health and Human Services Office Civil Rights (OCR) for a series of breaches which resulted in the loss of 33,000 patient health records in 2012 and 2013.
In 2012 a laptop containing 30,000 records was stolen from an employee's home and later that same year a researcher at the center lost a USB drive containing patient records while on a shuttle bus. Another USB device containing patient data was lost the following year and in all cases the devices were unencrypted despite HIPAA privacy rule mandating encryption.
The fine is for violations of the Health Insurance Portability and Accountability Act and is noticeably higher than previous breaches signalling officials are starting to failures to secure patient data more seriously.
A 2018 Beazley report found the average settlement with the OCR has quadrupled as more cybersecurity resources become available and HIPAA guidelines are taken more seriously.
Air Canada has confirmed being impacted by a data breach that compromised some of its employees' limited personal data and other records, reports The Record, a news site by cybersecurity firm Recorded Future.
The International Criminal Court in the Netherlands has reported a cybersecurity incident after its information systems were subjected to anomalous activity last week, according to The Associated Press.