Scripps, Avalon Reach Settlements After Data Breaches

Two recent healthcare data breach settlements spotlight the impact beaches have on the sector. (“Cash Money (part two)” by jtyerse is licensed under CC BY-NC-ND 2.0.)

States have ramped up enforcement efforts against entities affected by ransomware and other data privacy breaches, particularly those in healthcare, over the last year. At an even greater pace, there’s been a relentless uptick in the number of breach lawsuits filed against providers.

Two recent healthcare data breach settlements spotlight the growing dichotomy and impact on the healthcare sector. 

Oregon and Utah recently handed down a $200,000 fine to Avalon Healthcare Management to resolve compliance issues found in the wake of its 2019 email-related data breach, while Scripps Health reached a $3.5 million settlement with patients affected by its 2021 incident.

Avalon Health pays states $200K, with new security requirements

The attorneys general of Utah and Oregon reached a $200,000 settlement with Avalon Health, which also requires the provider to develop and implement practices that aim to bolster its information security for both patient and employee data.

In April 2020, the skilled nursing, therapy, senior living, and assisted living provider reported an email-related incident affecting 14,500 Avalon employees and patients. A threat actor gained access to an email account 10 months earlier in July 2020, after an employee fell victim to a phishing attack.

The account contained employee and patient names, addresses, Social Security numbers, dates of birth, driver’s license numbers, medical treatment information, including diagnosis, health conditions, and/or medications, and limited financial

Read more

Explore the site

More from the blog

Latest News