Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
USA: NuLife notifies OCR of data security incident
NuLife Med, Inc. notified, on 9 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 81,244 individuals. In particular, NuLife stated that, on 11 March 2022, it had learned of a cyber attack that partially disrupted its information system, whereby certain information that was stored within their IT environment was potentially viewed or taken by an unauthorised actor. More specifically, NuLife noted that potentially affected data included patient names, addresses, medical information, health insurance information, social security numbers, driver's license information, and financial account or credit card information. Moreover, NuLife highlighted that it is currently reviewing records in order to identify those individuals who may have had information beyond medical and/or health insurance information impacted in order to notify them accordingly.
Furthermore, NuLife stated that immediately after the incident it had taken measures, including:
- investigating and responding to the event;
- assessing the security of its IT systems;
- identifying impacted personal data;
- notifing the OCR of this event; and
- notifying potentially impacted individuals.
You can access details on the OCR portal here and read the notice here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
