Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: CSI notifies OCR of security incident

Cytometry Specialists, Inc., doing business as CSI Laboratories ('CSI'), notified, on 25 March 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 312,000 individuals. Moreover, CSI stated that, on 12 February 2022, it had learned of a cyber attack that partially disrupted CSI's information system, whereby an unauthorised intruder had acquired certain files including documents that may have contained patients' information.

In particular, CSI noted that data, such as patient names, dates of birth, addresses, medical record numbers, and health insurance information, may have been compromised. Furthermore, CSI stated that it had notified all potentially affected individuals, and that it immediately after the incident took the following measures:

  • isolating and securing its systems, as well as investigating the incident;
  • analysing impacted files to understand what information may be at risk;
  • identifying affected individuals and providing notice to individuals and authorities;
  • engaging a forensic investigation firm to identify the scope of the incident and assist with securing of the systems and data;
  • closely monitoring their network and information systems for unusual activity;
  • continuing to improve security across their company networks; and
  • protecting from unauthorised access or similar criminal activity in the future.

You can access details on the OCR portal here and read the notice here.