Dissent Doe :cupofcoffee: · @PogoWasRight
1090 followers · 102 posts · Server infosec.exchangeSome sites that have reported on the Captify/Your Patient Advisor #databreach state that the entity is a #BusinessAssociate under #HIPAA.
They are in error.
Captify/Your Patient Advisor is a business associate in other activities and contexts, but this was a purchase of a colonoscopy prep kit in an online store. Although payment card information was breached, there was no protected health information involved in this incident.
So they do not need to report this incident, which impacted 244,296 consumers, to HHS, but I'm betting they have a big #PCIDSS headache because they were alerted to fraudulent card use in March 2021, the malware was injected in May 2019, and they didn't conclude their investigation until October 2022.
#databreach #businessassociate #hipaa #pcidss #dataprotection #creditcard #paymentportal #malware