DoL OIG to Audit OSHA to Assess Agency’s Efforts to Prevent Workplace Violence

Posted by Steve Alder

The Department of Labor Office of Inspector General will be conducting a federal audit to determine how well the Occupational Safety and Health Administration (OSHA) is addressing the growing problem of workplace violence.

Workplace violence is a significant occupational safety concern, especially in the healthcare industry, where healthcare employees are regularly subjected to physical assaults, verbal threats, and other attacks. According to the U.S. Bureau of Labor Statistics, healthcare workers are five times as likely to suffer nonfatal workplace injuries as professionals in other sectors, and across all sectors, acts of violence and related injuries are the third leading cause of fatal occupational injuries in the United States.

Data from 2022 shows that out of the 5,486 fatal injuries that occurred in the workplace, 849 involved intentional injury caused by another person. A Medscape survey published earlier this year found that almost 70% of physicians believe that physical security at work is a more pressing issue than it was three years ago, and a 2024 poll of members of the American College of Emergency Physicians (ACEP) found that 91% said they had experienced workplace violence or were aware of a college who was a victim of workplace violence in the past year. According to the World Health Organization, up to 38% of healthcare workers experience physical violence at some point in their careers, and the problem is getting worse.

A report produced by the Department of Labor’s Office of Inspector General in 2001 found that OSHA could do more to address workplace violence and recommended a reassessment of its training and outreach programs, and better recordkeeping systems for incidents involving workplace violence. The OIG audit, due to take place this year, will evaluate the steps that OSHA has taken to address workplace violence since that report was published, and how effectively OSHA is working to prevent violence in workplaces. OSHA has yet to implement a standard for workplace violence, although a potential standard on workplace violence for healthcare and social assistance is one of its long-term actions.

The post DoL OIG to Audit OSHA to Assess Agency’s Efforts to Prevent Workplace Violence appeared first on The HIPAA Journal.

Data Breach Reported by Orthopedic Implant Manufacturer TriMed

Posted by Steve Alder

TriMed, a Santa Clarita, California-based manufacturer of upper and lower orthopedic implants, has announced a data security incident involving unauthorized access to parts of its network where order forms and invoices were stored. While in the most part the exposed data only contained information related to the company’s hardware and the individuals who received it, in some cases, the documentation included personal information.

TriMed identified suspicious activity without certain systems in September 2025, prompting an investigation to determine the nature and scope of the activity. The forensic investigation determined that an unauthorized third party had access to parts of its environment between September 13, 2025, and September 21, 2025, during which time, files were potentially accessed and acquired by the unauthorized third party.

TriMed manufactures hardware that is surgically implanted to repair or replace damaged joints. A programmatic and manual review of the exposed files confirmed that they contained information related to that hardware, which would have been ordered on a patient’s behalf, including part type, associated installation components such as screws, or the ordering surgeon’s name. While the affected documents do not typically include personal information, in certain cases, the documents contained names, dates of birth, and medical record numbers. The exposed documents did not contain Social Security numbers or financial information such as bank account or credit/debit card numbers.

TriMed has taken steps to augment security to prevent similar incidents in the future, including strengthening its existing security controls and threat detection practices. Further, TriMed has integrated a global security operations center and will continue to update its security measures, as appropriate, in the future. TriMed reported the incident to law enforcement, but there was no request to delay notifications to the affected individuals. The notification letters were sent as soon as possible once the affected individuals and data categories were identified. While Social Security numbers were not involved, credit monitoring and identity theft protection services have been offered for 24 months, according to the notification letter sent to the Maine Attorney General.

The Maine Attorney General was informed that two Maine residents were affected, but the data breach listing does not state how many individuals were affected in total, and the incident has yet to be added to the HHS’ Office for Civil Rights website. No known threat group appears to have claimed responsibility for the attack.

The post Data Breach Reported by Orthopedic Implant Manufacturer TriMed appeared first on The HIPAA Journal.