Recent HIPAA News
-
Updated Security Risk Assessment Tool Announced by OCR
November 14, 2024The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) currently focuses its enforcement initiative on implementing the risk analysis requirements of the Security Management Standard under the HIPAA Security Law. OCR [...] -
South Dakota Plastic Surgery Practice Pays $500,000 HIPAA Penalty
November 7, 2024The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by [...] -
September 2024 Healthcare Data Breach Report
November 1, 2024The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) [...] -
Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United [...]
-
Active Exploitation of Critical Vulnerabilities in Fortinet and Veeam Backup & Replication
October 16, 2024Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and [...] -
Mass Exploited Critical Vulnerability in Zimbra Email Servers
October 10, 2024A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows [...] -
OSHA May Exempt Volunteer Fire Departments from the New Emergency Response Standard Requirements
October 2, 2024The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major [...] -
Healthcare Data Breach Report in August 2024
September 26, 2024The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for [...] -
Continuing Training of Nurses and HIPAA Compliance
September 19, 2024A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also [...] -
Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. [...]
-
Healthcare Data Breach Report for July 2024
September 4, 2024Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of [...] -
In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks [...]
-
IU Health Faces Privacy Lawsuit for HIPAA Violations
August 21, 2024Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). [...] -
Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the [...]
-
Average Cost of a Data Breach Rises Yearly Report
August 7, 2024A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s [...] -
The National Community Pharmacists Association (NCPA) and about 3 dozen healthcare companies in 22 U.S. states filed a lawsuit against Optum, Change Healthcare, and UnitedHealth Group related to its ransomware attack and data security breach [...]
-
Healthcare Data Breach Report for June 2024
July 25, 2024In June 2024, 47 data breaches involving 500 and up healthcare records were reported to the HHS’ Office for Civil Rights (OCR). This is the lowest number of breaches from October 2023 to date. Data [...] -
The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number [...]
-
Social Media HIPAA Violation Examples
July 16, 2024Social media HIPAA violation examples are most often attributable to healthcare workers impermissibly disclosing facts about patients on social media or posting images and videos without a patient’s authorization. Because these events can result in [...] -
Human Technology Inc. Affected by Data Breach
July 11, 2024The prosthetics and orthotics firm based in Jackson, TN known as Human Technology Inc., and its associates Murphy’s Orthopedic & Footcare, Greer Orthotics & Prosthetics, and Hi-Tech Prosthetics & Orthotics were impacted by a data [...] -
Revised Breach Notification Law in Pennsylvania
July 10, 2024Pennsylvania revised its data breach notification regulation, limiting the meaning of personal information, including the need to alert the state Attorney General, and the provision of credit monitoring services to victims of data breaches victims [...] -
The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has recommended the first federal workplace heat standard to safeguard millions of people in America from the health threats connected with exposure to intense [...]
-
Healthcare Data Breach Report for May 2024
July 4, 2024The number of reported healthcare data breaches dropped to its lowest for the second month since October 2023. May had 51 data breaches with 500 and up breached healthcare records reported to OCR. This number [...] -
Healthcare Gets a B Rating for Cybersecurity
June 27, 2024SecurityScorecard gave the U.S. healthcare industry a B+ rating for cybersecurity during the first 6 months of 2024. This indicates that the industry is doing better in spite of the reported major breaches, including the [...] -
Medication benefits management service provider A&A Services, also known as Sav-Rx, is facing a class action lawsuit because of a data breach that occurred in October 2023 affecting 2.8 million people. On or about October [...]
-
9.7 Million-Record Data Breach at Medibank
June 21, 2024In 2022, a hacker accessed Medibank’s system, stole the personal and health data of 9.7 million people, and exposed the stolen files on the dark web. This Australian health insurance company has confirmed the ransomware [...] -
PHI of 70,000 Adventist Health Patients Exposed
June 19, 2024Adventist Health has just reported that an unauthorized individual accessed the protected health information (PHI) of over 70,000 patients of Adventist Health Tulare in California. The security incident happened at its business associate, Signature Performance, [...] -
Rural Hospitals to Receive Free and Discounted Cybersecurity Solutions from Microsoft & Google
June 15, 2024The Health Sector Cyber Initiative of the Biden administration has partnered with Microsoft and Google to give critical access and rural hospitals free and discounted cybersecurity services. In 2023, the healthcare industry experienced more ransomware [...] -
In July 2023, the LockBit ransomware group listed Panorama Eyecare on its data leak website and noted to have stolen 798 GB of files from the doctor-led management services provider based in Fort Collins, CO. [...]
-
The HHS Health Sector Cybersecurity Coordination Center has provided a guide on handling Distributed Denial of Service (DDoS) attacks including recommendations for avoiding and confining the seriousness of DDoS attacks and tips for responding to [...]
-
The Los Angeles County Department of Mental Health suffered a phishing attack that allowed unauthorized access to the email account of an employee resulting in the compromise of protected health information (PHI) for 1,598 individuals. [...]
-
The Cybersecurity and Infrastructure Security Agency (CISA) included a critical vulnerability identified in the NextGen Healthcare Mirth Connect remote code execution to its Known Exploited Vulnerability (KEV) Catalog. Mirth Connect is a free software integration [...]
-
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) issued an alert warning the healthcare and public health (HPH) sector against business email compromise (BEC) attacks. This kind of spear [...]
-
Healthcare Data Breach Report for April 2024
May 22, 2024Healthcare data breaches dropped by 43% month-over-month. There were 54 data breaches involving 500 and up records reported to the HHS’ Office for Civil Rights. The reported number of breaches this April is the lowest [...] -
PHI Compromised in Redwood Coast Regional Center Cyberattack Social services organization Redwood Coast Regional Center based in Ukiah, CA offers services and assistance to children and adults who have developmental handicaps. It recently submitted a [...]
-
News on CommonSpirit Health and BioPlus Specialty Pharmacy Services Data Breach Legal Cases
May 8, 2024Federal Judge Dismisses CommonSpirit Health Data Breach Lawsuit Due to Not Enough Standing A federal court judge decided to dismiss a class action lawsuit versus CommonSpririt Health regarding its 2022 data breach because of the [...] -
March 2024 Healthcare Data Breach Report
May 1, 2024March had 93 healthcare data breach reports involving 500 or more records submitted to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The number of breaches increased by 50% from [...] -
Data Breaches at Octapharma Plasma, Island Ambulatory Surgery Center and Medical Home Network
April 26, 2024OctaPharma Plasma Donation Centers Closed While Investigating Ransomware Attack The Swiss pharmaceutical provider, Octapharma Plasma, experienced a cyberattack that impacted the systems at 190 plasma donation centers located in 35 U.S. states. Those donation centers [...] -
MedData Settles Lawsuit and and Ernest Health Recent Lawsuit
April 20, 2024MedData Pays $7 Million to Resolve Class Action Data Breach Lawsuit Revenue cycle management company MedData based in Spring, TX consented to pay $7 million to resolve a class action lawsuit associated with the breach [...] -
Seattle Children’s Hospital Lawsuit Dismissed and Atlanta Women’s Health Group Lawsuit
April 14, 2024Seattle Children’s Hospital Website Tracking Technology Lawsuit Dismissed with Prejudice A Washington court dismissed with prejudice the class action lawsuit filed against Seattle Children’s Hospital (SCH) concerning its usage of pixels and other tracking technologies [...] -
February 2024 Healthcare Data Breach Report
April 6, 2024The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in February dropped with 59 data breaches involving 500 and up records reported. The breaches [...] -
New Legislation Proposal for Providing Advance Payments to Healthcare Providers In Case of Cyberattacks
March 31, 2024Senator Mark R. Warner (D-VA) presented new legislation that will approve advance and faster payments to healthcare companies in case of a cyberattack. The new legislation was prompted by the ransomware attack on Change Healthcare, [...] -
Guidance Changes on the Use of Online Tracking Technologies by HIPAA Covered Entities
March 23, 2024The Department of Health and Human Services’ Office for Civil Rights (OCR) has released updates on the guidance for entities covered by the Health Insurance Portability and Accountability Act (HIPAA) about online tracking technologies. The [...] -
NSA Releases Guidance on Implementing Zero Trust Security and New CISA, NSA Cloud Security Guides
March 17, 2024NSA Releases Guidance on Implementing Zero Trust to Restrict Lateral Movement The National Security Agency (NSA) has released guidance on implementing zero trust security to restrict lateral movement inside a network when a threat actor [...] -
The Department of Health and Human Services (HHS) has reported the Blackcat ransomware attack on UnitedHealth Group-managed Change Healthcare in February 2024. The attack affected over 100 of Change Healthcare’s systems, which subsequently impacted the [...]
-
Cyberattack Reports by Grace Lutheran Communities, Bay Area Anesthesia and Cardiothoracic and Vascular Surgeons
March 7, 2024Feds Alerts Healthcare Industry Concerning ALPHV/Blackcat Ransomware Group A joint cybersecurity notification was given by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human [...] -
Ransomware Attack On Green Ridge Behavioral Health and Empress Ambulance Service Pays to Resolve Lawsuit
March 2, 2024Ransomware Attack on Maryland Psychotherapy Provider Ended in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) resolved the supposed Health Insurance Portability and Accountability Act (HIPAA) violations with [...] -
Healthcare Data Breach Report for January 2024
February 27, 2024January had 61 data breach reports involving 500 and up records submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a 22% month-over-month decrease in reported data breaches. [...] -
Quest Diagnostics and Connexin Software Lawsuits Settlement Reached
February 22, 2024California AG Accepts $5 Million Settlement with Quest Diagnostics Concerning Improper Disposal of Waste and Patient Information California Attorney General Rob Bonta has reported that a $5 million settlement with Quest Diagnostics has been approved [...] -
U.S. Fertility Class Action Lawsuit Settlement and Consolidated Fortra GoAnywhere Hacking Lawsuits
February 17, 2024U.S. Fertility Offers to Pay $5.75 Million Settlement of Class Action Data Breach Lawsuit U.S. Fertility LLC, which operates over 100 fertility clinics throughout the U.S., has offered to pay $5.75 million to resolve a [...]