Recent HIPAA News

Senators Cory Booker (D-NJ), Ron Wyden (D-OR), and Elizabeth Warren (D-MA) have written to two prominent mental health app companies and sought responses regarding their practices on data collection and sharing. There were several reports [...]

The Government Accountability Office (GAO) has advised the Department of Health and Human Services (HHS) to create a feedback system to enhance the efficiency of its data breach reporting procedure. The Health Information Technology for [...]

The software-as-a-Service company Podium based in Lehi, UT offering business text messaging services for local companies has been certified as HIPAA compliant by Compliancy Group. Podium is redefining how patients connect with their local healthcare [...]

Acorda Therapeutics Reports Email Account Breach The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments [...]

PHI of Approximately 69,000 Persons Compromised in Comstar Hacking Incident Comstar based in Rowley, MA provides ambulance invoicing, collection, ePCR Hosting, and client/patient services. It found out that an unauthorized third-party acquired access to selected [...]

Recently, Central Florida Inpatient Medicine (CFIM) based in Lake Mary, FL has found that an unauthorized person has accessed the email account of a staff member. The compromised emails and file attachments may contain the [...]

A new bill has been launched by Sen. Elizabeth Warren (D-MA) that wishes to prohibit data brokers from selling the health and location information of Americans. The bill called The following senators co-sponsored the Health [...]

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider. [...]

Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients. Based [...]

ScribeMedics LLC is a service provider of real-time, remote, medical transcription, EHR charting, virtual back office, and medical record review. Compliancy Group recently certified ScribeMedics LLC that it has fully complied with the regulatory requirements [...]

The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by [...]

Atlassian has announced a patch to correct a critical zero-day vulnerability that impacts all supported versions of Confluence Server and Data Center. The vulnerability, which is tracked as CVE-2022-26134 has a maximum CVSS severity score [...]

There is a new zero-day vulnerability discovered that impacts a Windows tool like Follina. Although there’s no information if the vulnerability was exploited in the wild, it is possible to exploit it. The recent attention [...]

Five vulnerabilities were discovered in the Illumina Local Run Manager (LRM), which is utilized by Illumina Researcher Use Only (ROU) instruments and Illumina In Vitro Diagnostic (IVD) devices. The impacted instruments are employed for clinical [...]

BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email [...]

A recent study conducted by Source Defense analyzed the risks related to using third- and fourth-party codes on online sites. They found that all modern, active websites had code that can be targeted by attackers [...]

Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and [...]

Researchers found out that a misconfigured AWS S3 bucket is exposing information. This cloud storage is owned by Breastcancer.org, a breast cancer support charity located in Ardmore, PA. SafetyDetectives learned that the unsecured AWS bucket [...]

After four consecutive months of decreasing figures of data breaches, reported data breaches increased by 30.2%. In April 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 56 data breaches [...]

Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT [...]

The medical equipment organization NuLife Med LLC based in Manchester, NH, has just announced that it encountered a cyberattack in March 2022. It discovered suspicious network activity on or approximately March 11, 2022, and took [...]

The nonprofit health system Christus Health based in Irving, TX operates over 600 healthcare establishments in Arkansas, Texas, New Mexico, and Louisiana. It has been reported recently that it discovered suspicious activity with its computer [...]

Unauthorized persons have acquired access to the computer systems of Eye Care Leaders, which is an electronic health records and patient management software solutions provider for eye care clinics. On or around December 4, 2021, [...]

The tactics, techniques, and procedures (TTPs) employed by ransomware and other cyber attackers are always changing to elude identification and enable the groups to carry out more successful attacks. The Department of Health and Human [...]

A new bill was presented to address the issue of cybersecurity of medical devices that will necessitate makers of medical devices to satisfy particular minimum criteria for cybersecurity with regard to the complete lifecycle of [...]

Healthplex Inc., one of the largest dental insurance providers located in New York state, has announced the compromise of an employee’s email account during a phishing attack on November 24, 2021. Upon discovery of the [...]

The National Institute of Standards and Technology (NIST) released an updated version of the cybersecurity supply chain risk management (C-SCRM) guidance to aid businesses in developing an effective plan for identifying, evaluating, and responding to [...]

Making and remembering long, complicated passwords is hard for many individuals, and it is made even more difficult because of the need to make passwords to protect several accounts – A study by NordPass advises [...]

May 5, 2022 is World Password Day. This event was established in 2013 and is observed every first Thursday of May with the objective of bettering understanding of the value of using complex and unique [...]

The Five Eyes security agencies, a group of intelligence agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom have released a joint advisory regarding the 15 vulnerabilities in software programs and [...]

American Addiction Centers (AAC), a group of treatment centers for people battling drug dependency, alcohol dependency, and co-occurring behavioral/mental health problems, was lately affirmed as having reached compliance with all of the required criteria of [...]

Smile Brands located in Irvine, CA offers support services for dental clinics. It just gave a new report on the number of persons affected by a ransomware attack, which was uncovered on April 24, 2021. [...]

HIPAATizer.com offers web developers its all-in-one WordPress plugin and form builder to create HIPAA-compliant websites. It has received its certification of compliance with all criteria of the HIPAA Regulations that are applicable to business associates [...]

The five eyes cybersecurity agencies have lately published a joint security advisory regarding the danger of cyberattacks on critical infrastructure carried out by pro-Russia cybercriminal groups and Russian nation-state threat actors. Intelligence collected by the [...]

Georgia Pines CSB and Ballard Health recently reported security breaches that affected the protected health information (PHI) of 28,295 people. Ballad Health Finds Breach Involving Employee Email Account Ballard Health, an integrated community health improvement [...]

The Federal Bureau of Investigation (FBI) has given a TLP: WHITE flash notification regarding the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also called ALPHAV, which began in November 2021. It was released immediately after the shutdown [...]

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has released a TLP: White alert concerning the Hive ransomware gang – A specifically hostile cybercriminal operation that has substantially attacked the healthcare [...]

For the fourth month now, there has been a drop in the number of reported healthcare data breaches. March 2022 had 43 healthcare data breaches involving 500 and up records reported to the U.S. Department [...]

Newman Regional Health (NRH), which manages a 25-bed critical access hospital located in Emporia, KS, has lately begun informing 52,224 individuals that unauthorized persons have acquired access to selected employee email accounts containing protected health [...]

Resources for Human Development Breach Impacts 46,673 Persons Resources for Human Development (RHD), a national human services non-profit group based in Philadelphia, PA, has recently reported the theft of a hard drive that contains the [...]

There were five zero-day vulnerabilities found in Aethon TUG autonomous mobile robots, which hospitals around the world use for transporting products, medicines, and other medical items. Hospital robots are alluring targets for hackers. When access [...]

Due to the latest data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) gave an alert regarding the risk of phishing attacks utilizing this email marketing service. [...]