Recent HIPAA News
-
A study has been published which investigated how data breaches affect hospital advertising expenditure decisions. The study, entitled “Understanding the Relationship Between Data Breaches and Hospital Advertising Expenditures” was published by Sung J. Choi, PhD [...]
-
A cybersecurity blog has reported that a new vishing scam in which the scammer pretends to be an employee of Apple Inc. has been uncovered. Vishing is a less common form of phishing attack. The [...]
-
Microsoft has issued patches for 51 vulnerabilities this January 2019 Patch Tuesday. Of the vulnerabilities, 7 were rated critical. Unlike the four preceding months, none vulnerabilities were identified as being actively exploited in the wild. [...]
-
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a critically important piece of legislation created to introduce minimum security and privacy standards in the healthcare industry. HIPAA is a federal law, organisations [...]
-
The San Diego Unified School District has announced that a phishing attack on its network has affected more than half a million of its staff and current and former students. The San Diego Unified School [...]
-
The Clearwater CyberIntelligence Institute (CCI) has announce that it has identified the three most critical cybersecurity risks facing the organisations in the healthcare industry. CCI, part of Clearwater Compliance, a leading healthcare cyber risk management [...]
-
A flaw has been identified in Orange Livebox ADSL modems that causes the modems to “leak” WiFi credentials. Orange Livebox is an ADSL wireless router used to deliver broadband services to customers of Orange S.A., [...]
-
The final version of the Risk Management Framework (RMF 2.0) has been released by the National Institute of Standards and Technology (NIST). NIST is a non-regulatory agency of the United States Department of Commerce. The [...]
-
Patients affected by a data security incident at LifeBridge Health in March 2018 have filed a lawsuit against the facility. LifeBridge Health, a nonprofit healthcare corporation in Baltimore, Maryland, discovered that malware had infected one [...]
-
The United States Senate has introduced a bill that would introduce new protections for the personal information of individuals online. The bill, entitled the Data Care Act, was proposed by Sen. Brian Schatz (D-HI) on [...]
-
The University of Vermont Health Network has revealed that a data security incident at the facility has affected approximately 32,000 patients. The breach was discovered on October 18, 2018. An unauthorised third-party had gained access [...]
-
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory about a vulnerability that has been identified in certain Medtronic CareLink and Encore Programmers. ICS-CERT, an organisation created to identify and tackle problems [...]
-
IntSights, a security threat intelligence services reviewer, has released a recent study entitled “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry”. The report highlights how easily accessible huge amounts of healthcare data [...]
-
The University of Maryland Medical System has recently announced that it has been the victim of a malware attack on its network. The University of Maryland Medical System is a private, not-for-profit corporation that operates [...]
-
In late November, the Department of Justice indicted two Iranian threat actors over the use of SamSam ransomware. However, Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) are urging organisations that the threat [...]
-
The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for officials to reform the Health Insurance Portability and Accountability Act (HIPAA). The calls for reform were made on [...]
-
The Attorney Generals of a dozen states have filed a lawsuit against Medical Informatics Engineering, a healthcare software and systems developer and NoMoreClipboard, an electronic platform for personal health records. The lawsuit is over the [...]
-
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of its Easy EHR Issues Reporting Challenge. ONC is a federal entity that coordinates [...]
-
The Department of Health and Human Services’ Office of Inspector General (OIG) has issued a report questioning the integrity of security systems at two managed care organizations (MCOs) in Arizona following security audits of the [...]
-
Allergy Associates of Hartford, P.C. (Allergy Associates) has agreed to pay a fine of $125,000 to the Office of Health and Human Services’ Office for Civil Rights to settle alleged violations of the Health Insurance Portability [...]
-
The U.S. Department of Justice has released an update on the investigation of the threat actors behind the SamSam ransomware attacks. SamSam ransomware is a custom infection used in targeted attacks against the healthcare industry [...]
-
The American Medical Informatics Association (AMIA), a non-profit organisation dedicated to developing biomedical and health informatics to improve patient care, recently called on the Trump administration to reform data privacy rules in order to better [...]
-
Researchers at Michigan State University and John Hopkins University have released a report containing their analysis of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) between October [...]
-
The National Cybersecurity Center of Excellence (NCCoE) is a US government organisation that builds and shares solutions to potential cybersecurity threats faced by US businesses. The NCCoE is a part of the National Institute of [...]
-
The Department of Health and Human Services (HHS) has drafted a Request for Information (RFI) to assess HIPAA Rules may be hindering patient information sharing. The move is in repose to complaints that healthcare providers [...]
-
The Cybersecurity and Infrastructure Security Agency Act has been passed by unanimously by Congress on November 13, 2018. The new legislation will allow the U.S. Department of Homeland Security will be forming a new agency [...]
-
This week, the Centers for Medicare and Medicaid (CMS) has announced an update on the recent HealthCare.gov website breach. Last month, hackers gained access to a health insurance system that interacts with the HealthCare.gov website. [...]
-
Inova Health System, a non-profit health organisation based in Falls Church, Virginia, has announced that it has experienced a data breach. The protected health information (PHI) of over 12,000 of its patients may have been [...]
-
The HHS’ Office of Inspector General (OIG) has published the findings of an audit of the FDA’s policies and procedures for addressing medical device cybersecurity in the postmarket phase. The US Food and Drug Administration [...]
-
Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of [...]
-
HIPAA’s email rules may be complicated at first glance, but ultimately can be broken down into a number of comprehensible stipulations and requirements. It is vital that any organisation has a good grasp of HIPAA’s [...]
-
A North Carolina medical center has announced that a phishing attack on its systems has resulted in the protected health information (PHI) of up to 20,000 being compromised. Catawba Valley Medical Center (CVMC), based in [...]
-
The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is [...]
-
September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of [...]
-
The use of electronic or “e-signatures” is becoming widespread as more and more people have access to portable electronic devices. As with any new development in technology, there was some concern over the compatibility of [...]
-
The Centers for Medicaid & Medicare Services (CMS) has announced that it was recently the victim of a cyberattack that has resulted in approximately 75,000 consumer records being accessed by unauthorised individuals. On October 13 [...]
-
The U.S. Food and Drug Administration (FDA) released an advise about the vulnerabilities of a number of Medtronic implantable cardiac device programmers that hackers can potentially exploit enabling them to alter the programmer’s functionality when [...]
-
Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker [...]
-
Michigan Medicine is sending notification letters to 3,600 patients regarding the impermissible disclosure of some of their protected health information (PHI). The Michigan Medicine Development Office conducted a fundraising project and mailed letters to a [...]
-
Lambda Legal filed a legal case for a data breach victim who, together with 92 lower-income HIV positive individuals, had their highly sensitive protected health information (PHI) stolen by unauthorized people from the California AIDS [...]
-
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its [...]
-
A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the [...]
-
Gold Coast Health Plan located in Camarillo, CA told its 37,000 plan members that cyber attackers potentially accessed some of their protected health information (PHI) because one of its employees’ email account was compromised. The [...]
-
The ECRI Institute is a non-profit company that studies new techniques to enhance patient care. It has recently published an annual list that includes the top 10 Health Technology Hazards for 2019. The goal of [...]
-
Phishing is one of the leading causes of healthcare data breaches. Phishers are able to access healthcare data from email accounts. In many incidents, those email accounts contain considerable volumes of highly sensitive protected health [...]
-
AggregateIQ is an analytics company based in Canada that acted for the Vote Leave campaign. The Information Commissioner’s Office (ICO) issued the first UK GDPR notice to AggregateIQ in connection with business executed in that [...]
-
Claxton-Hepburn Medical Center, which is a not-for-profit community hospital based in Ogdensburg, New York, terminated several employees because they accessed patient medical records even though they do not have authorization to do so. The hospital [...]
-
Ohio Living, which is a firm providing life plan communities and home health services, discovered that an unauthorized individual accessed some of its employees’ email accounts. On July 10, 2018, Ohio Living noticed the suspicious [...]
-
In April 2018, a 65-year old former gynecologist named Rita Luthra from Massachusetts, Longmeadow, was charged with criminal violation of the HIPAA Privacy Rule and federal investigation obstruction. In September 19, 2018, the judge announced [...]
-
The Compliancy Group launched a new free tool called HIPAA Quiz to help organizations assess the present condition of their HIPAA compliance. Healthcare providers that implement policies and procedures in compliance with the Health Insurance [...]