Recent HIPAA News
-
Inova Health System, a non-profit health organisation based in Falls Church, Virginia, has announced that it has experienced a data breach. The protected health information (PHI) of over 12,000 of its patients may have been [...]
-
The HHS’ Office of Inspector General (OIG) has published the findings of an audit of the FDA’s policies and procedures for addressing medical device cybersecurity in the postmarket phase. The US Food and Drug Administration [...]
-
Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of [...]
-
HIPAA’s email rules may be complicated at first glance, but ultimately can be broken down into a number of comprehensible stipulations and requirements. It is vital that any organisation has a good grasp of HIPAA’s [...]
-
A North Carolina medical center has announced that a phishing attack on its systems has resulted in the protected health information (PHI) of up to 20,000 being compromised. Catawba Valley Medical Center (CVMC), based in [...]
-
The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is [...]
-
September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of [...]
-
The use of electronic or “e-signatures” is becoming widespread as more and more people have access to portable electronic devices. As with any new development in technology, there was some concern over the compatibility of [...]
-
The Centers for Medicaid & Medicare Services (CMS) has announced that it was recently the victim of a cyberattack that has resulted in approximately 75,000 consumer records being accessed by unauthorised individuals. On October 13 [...]
-
The U.S. Food and Drug Administration (FDA) released an advise about the vulnerabilities of a number of Medtronic implantable cardiac device programmers that hackers can potentially exploit enabling them to alter the programmer’s functionality when [...]
-
Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker [...]
-
Michigan Medicine is sending notification letters to 3,600 patients regarding the impermissible disclosure of some of their protected health information (PHI). The Michigan Medicine Development Office conducted a fundraising project and mailed letters to a [...]
-
Lambda Legal filed a legal case for a data breach victim who, together with 92 lower-income HIV positive individuals, had their highly sensitive protected health information (PHI) stolen by unauthorized people from the California AIDS [...]
-
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its [...]
-
A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the [...]
-
Gold Coast Health Plan located in Camarillo, CA told its 37,000 plan members that cyber attackers potentially accessed some of their protected health information (PHI) because one of its employees’ email account was compromised. The [...]
-
The ECRI Institute is a non-profit company that studies new techniques to enhance patient care. It has recently published an annual list that includes the top 10 Health Technology Hazards for 2019. The goal of [...]
-
Phishing is one of the leading causes of healthcare data breaches. Phishers are able to access healthcare data from email accounts. In many incidents, those email accounts contain considerable volumes of highly sensitive protected health [...]
-
AggregateIQ is an analytics company based in Canada that acted for the Vote Leave campaign. The Information Commissioner’s Office (ICO) issued the first UK GDPR notice to AggregateIQ in connection with business executed in that [...]
-
Claxton-Hepburn Medical Center, which is a not-for-profit community hospital based in Ogdensburg, New York, terminated several employees because they accessed patient medical records even though they do not have authorization to do so. The hospital [...]
-
Ohio Living, which is a firm providing life plan communities and home health services, discovered that an unauthorized individual accessed some of its employees’ email accounts. On July 10, 2018, Ohio Living noticed the suspicious [...]
-
In April 2018, a 65-year old former gynecologist named Rita Luthra from Massachusetts, Longmeadow, was charged with criminal violation of the HIPAA Privacy Rule and federal investigation obstruction. In September 19, 2018, the judge announced [...]
-
The Compliancy Group launched a new free tool called HIPAA Quiz to help organizations assess the present condition of their HIPAA compliance. Healthcare providers that implement policies and procedures in compliance with the Health Insurance [...]
-
The Massachusetts attorney general fined UMass Memorial Health Care the amount of $230,000 for its HIPAA violations with respect to two data breaches which compromised the protected health information (PHI) of over 15,000 state locals. [...]
-
The Department of Health and Human Services’ Office for Civil Rights (OCR) fined three hospitals the amount of $999,000 for allowing an ABC film crew to shoot a video footage of patients for its Boston [...]
-
In June 2018, the California Consumer Privacy Act (CCPA) has been passed by the California legislature and thus important changes on how the state law safeguards consumer privacy are expected. The new consumer privacy protections [...]
-
The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report that is saying the Food and Drug Administration (FDA) must study medical equipment cybersecurity controls more carefully and more [...]
-
The HHS’ Centers for Medicare and Medicaid Services (CMS) investigated Fairview Southdale Hospital, which is located in Edina, MN, because of a supposed patient privacy violation. It was found out that during the psychiatric evaluations [...]
-
The Fetal Diagnostic Institute of the Pacific (FDIP) based in Honolulu, Hawaii was attacked by ransomware on June 30, 2018. This resulted to the installation of a file-encrypting software on a server, which encrypted different [...]
-
On September 12, 2018, President Trump approved the declaration of a federal emergency in the state of Virginia. FEMA resources were also made available to the state. Secretary Alex Azar of the U.S. Department of [...]
-
The National Institute of Standards and Technology (NIST) published a Cybersecurity Framework in 2014 to help private companies in assessing their security policies and improving their ability to stop, identify, and respond to cyberattacks. Figures [...]
-
From October 3, 2018, Apple App Store is going to enforce a new privacy policy regulation that app developers are required to tell users what they do with the collected personal data; how they protect [...]
-
The New Mexico Department of Health is checking why the personal health documents of a number of of its patients fell off a truck while being transported from the facility to the safe storage location. [...]
-
ProPublica published a research in 2015 that revealed the involvement of healthcare employees in HIPAA social media violations in 2015. If not resolved, there will probably be a lot more incidents of HIPAA violation happening [...]
-
NTT Security’s new report showed that 66% of UK’s senior officers confirmed that their organizations are not ready to cover adequately the fiscal effect of data loss in the event of a data breach. This [...]
-
The New York Attorney General fined the Arc of Erie County with $200,000 for Violating HIPAA Rules as a result of failing to safeguard its customers’ electronic protected health information (ePHI). The Arc of Erie [...]
-
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a statement concerning nine vulnerabilities identified in Philips healthcare products upon the Amsterdam-based technology firm statement of the matter to the [...]
-
There is a code weakness found in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS) that allows an attacker to get administrator privileges and remotely make changes to the code. The Qualcomm Life Capsule’s DTS is [...]
-
Missouri Care made an error in a sending letters to a number of plan members reminding them to schedule well-child visits. Because of the error, the personal data of around 20,000 children was inadvertently exposed [...]
-
Authentic Recovery Center is a drug and alcohol treatment center located in West Los Angeles that had lately encountered a phishing attack causing the possible access of personally identifiable information (PII) and protected health information [...]
-
Dennis and Wayne Russell’s adopted two-year old boy named Keon passed away as a result of accidentally drowning. Soon after the boy was brought to McAlester Regional Health Center, they got a telephone call from [...]
-
Central Colorado Dermatology (CCD) advised around 4,000 patients that hackers possibly viewed some of their protected health information (PHI) due to a ransomware attack on its information system. An unauthorized person obtained access to CCD’s [...]
-
The Gordon Schanzlin New Vision Institute found in La Jolla, CA, notified thousands of patients about the stealing of their healthcare information after records that contains protected health information (PHI) were found to be in [...]
-
In spite of many communication strategies available, healthcare providers still frequently use faxes for communicating. Some estimates propose as much as 75% of all communications take place by means of fax in the healthcare sector. [...]
-
The Anti-Phishing Working Group issued its Phishing Activity Trends Report for Q1 2018 that indicates there was a significant rise in unique phishing webpages found in the first couple of months of 2018 in comparison [...]
-
The healthcare records of over 17,000 patients were compromised in two healthcare data breaches in Massachusetts and Oregon. Lane County Health and Human Services located in Oregon has informed over 700 patients about the loss [...]
-
In the last year, the quantity of email data breach reports progressively went up. The Beazley Breach Insights Report July edition said that 23% of all data breaches documented by BBR (Beazley Breach Response) in [...]
-
The GDPR refers to a Supervisory Authority as a self-governing public authority accountable for overseeing GDPR compliance, supporting companies be GDPR compliant, and executing compliance and doing investigations. The supervisory authority should be advised if [...]
-
On July 22, Alex Azar, The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), stated during an address that the HHS is preparing for various changes to the health privacy regulations [...]
-
There is a new bill filed in the state of Massachusetts looking to boost protections for people affected by data breaches. The bill entails complimentary credit monitoring services to be provided to people whose private [...]