Recent HIPAA News

The American Data Privacy and Protection Act (ADPPA) presented in June was considerably revised in just a few days. Then, last month there was a new draft of ADPPA law presented having more changes. The [...]

Zenith American Solutions, the Sound Health and Wellness Trust’s third-party manager, recently advised people regarding a mailing error that compromised their Social Security numbers of the people. Based on the breach notification, the company sent [...]

Additional information was recently published regarding two cyberattacks on healthcare companies: Behavioral Health Group and Goodman Campbell Brain and Spine. Behavioral Health Group Reports Potential Compromise of Patient Data in December 2021 Cyberattack Behavioral Health [...]

Fast Track Urgent Care, an urgent healthcare clinic network in Florida, has announced that the protected health information (PHI) of 258,411 persons was exposed and possibly stolen due to a ransomware attack on PracticeMax, a [...]

Meta is dealing with one more class action lawsuit because of the illegal collection and disclosure of health information with no content. The Northern District of California received the filed lawsuit on behalf of the [...]

A big data breach was reported that has impacted many healthcare, senior living and rehabilitation centers in Arizona, Oregon, Nevada, Colorado, Utah, and Washington, which are managed by organizations that belong to the group Avamere [...]

Almost all Americans are confident regarding their understanding of cybersecurity as per the latest AT&T study of 2,000 People in America. Nevertheless, bad cyber hygiene and poor password strategies remain a usual thing. OnePoll performed [...]

Cybercriminals are increasingly attacking business associates of HIPAA-covered entities because of the ease of accessing the systems of a number of healthcare providers. To help healthcare delivery organizations (HDOs) manage the situation, the Cloud Security [...]

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released information to assist healthcare companies to be protected against web application attacks. In recent years, web applications have increased in [...]

Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has just confirmed that a data breach at a business associate resulted in the exposure of the protected health information (PHI) of a number of its health [...]

In June 2022, 70 healthcare data breaches involving 500 or higher records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR). This number is two less than May and [...]

The National Institute of Standards and Technology (NIST) has made updates to its guidance for HIPAA-covered entities on enforcing the HIPAA Security Rule to better secure patients’ personal data and protected health information (PHI). The [...]

A new Phishing by Industry Benchmarking Report showed that giving security awareness training to the employees considerably lowers risks to phishing attacks. KnowBe4 conducted the study to find out how helpful security awareness training is [...]

Eric G Piasick D.M.D. has utilized the exclusive HIPAA methodology of Compliancy Group and was certified to be in compliance with the HIPAA Guidelines and the HITECH Act. Under the Health Insurance Portability and Accountability [...]

All Trans Software Inc based in Ramsey, MN, which provides transportation vendors with Non-Emergency Medical Transportation (NEMT) software solutions, is certified to have put in place an efficient HIPAA compliance program according to the Compliancy [...]

The HHS’ Office for Civil Rights has lately released guidance to healthcare companies after the overturning of Roe v. Wade subsequent to the SCOTUS Dobbs v. Jackson Women’s Health Organization judgment, which took away the [...]

The Federal Bureau of Investigation (FBI), the Department of the Treasury, and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint security advisory to the healthcare and public health industry about the risk of Maui [...]

Google has stated that it is going to take steps to improve privacy protections for end users of its services. Google has always recommended an extensive, national privacy law covering consumer data to make sure [...]

The Department of the Treasury, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity warning regarding the MedusaLocker ransomware. The MedusaLocker [...]

Senators Cory Booker (D-NJ), Ron Wyden (D-OR), and Elizabeth Warren (D-MA) have written to two prominent mental health app companies and sought responses regarding their practices on data collection and sharing. There were several reports [...]

The Government Accountability Office (GAO) has advised the Department of Health and Human Services (HHS) to create a feedback system to enhance the efficiency of its data breach reporting procedure. The Health Information Technology for [...]

The software-as-a-Service company Podium based in Lehi, UT offering business text messaging services for local companies has been certified as HIPAA compliant by Compliancy Group. Podium is redefining how patients connect with their local healthcare [...]

Acorda Therapeutics Reports Email Account Breach The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments [...]

PHI of Approximately 69,000 Persons Compromised in Comstar Hacking Incident Comstar based in Rowley, MA provides ambulance invoicing, collection, ePCR Hosting, and client/patient services. It found out that an unauthorized third-party acquired access to selected [...]

Recently, Central Florida Inpatient Medicine (CFIM) based in Lake Mary, FL has found that an unauthorized person has accessed the email account of a staff member. The compromised emails and file attachments may contain the [...]

A new bill has been launched by Sen. Elizabeth Warren (D-MA) that wishes to prohibit data brokers from selling the health and location information of Americans. The bill called The following senators co-sponsored the Health [...]

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider. [...]

Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients. Based [...]

ScribeMedics LLC is a service provider of real-time, remote, medical transcription, EHR charting, virtual back office, and medical record review. Compliancy Group recently certified ScribeMedics LLC that it has fully complied with the regulatory requirements [...]

The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by [...]

Atlassian has announced a patch to correct a critical zero-day vulnerability that impacts all supported versions of Confluence Server and Data Center. The vulnerability, which is tracked as CVE-2022-26134 has a maximum CVSS severity score [...]

There is a new zero-day vulnerability discovered that impacts a Windows tool like Follina. Although there’s no information if the vulnerability was exploited in the wild, it is possible to exploit it. The recent attention [...]

Five vulnerabilities were discovered in the Illumina Local Run Manager (LRM), which is utilized by Illumina Researcher Use Only (ROU) instruments and Illumina In Vitro Diagnostic (IVD) devices. The impacted instruments are employed for clinical [...]

BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email [...]

A recent study conducted by Source Defense analyzed the risks related to using third- and fourth-party codes on online sites. They found that all modern, active websites had code that can be targeted by attackers [...]

Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and [...]

Researchers found out that a misconfigured AWS S3 bucket is exposing information. This cloud storage is owned by Breastcancer.org, a breast cancer support charity located in Ardmore, PA. SafetyDetectives learned that the unsecured AWS bucket [...]

After four consecutive months of decreasing figures of data breaches, reported data breaches increased by 30.2%. In April 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 56 data breaches [...]

Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT [...]