The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has released a new information that details cybersecurity bad practices, which are extremely harmful and considerably increase threat to critical infrastructure. There are a lot of publicized […]
Five Rivers Health Centers located in Ohio has advised 155,748 patients regarding the unauthorized access to some of their protected health information (PHI) contained in email accounts as a consequence of a phishing attack. There […]
The Government Accountability Office has released a report right after an evaluation of the organizational strategy to the U.S. Department of Health and Human Services (HHS)cybersecurity. The study was done because both the HHS and […]
An ex-employee of Aultman Health Foundation viewed 7,300 patient information with no permission for nearly 12 years prior to the discovery of the HIPAA violation. The employee was given access to patient information to carry […]
Scripps Health in San Diego is looking at several class-action lawsuits due to a ransomware attack on April 29, 2021 that affected 147,267 people. As a result of the attack, the 5-hospital healthcare system needed […]
In October 2020, Mayo Clinic reported that a former employee was found to have committed impermissible access to the health records of roughly 1,600 patients. Based on a statement released by the Mayo Clinic, the […]
The National Institute of Standards and Technology (NIST) has published a draft Cybersecurity Framework Profile for Ransomware Risk Management to be able to guide organizations avoid, respond and recuperate from ransomware attacks. The Ransomware Profile […]
A bipartisan group of senators has brought in a federal data breach notification bill- the Cyber Incident Notification Act of 2021 – that calls for all federal organizations, contractors, and firms that have supervision over […]
May was 2021’s worst month thus far in terms of healthcare data breaches. The Department of Health and Human Services’ Office for Civil Rights recorded 63 breaches involving 500 or more records in May. For […]
South Texas Health System has informed 6,761 regarding some of their protected health information (PHI) that had been accidentally disclosed. South Texas Health System offers discharge directions following patients are given medical care in its […]
The Connecticut legislature has improved its data breach notification rule, extending the definition of personal information and reducing the maximum period of time for providing breach notices. The new legislation brings the data breach notification […]
A cyberattack on Service Employees International Union 775 (SEIU 775) Benefits Group, which is a benefits manager for home healthcare and nursing home employees, resulted in the removal of sensitive information. IT employees discovered issues […]
The Chief Operating Officer of an IT security agency is facing a lawsuit due to a financially driven cyberattack on Gwinnett Medical Center based in Lawrenceville, GA last September 2018. Vikas Singla, aged 45, of […]
The Cybersecurity and Infrastructure Security Agency (CISA) has released a security alert concerning 6 vulnerabilities identified in the ZOLL Defibrillator Dashboard, which include a remote code execution vulnerability with critical 9.9 severity. An anonymous person […]
The health insurance and healthcare provider Humana in Louisville, KY and its business associate Cotiviti are confronted with legal action due to a data breach identified in late December 2020. On May 26, 2021, a […]
In September 2020, Nebraska Medicine and the University of Nebraska Medical Center found out that their systems were hacked and downloaded with malware allowing the hackers access to the protected health information (PHI) of approximately […]
The National Institute of Standards and Technology (NIST) has posted its latest report about the usage of biometric authentication on cellular devices to permit first responders to obtain quick access to sensitive information, at the […]
Attleboro, MA-based Sturdy Memorial Hospital is notifying 57,379 patients regarding a computer security incident that happened on February 9, 2021 whereby patient data was compromised. In accordance with the breach notice issued by the hospital, […]
The HHS’ Office for Civil Rights has reached a settlement with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) to resolve a potential violation of the HIPAA Right of Access. This is OCR’s 8th financial […]
The Federal Bureau of Investigation (FBI) has given a Flash Notification cautioning Fortinet Fortigate appliances end users that Advanced Persistent Threat (APT) groups are planning to target devices that haven’t been patched for three vulnerabilities: […]
Microsoft has found a huge spear-phishing campaign executed by the Russian Advanced Persistent Threat (APT) group, which is responsible for the SolarWinds Orion supply chain attack. Since January 2021, Microsoft has tracked the APT group […]
RMcKinley Christian Health Care Services (RMCHCS) in Gallup, NM submitted a report regarding a ransomware attack in February 2021 that resulted in patient data exfiltration. The attack in February conducted by the Conti ransomware gang […]
CareSouth Carolina based in Hartsville, SC has informed 76,035 patients regarding the likely exposure of some of their protected health information (PHI) because of a ransomware attack on Netgain Technologies, its IT service provider. Netgain […]
ZocDoc based in New York, which provides a platform that allows potential patients to schedule meetings with doctors and dentists, has found an issue in its software program that permitted patient information to be seen […]
There has been a great deal of uncertainty regarding the case of inquiring somebody if they have gotten a COVID-19 vaccine. Does it constitute a HIPAA violation, particularly with regards to employers asking their staff […]
Health Plan of San Joaquin (HPSJ), which is a non-profit provider of Medi-Cal managed care located in French Camp, CA, found out that an unauthorized person has acquired access to its email system and possibly […]
A number of healthcare organizations have shown concern concerning the HIPAA Privacy Rule modifications recommended by the Department of Health and Human Services (HHS) last December 2020 and publicized in the Federal Register last January. […]
New England Dermatology has begun informing 58,106 patients regarding the compromise of some of their protected health information (PHI). In a breach notice last April 30, 2021, New England Dermatology stated that its in-house pathology […]
April was notably an awful month for healthcare data breaches as 62 breaches involving at least 500 records were reported. March 2021 had the same number of healthcare data breaches. April had more than 2 […]
Universal Health Services (UHS) is facing a lawsuit associated with a 2020 data breach; but, the lawsuit proceeded only for one of the patients identified on the lawsuit. UHS manages approximately 400 hospitals and care […]
2020 was definitely not a usual year. The pandemic put big challenges on IT security teams and companies were compelled to quickly speed up their digital transformation strategies and greatly expand their remote working capacities. […]
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have given an advisory regarding DarkSide ransomware after the attack on the fuel pipeline firm Colonial Pipeline. The cyberattack triggered significant disruption […]
The Pennsylvania Department of Health and also its COVID-19 contact tracing provider are getting sued because of a breach of the personal and medical information of 72,000 Pennsylvanians. Insight Global and the Department of Health […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory regarding a new ransomware variant that is employed in attacks on a number of industry sectors, such as medical care. To date, the […]
Full-service home medical equipment firm, Health Aid of Ohio in Parma, OH, has learned that unauthorized people obtained access to its networks and stolen a number of files. The data breach was identified on February […]
CaptureRx, a 340B administrative services provider to healthcare organizations in San Antonio, TX, has experienced a ransomware attack that resulted in the theft of files that contain the protected health information (PHI) of its customers’ […]
Elekta, a Swedish provider of oncology and radiology system, is recovering from a cyberattack that shoved it to take offline its first-generation web-based storage platform on April 20, 2021. Even though the firm has reported […]
The healthcare provider Scripps Health located in San Diego experienced a ransomware attack on May 1, 2021 which compelled it to shut down its information technology systems. Scripps Health manages four hospitals throughout the San […]
Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web. DCM had hired the SaaS platform company Medifies […]
Einstein Healthcare Network, a health system based in Philadelphia, is dealing with a class-action lawsuit associated with an August 2020 phishing attack that enabled an unauthorized person to access several employee email accounts. Einstein Healthcare […]
The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 people were accidentally exposed on the internet because of a mistake made by a member of its employees. […]
An email security breach at HME Specialists LLC, doing business as Home Medical Equipment Holdco, resulted in the potential compromise of the protected health information (PHI) of 153,013 people. HME Specialists found suspicious activity within […]
Due to the escalating danger from ransomware attacks, the U.S Department of Justice has started a brand new Ransomware and Digital Extortion Task Force that is going to focus on the whole ransomware ecosystem. The […]
The healthcare data breaches reported in March increased by 38.8%. There were 62 breaches involving at least 500 records reported to the HHS’ Office for Civil Rights, the majority of which were hacking incidents. The […]
A cyberattack on CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) resulted in the theft of CHPDC members’ protected health information (PHI). CHPDC, formerly called Trusted Health Plans, found out that its computer […]
Pressure between Russia and the U.S. is increasing because of the nonstop cyberattacks on private and public sector establishments as well as the U.S. government by Russian government hackers. The National Security Agency (NSA), DHS’ […]
Health-ISAC, together with the American Hospital Association (AHA), has shared guidance for healthcare data security teams to assist them to develop resilience in the event of supply chain cyberattacks like the latest SolarWinds Orion occurrence. […]
The U.S. National Security Agency (NSA) has reported four zero-day vulnerabilities identified in Microsoft Exchange Server versions 2013, 2016, and 2019 which are employed for on-premises Microsoft Exchange Servers. Quick patching is necessary as threat […]
The Ventura County District Attorney directed Adventist Health Physicians Network located in Simi Valley, California to pay civil momentary penalties worth $40,000 for a civil privacy settlement resolving a patient privacy breach that impacted 3,797 […]
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has introduced a brand new tool to go with the open-source Sparrow detection tool based on PowerShell that was launched in December 2020 to support network defenders […]
Roper St Francis Healthcare is confronted with a class action lawsuit associated with an October 2020 data breach wherein patient information was purportedly stolen. The lawsuit alleges negligence for not protecting patients’ private information. From […]
Advanced persistent threat (APT) actors are exploiting vulnerabilities in the Fortinet FortiOS operating system to gain access to servers to get into networks as pre-positioning for follow-on data exfiltration and information encryption attacks. In the […]
Med-Data Inc., a revenue cycle management services vendor based in Spring, TX, has given confirmation that the protected health information (PHI) of patients of some of its clients were loaded to GitHub, an open-source software […]
Wake Forest Baptist Health made an announcement that an unauthorized individual acquired access to the systems of Healthgrades Operating Co. Inc, its technology vendor between October 16 and October 28, 2020 and possibly viewed or […]
Security company Proofpoint has associated the Advanced Persistent Threat (APT) group called Charming Kitten with a spear-phishing campaign carried out at the end of 2020 aimed towards senior pros at medical research institutions in the […]
At the beginning of 2020, phishers began taking advantage of the pandemic and changed from their typical lures to many pandemic-associated themes for their campaigns. After one year since the COVID pandemic began, researchers at […]
The HHS’ Office for Civil Rights has reported reaching a settlement with Village Plastic Surgery based in Ridgewood, NJ to resolve potential HIPAA Right of Access violations. Based on the conditions of the settlement, Village […]
Cancer Treatment Centers of America is notifying 104,808 of its Midwestern Regional Medical Center patients regarding the potential access by an unauthorized person to some of their protected health information (PHI) that is included in […]
In February 2021, reported data breaches involving 500 or more healthcare records increased by 40.63%. There were 45 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, almost all […]
On January 12, 2021, Colorado Retina Associates in Denver found out that an unauthorized person accessed the email account of one employee and utilized it to send out phishing emails to contacts listed in the […]
Health plan management and back-office services provider PeakTPA based in St. Louis, MO-based provider reported a cyberattack with protected health information (PHI) theft that occurred on or approximately December 28, 2020. PeakTPA detected the security […]
Premier Diagnostics, a COVID-19 testing service based in Utah, has accidentally compromised the protected health information (PHI) of thousands of people. Bob Diachenko of Comparitech discovered two exposed Amazon S3 buckets on February 22, 2021. […]
About 207,000 people were confirmed to have been impacted by a ransomware attack on St. Cloud-based Netgain Technology LLC and that number may still go up. A number of entities in the healthcare sector, such […]
Making changes to the HIPAA Rules is not frequent, therefore whenever there is a proposition for updates, a range of new specifications and updates to existing terms is commonly included. Before undertaking any updates, a […]
The Arizona Supreme Court revived a HIPAA violation legal case that a man from Phoenix filed because of a privacy violation by a pharmacy worker associated with an erectile dysfunction medicine prescription. Greg Shepherd, aged […]
On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Mikie Sherrill (D-New Jersey) and Bonnie Watson Coleman (D-New Jersey)wrote a letter advocating the Federal Trade Commission (FTC) to begin imposing the Health Breach […]
Governor Ralph Northam has signed into law the Virginia Consumer Data Protection Act (CDPA). CDPA mandates persons doing business in the Commonwealth of Virginia to follow new data privacy and security standards. The CDPA will […]
Cochise Eye and Laser, an ophthalmology and optometry company located in Sierra Vista, AZ, had a ransomware attack on January 13, 2021 and saw the encryption of its patient booking and billing application. Due to […]
The IBM X-Force published a new report that shows healthcare cyberattacks had a 100% increase in 2020 and 28% of attacks were ransomware attacks. The substantial increase in healthcare sector cyberattacks put the sector on […]
The National Security Agency (NSA) has lately published new guidance to assist companies to implement a Zero Trust approach to cybersecurity and have better protection against very advanced cyber threats. Zero Trust is a security […]
2020 was a notably awful year for the healthcare industry in terms of ransomware attacks. Fortune 500 healthcare system Universal Health Services (UHS) based in King of Prussia, PA suffered one of the worst ransomware […]
Covenant Healthcare based in Saginaw, MI has found out that an unauthorized individual acquired access to two email accounts of employees. The account held the protected health information (PHI) of roughly 45,000 patients. The healthcare […]
The last day for reporting healthcare data breaches involving less than 500 records that were identified in 2020 is on March 1, 2021. Until then, HIPAA-covered entities and business associates can submit their breach reports […]
Kroger made an announcement that it has encountered a data security incident, which exploited the SQL injection vulnerabilities found in its Accellion File Transfer Appliance (FTA). The Accellion FTA is an old appliance that was […]
The number of healthcare data breaches involving 500 or more records in January 2021 decreased by 48% month-over-month. There were 32 data breaches reported in January compared to December’s 62. Although this is below the […]
Wilmington Surgical Associates located in North Carolina is dealing with a class suit due to a Netwalker ransomware attack that resulted in a data breach last October 2020. In most ransomware attacks today, data files […]
Grand River Medical Group based in Dubuque, OH found out that an unauthorized person acquired access to an employee’s email account and might have seen or gathered the protected health information (PHI) of 34,000 patients. […]
A Campbell County Health (CCH) personnel had done an email error that led to the impermissible disclosure of the protected health information (PHI) of 900 people. The health system based in Gillette, WY found out […]
The court has given preliminary approval of a settlement proposal by 21st Century Oncology to take care of a November 2020 class-action lawsuit. The class-action lawsuit was submitted in District Court for the Middle District […]
The Conti ransomware gang has left a big set of healthcare information online that was presumably taken from Leon Medical Centers based in Florida and Nocona General Hospital based in Texas. Leon Medical Centers experienced […]
The National Cyber Investigative Joint Task Force (NCIJTF) published a ransomware fact sheet to increase awareness regarding the ransomware attack threats and offer information that could be used to avoid and offset attacks. An interagency […]
University of Pittsburgh Medical Center (UPMC) has reported that the protected health information (PHI) of over 36,000 patients was potentially accessed by unauthorized persons subsequent to a cyberattack on a company that provides UPMC with […]
Cybersecurity firm Imperva released a report that showed significant growth of attacks on healthcare sector web apps. Imperva Research Labs noted 51% more web app attacks for the period November 2020 to December 2020, the […]
Two personnel of the Department of Veteran Affairs’ (VA) information technology allegedly made false representations regarding the privacy and security risks of a huge data AI project involving the VA and a private firm that […]
Europol stated that the well known Emotet Botnet was taken down in association with a multinational law enforcement operation. Law enforcement agencies in the United States, Europe, and Canada controlled the Emotet infrastructure, which is […]
The contract of Philly Fighting COVID to distribute COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was ended following accusations that the organization’s privacy policies potentially allowed the purchase of private […]
Lake Region Healthcare located in Fergus Falls, Minnesota is having an investigation of a ransomware attack detected on December 22, 2020. The ransomware attack impacted a number of systems of the healthcare company that interrupted […]
2020 ended with healthcare data breach reports at the rate of two each day, which is two times the rate of breach reports last January 2020. There was a 31.9% month over month increase in […]
A recent study printed in the Journal of the American Medical Informatics Association (JAMIA) revealed that information blocking by electronic health record (EHR) vendors remains remarkably rampant in spite of recent policymaking that forbids information […]
Ransomware attacks have had a big impact on companies and organizations in the United States, and 2020 was in particular a bad year. Ransomware gangs targeted the healthcare sector, education industry, and federal, state, and […]
Minnesota South Country Health Alliance based in Owatonna, MN has identified that an unauthorized individual got access to a staff’s email account that held the protected health information (PHI) of 66,874 of its members. The […]
The HHS’ Office for Civil Rights (OCR) is moving forward with its efforts to catch healthcare companies that fail to provide patients with prompt access to their healthcare records. OCR recently announced a settlement reached […]
The Federal Bureau of Investigation (FBI) published a Private Industry Advisory regarding the growing number of cases of Egregor ransomware attacks. This ransomware-as-a-service operation was first discovered in September 2020. The attackers behind the Egregor […]
An email security breach at LSU Health University Medical Center-New Orleans led to the probable exposure of the protected health information (PHI) of some patients. LSU Health New Orleans Health Care Services Division earlier announced […]
Prestera Center for Mental Health Services, West Virginia’s biggest behavioral health services provider, became aware that an unauthorized person potentially obtained access to the protected health information (PHI) of a small number of its present […]
In the fall of 2020, CISA, FBI, and HHS cybersecurity gave a joint advisory to the healthcare and public health industry subsequent to a surge in ransomware activity. The joint notice discussed that attackers are […]
2020 was the most awful ever year when it comes to healthcare industry data breaches. There were 616 data breaches involving 500 or more health records documented by the HHS’ Office for Civil Rights. Those […]
The U.S. National Security Agency (NSA) issued a cybersecurity advisory concerning the activity of Russian state-sponsored hacking groups targeting a vulnerability found in VMWare virtual workspaces that is used for performing remote work. The vulnerability […]
The Department of Health and Human Services’ Office for Civil Rights has released a new Health Insurance Portability and Accountability Act (HIPAA) Rules guidance to tackle the issue of disclosing protected health information (PHI) to […]
Atlantic.net in Orlando, Florida made statements concerning big changes that will help improve its performance, make its billing more accurate, and allow it to deliver better overall customer assistance. The hosting provider currently provides its […]
The DHS’ Cybersecurity and infrastructure Security Agency has created a website offering information about the current cyber activities of the advanced persistent threat (APT) gang behind the compromise of the SolarWinds Orion software supply chain. […]
The number of healthcare data breaches reported dropped again last November; however, take note that the number of reported breaches in October 2020 was thrice the average monthly number mostly because of the ransomware attack […]
Meharry Medical College located in Nashville, TN found an email account breach that possibly allowed unauthorized persons to get access or steal the protected health information (PHI) of up to 20,983 patients. Meharry Medical College […]
The Department of Health and Human Services’ Office for Civil Rights has publicized its 2016-2017 HIPAA Audits Industry Report, featuring areas where HIPAA-covered entities and their business associates are complying or unable to abide with […]
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has issued final guidance for healthcare delivery companies on securing the Picture Archiving and Communication System (PACS) ecosystem. PACS […]
The Federal Bureau of Investigation (FBI) has released a private industry notice regarding the increasing DoppelPaymer ransomware activity and the threat actors’ change in strategy to compel victims into paying the ransom. DoppelPaymer ransomware first […]
Cedar Springs Hospital based in Colorado Springs, CO is informing some patients regarding the loss of a portable storage unit that had their protected health information (PHI) last October 2020. The hospital gave a copy […]
Twitter is penalized with €450,000 ($544,600) for violating the EU’s General Data Protection Regulation (GDPR). The Data Protection Commission (DPC) in Ireland issued the fine in connection with Twitter’s privacy breach report to the DPC […]
The House Energy and Commerce Committee passed a new bill (HR 7988), which tries to change the HITECH Act to necessitate the Department of Health and Human Services to identify whether or not HIPAA-covered entities […]
A phishing attack on Tufts Health Plan resulted in the compromise of the protected health information (PHI) of 60,545 members’ of EyeMed, a vision benefits management company. EyeMed uncovered the phishing attack on July 1, […]
GBMC HealthCare located in Towson, MD reported a ransomware attack that happened on December 6, 2020 causing the taking down of its computer network. The healthcare company currently implements EHR downtime protocols while it controls […]
Dental Care Alliance, LLC based in Sarasota, FL, a dental support provider with more than 320 affiliated dental practices in 20 states, was hacked and potentially compromising the protected health information (PHI) of over a […]
Rave Mobile Safety has announced a COVID-19 Vaccine Distribution Option that will enable public health agencies to determine persons who must have priority vaccination, customize alerts to these individuals, provide reminders for second vaccinations, and […]
Montefiore Medical Center and Mercy Health have reported insider data breaches in the past few days. In both breaches, an employee accessed patient information even if there was no valid work reason for doing so. […]
Kalispell Regional Healthcare based in Montana has offered a $4.2 million settlement deal to take care of a lawsuit filed on behalf of victims associated with a data breach that was reported in October 2019. […]
Researchers at Ben-Gurion University in Israel talked about a potential bioterrorist attack that could jeopardize the synthetic DNA supply chain. DNA synthesis providers may be misled into creating unsafe DNA sequences, skipping present security controls, […]
Four vulnerabilities were identified in the OpenClinic software, the most critical of which could possibly permit unauthorized people to get around authentication and access protected health information (PHI). A lot of private clinics, hospitals, and […]
University of Minnesota Physicians recently experienced a phishing attack that permitted unauthorized people to obtain access to two workers’ email accounts. One email account was accessible from January 30 to January 31, 2020 and the […]
AspenPointe based in Colorado Springs, a provider of mental health and behavioral health services, has reported a cyberattack in September 2020 that resulted in the potential compromise of patient information. Because of the attack, the […]
A recent private industry alert from the Federal Bureau of Investigation (FBI) revealed that threat actors that use Ragnar Locker ransomware have increased their attacks and have been choosing businesses and organizations in different sectors […]
OCR imposed more financial penalties on HIPAA covered entities and business associates this 2020 than any year since OCR got authorized by the HIPAA Enforcement Rule to issue financial penalties on non-complying entities. As of […]
The number of reported data breaches to OCR for October is well above average. It was 33.68% less than September’s with 63 reported breaches involving 500 or more records, but it was still 41.82% above […]
The biggest eyewear business in the world, Luxottica, had a cyberattack that affected several websites managed by the company. Luxottica is the owner of the popular eyewear brands Persol, Ray-Ban, and Oakley. It produces designer […]
Office 365 users have been cautioned regarding a continuous phishing campaign that collects user credentials. The attackers utilize sophisticated strategies to circumvent email security defenses and social engineering techniques to trick company personnel into going […]
According to Microsoft, Advanced Persistent Threat (APT) groups in North Korea and Russia are directing attacks on companies engaged in COVID-19 research and vaccine development. Three APT groups have targeted six big pharmaceutical companies and […]
A phishing attack affected the Department of Human Services, North Dakota Department of Health, Cavalier County Health District, and other state departments that resulted in the compromise of employee email accounts from November 23 to […]
A ransomware attack on First Impressions Orthodontics, a Professional Dental Alliance of Connecticut PLLC’s subsidiary, occurred on September 28, 2020 that resulted in the potential compromise of the protected health information (PHI) of 23,000 patients. […]
The BD Alaris PC Unit identified a medium severity vulnerability that could be exploited to bring about a denial of service attack and a drop in wireless capacity. Medigate discovered the vulnerability and reported it […]
The TrickBot botnet is being used to conduct a new phishing campaign that delivers the Buer loader and Bazar backdoor malware. Researchers at Area 1 Security detected the campaign that has been operating since early […]
Ransom Demands Continue to Increase The Coverware Quarterly Ransomware report for Q3 2020 reveals that the average ransom demand progressively increased during the last 8 quarters, though the quarterly growth was more significant every quarter […]
Coveware has published its Quarterly Ransomware report for the third quarter of 2020 and featured the hottest ransomware attack developments. The report notes that data exfiltration before deploying the ransomware remains a well-liked tactic. About […]
The U.S. Department of Health and Human Services’ Office for Civil Rights just issued the 10th financial penalty covered by the HIPAA Right of Access enforcement initiative. Riverside Psychiatric Medical Group based in California has […]
An unauthorized person had accessed the email account of an employee of Centerstone, which provides mental health and substance use disorder treatment services in Illinois, Indiana, Florida and Tennessee. Centerstone detected strange activity in the […]
The Information Commissioner’s Office (ICO), the United Kingdom’s data protection authority, has enforced a £18.4 million ($23.8 million) financial fine on Marriott International for violating the EU’s General Data Protection Regulation (GDPR). The ICO had […]
computer systems remained offline, it is still providing patient care. The hospital’s emergency and urgent care departments are open and are fully operational. Most scheduled elective procedures will proceed as scheduled. Right now, while the […]
The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) have given an advisory regarding elevated Ryuk ransomware activity directed at the public […]
Aetna Life Insurance Company and the associated covered entity (Aetna) has decided to resolve several potential HIPAA violations that the Department of Health and Human Services’ Office for Civil Rights (OCR) found in the course […]
On October 11, 2020, Sonoma Valley Hospital based in California encountered a computer security breach that resulted in the shutdown of its computer systems, hence “a significant downtime event” occurred. The hospital went ahead with […]
LuxSci, a provider of HIPAA-compliant email communications services based in Massachusetts, has reported that it has gotten HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is an all-inclusive, certifiable platform for companies that generate, […]
Before September, the HHS’ Office for Civil Rights only issued three financial penalties on covered entities and business associates over HIPAA violations. Yet, in September, there was a squall of notices regarding HIPAA settlements when […]
September is awful in terms of data breaches. HIPAA-covered entities and business associates reported 95 data breaches involving at least 500 records. The increase in breaches is 156.75% compared to last August 2020. There wasn’t […]
The UK National Cyber Security Centre (NCSC) just recently issued a security warning urging companies to patch a critical remote code execution vulnerability present in Microsoft SharePoint. There is also an advisory from the DHS […]
On October 2020 Patch Tuesday, Microsoft launched a patch to fix a critical remove code execution vulnerability identified in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The vulnerability is caused by the way TCP/IP […]
Silent Librarian, also known as Cobalt Dickens and TA407, centered in Iran has begun again spear-phishing attacks on colleges in America and all over the world. Since 2013, the hacking group has been executing attacks […]
Universal Health Services has affirmed that its 250 hospitals in the USA are operational and hoping to catch a person thought to be behind the ransomware attack that shut down its systems for three weeks. […]
eResearchTechnology in Philadelphia is a company marketing software for clinical trials, for instance, the clinical trials relating to Covid-19 vaccines. The company experienced a ransomware attack last September 20, 2020 that affected several clients, including […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint alert about advanced persistent hackers stringing exploits for a number of vulnerabilities in cyberattacks directed at federal and […]
Community Health Systems located in Franklin, TN, and its subsidiary CHSPCS LLC agreed to settle a multi-state action with 28 state attorneys general by paying out $5 M. An investigation directed by Tennessee Attorney General […]
The 12th HIPAA penalty of 2020 has been reported by the Department of Health and Human Services’ Office for Civil Rights (OCR). It is the 8th under the HIPAA Right of Access enforcement initiative since […]
The chiropractor Accents on Health based in Lone Tree, CO encountered a ransomware attack on August 5, 2020 that saw the encryption of information kept on its computer systems. Cybersecurity forensics experts looked into the […]
A healthcare employee who was charged with violation of patient privacy and the Health Insurance Portability and Accountability Act (HIPAA) Rules was cleared of any violation after the federal law enforcement’s investigation. The said employee […]
On September 30, 2020, Blackbaud submitted a Form 8-K with the SEC (U.S. Securities and Exchange Commission) that gave more details on the ransomware attack encountered by the company in May 2020. Blackbaud stated that […]
Oaklawn Hospital located in Marshall, MI, has begun informing 26,861 patients regarding a potential compromise of their personal and medical data. It is not clear when the hospital detected the breach, however, the forensic investigation […]
Health insurer Anthem Inc. based in Indianapolis, IN has settled its multi-state actions filed by state attorneys general in relation to its 2014 78.8 million record data breach. One settlement deal for $39.5 million was […]
Alameda Health System (AHS) based in Alameda, CA, an inpatient, outpatient, emergency, and wellness services provider around the East Bay area, became aware that an unauthorized individual had briefly gained access to an employee’s email […]
Universal Health Services (UHS) located in King of Prussia, PA has experienced a big security breach that resulted in the inaccessibility of its IT systems. The health system has got at least 400 healthcare facilities […]
People affected by the recent data breaches that occurred at Blackbaud and Assured Imaging took legal action for the compromise and theft of their personal data and protected health information (PHI). Several Lawsuits Filed in […]
stealing credentials from several applications and data resources, such as Firefox, Safari, and Chrome web browsers. It likewise rips off credentials utilized for email accounts, sFTP and FTP clients. The malware can be used to […]
Montefiore Medical Center in Bronx, New York has dismissed a worker due to the supposed theft of the protected health information PHI of around 4,000 patients. Montefiore learned about the possible internal data breach in […]
The HHS’ Office for Civil Rights received 37 reports of healthcare data breaches involving 500 or more records in August 2020. The number of breaches continued to be rather constant month-over-month, however, breached records in […]
There are 5 vulnerabilities with low- to medium-severity discovered in the Philips Clinical Collaboration Platform (Vue PACS). An attacker could exploit the vulnerability and influence an authorized user to perform unauthorized activities or disclose data […]
A recent joint cybersecurity alert published by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that a hacking group connected to the Iranian government was detected exploiting […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the newly released version of its tool for Security Risk Assessment (SRA). The Office of the National Coordinator for Health Information Technology […]
HealthAlliance Hospital and its health record management vendor, Ciox Health, are facing a lawsuit for refusing to give a widow the medical records of her deceased husband. In October 2020, the husband of Sherry Russell, […]
Inova Health System in Falls Church, VA is one of the healthcare companies that lately confirmed the impact of the Blackbaud ransomware attack on its company. The information contained in a backup donor database included […]
A Federal judge dismissed a potential class-action lawsuit that was filed in June 2019 against UChicago Medicine, the University of Chicago, and Google. The lawsuit was a response to an alleged breach of HIPAA Rules […]
The Baton Rouge Clinic located in Louisiana suffered a cyberattack at the beginning of July that made its email and phone system inaccessible and constrained its laboratory and radiology services. The ransomware attack caused systems […]
The National Insider Threat Awareness Month (NITAM) is being observed this September 2020 for the second time. The whole month, resources are being made accessible to point out the value of discovering, blocking, and reporting […]
Recently, the Center for Democracy and Technology (CDT) and the eHealth Initiative & Foundation (eHI) issued a draft of a consumer privacy framework for health data to deal with the loopholes in legal protections for […]
There is a growing number of healthcare providers that are confirmed to have experienced a data breach as a result of the Blackbaud ransomware attack. Four more healthcare providers sent breach notification reports in the […]
Northwestern Memorial HealthCare has reported the potential exposure of the personal data of persons who donated to Northwestern Memorial HealthCare in the past due to a Blackbaud ransomware attack fairly recently. An unauthorized man or […]
Konica Minolta Healthcare Americas Inc. is going to pay $500,000 as a financial penalty to bring to an end a case against Viztek LLC, its ex-subsidiary, to take care of False Claims Act violations in […]
The Society for Imaging Informatics in Medicine, the American College of Radiology, and the Radiological Society of North America published an advisory with regards to online medical presentations and the possibility of inadvertent exposure of […]
The Secretary Alex Azar of the HHS has a public health emergency declared in the states of Texas and Louisiana because of Hurricane Laura, and in California because of the continuing wildfires. HIPAA Rules continue […]
In 2019, Heritage Valley Health System in Beaver, PA filed a case against Nuance Communications in relation to the 2017 NotPetya malware attack. The case was dismissed by a federal judge in the US District […]
A cyberattack on Dynasplint Systems in Severna Park, MD resulted in the potential access or theft of personal and protected health information (PHI). The company manufactures proprietary stretching gadgets for enhancing joint motion. The security […]
In June 2020, the web servers of Netsential based in Houston, TX was hacked resulting in the theft of roughly 270 gigabytes of information. The hacking group Distributed Denial of Secrets (DDoSecrets) published the stolen […]
A group of researchers from Harvard University investigated the technologies being used in COVID-19 home monitoring. A variety of technologies were created to cut down the possibility of being exposed to SARS-CoV-2 and diagnose signs […]
There were two critical vulnerabilities discovered in XenMobile Server / Citrix Endpoint Management (CEM). An unauthenticated attacker may exploit the vulnerabilities tracked as CVE-2020-8208 and CVE-2020-8209 to get access to the credentials of a domain […]
Technology and security consultant Jeremiah Fowler announced that the personal and health information of about 2.5 million patients were exposed on the internet. On July 7, 2020, two folders that contain the information were found […]
July had a big decrease in the amount of data breach reports involving at least 500 healthcare records. July had 36 data breach reports, which was 30.8% month-over-month less than June’s 52 breach reports. But […]
A database that contains the personal data of over 3.1 million patients was exposed on the internet and was eventually wiped out by the Meow bot. A security researcher named Volodymyr ‘Bob’ Diachenko found the […]
Behavioral Health Network (BHN), the biggest provider of behavioral health service in Western Massachusetts, has reported a malware attack on its computer systems which made its files inaccessible. BHN discovered the security breach on May […]
A phishing attack on the University of Maryland Faculty Physicians, Inc. (FPI) potentially resulted in the access of the protected health information (PHI) of the University of Maryland Medical Center (UMMC) patients by unauthorized people. […]
A ransomware attack on Owens Ear Center based in Fort Worth, Texas happened on May 28, 2020 that caused encryption of patient information. The encrypted device comprised patients’ healthcare records that enclosed data like names, […]
The healthcare system FHN based in Freeport, IL is sending notifications to some patients that an unauthorized individual has potentially accessed several employees’ email accounts from February 12 to February 13, 2020 resulting in the […]
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a high priority advisory to warn businesses of the threat of cyberattacks that use the Taidoor malware, which is a remote access Trojan […]
One more pharmacy chain made an announcement that looters stole the protected health information (PHI) of some of its customers in late May during a time of civil unrest. Between May 27 to May 30, […]
The clear decline in healthcare data breaches observed in May turned out to be temporary, with June having a big increase in data breaches. June had 52 breach reports submitted by HIPAA covered entities as […]
There was a vulnerability discovered in the Philips DreamMapper software program, which is a mobile application used to keep track of and take care of sleep apnea. The application is not for providing treatment to […]
A significant amount of proof shows that nation-state hacking groups are concentrating on attacking institutions engaged in COVID-19 study and vaccine development to steal data for the research programs in their own countries. In the […]
This week, the Federal Bureau of Investigation (FBI) released a (TLP:WHITE) FLASH advisory subsequent to a rise in attacks that involve the NetWalker ransomware. NetWalker is a fairly new ransomware risk that was identified in […]
CVS Pharmacy is notifying some patients about the loss of some of their private data and protected health information (PHI) after a number of incidents took place at its pharmacies from May 27, 2020 to […]
The U.S. Department of Justice (DOJ) indicted two Chinese nationals for hacking US firms and government institutions to steal sensitive data, which include COVID-19 research information. Allegedly, the hackers were operating under the command of […]
Cybercriminals are exploiting the latest integrated network procedures to do increased damaging DDoS attacks on US systems. Three network procedures were created to be used in devices like mobile phones, IoT devices nd Macs, which […]
The Federal judge dismissed the lawsuit filed versus Sarrell Regional Dental Center for Public Health Inc. because of a ransomware attack in July 2019 as a result of insufficient standing. Sarrell had recovered from the […]
The cybersecurity company Emsisoft based in New Zealand has published its ransomware statistics for 2020 that show there were at least 41 successful ransomware attacks on hospitals and other healthcare providers in the first half […]
The CVSS v3 base rating of vulnerability CVE-2019-5024 is 7.6 out of 10. This vulnerability was observed in Capsule Technologies SmartLinx Neuron 2 medical data collection devices using software program version 6.9.1. SmartLinx Neuron 2 […]
Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020. Third-party cybersecurity specialists assisted with the investigation to ascertain whether […]
The radiology practice Quantum Imaging and Therapeutic Associates in Pennsylvania announced that there were reports received regarding the non-physician personnel who allegedly shared with a Facebook group an x-ray photo of a male patient’s genitalia. […]
The Central California Alliance for Health found out that an unauthorized individual acquired access to several employees’ email accounts and possibly viewed or duplicated information in emails and file attachments. The healthcare provider detected the […]
A growing number of healthcare companies are confronted with legal action mainly because a ransomware attack had led to patient data theft. The Florida Orthopedic Institute in Florida, which is a big orthopedic provider, recently […]
Benefit Recovery Specialists, Inc., a billing and collection firm located in Houston, TX, reported finding malware on its networks, and unauthorized persons may have accessed some protected health information (PHI). BRSI as a business associate […]
The FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) issued a joint advisory recently regarding cybercriminals using The Onion Router (Tor) in their attacks. The U.S. Navy developed the Tor as a free, open-source […]
Several vulnerabilities were identified in the Apache Guacamole remote access system. Lots of companies employed Apache Guacamole to let administrators and employees access Windows and Linux devices remotely. The system became well-known during the COVID-19 […]
The U.S. National Security Agency (NSA) has released guidance to assist companies in securing IP Security (IPsec) Virtual Private Networks (VPNs) that are employed to permit employees to securely link to corporate networks to do […]
Healthcare Fiscal Management Inc. (HFMI) based in Wilmington, NC provides hospitals, physician groups and clinics with self-pay conversion and insurance eligibility services. HFMI encountered a ransomware attack that resulted in the exposure of the personal […]
OpenClinic GA has 12 vulnerabilities identified in its open-source integrated hospital information management system. Numerous hospitals and clinics use OpenClinic GA for managing financial, administrative, clinical, laboratory and pharmacy workflows. It is also used for medical […]
On July 1, 2020, implementation of the California Consumer Privacy Act (CCPA) of 2018 started. The CCPA was already effective starting on January 1, 2020, however, all businesses covered by the Act were granted a […]
Philips found an authentication bypass issue affecting Philips Ultrasound Systems. An attacker can potentially manipulate this problem to access or modify data. The vulnerability is set off by the existence of an optional path or […]
May 2020 had a noticeable drop in the reports of healthcare data breaches as 28 data breaches involving 500 or more records were submitted to the HHS’ Office for Civil Rights. This number is the […]
Landmark Hospital of Athens based in Georgia suspended three staff members who are alleged of viewing, copying or exposing patient records. The likely HIPAA breach can be associated to a legal case that four nursing […]
American Medical Technologies based in Irvine, CA, a provider of wound care solutions and medical supplies, reported that an unauthorized person accessed the email account of an employee and most likely viewed and copied the […]
Sunrise Treatment Center located in Cincinnati, OH is notifying 3,660 patients about the potential unauthorized access of some of their protected health information (PHI) contained in an employee’s email account. The breach happened on February […]
The Senate Health, Education, Labor, and Pensions (HELP) Committee is thinking about what must be retained of the 31 latest changes to telehealth policies once the COVID-19 national public health crisis ends. The interim modifications […]
On June 16, 2020, The National Association of Attorneys General (NAAG) sent a letter to Apple and Google to communicate issues regarding consumer privacy connected to COVID-19 contact tracing along with exposure notification programs. NAAG […]
There were 19 zero-day vulnerabilities identified in the TCP/IP communication software library that Treck Inc. developed. Innumerable connected devices throughout practically all industry sectors, which include healthcare, were affected. Treck is a company based in […]
The University of Utah Health encountered another phishing attack that led to the exposure of the protected health information (PHI) of 2,700 patients. For the third time this year, the University of Utah had a […]
Cano Health, a population health management company and healthcare provider based in Florida, discovered that an unauthorized person accessed the email accounts of three employees by setting up a mail forwarder the email accounts and […]
There is an upcoming virtual event to be hosted on June 23, 2020 to assist managed service providers (MSPs) in facing the obstacles of operations during these difficult times. COVID-19 has compelled companies in all […]
A warning issued by the DHS Cybersecurity and Infrastructure Security Agency (CISA) stated that there is a functional proof of concept (PoC) exploit associated with a critical remote code execution vulnerability identified in the Microsoft […]
The Everett & Hurite Ophthalmic Association (EHOA) refers to a group of ophthalmology experts offering their services in Pittsburgh & Warrendale, PA. EHOA discovered an unauthorized person had accessed the email account of an employee […]
The Commonwealth of Kentucky Personnel Cabinet has reported two data breaches that happened from late April to Early May. Because of the attacks, the protected health information (PHI) of about 1,000 members of the Kentucky […]
St Joseph Health System in North Central Indiana is sending notifications to patients regarding the exposure of some of their protected health information (PHI) due to unauthorized viewing. The breach did not occur at St […]
Healthcare provider Kaiser Permanente based in Oakland, CA discovered that a former staff gained access to the radiology information of many patients without permission for a period of 8 years. Kaiser Permanente knew about the […]
The FBI and the Cybersecurity and Infrastructure Security Agency lately made a joint public service announcement explaining the 2016 to 2019 top 10 most exploited vulnerabilities. Advanced nation state hackers exploit these vulnerabilities to target […]
A Russian hacking gang referred to as Sandworm (Fancy Bear) is exploiting an Exim Mail Transfer Agent vulnerability. The flaw, labeled as CVE-2019-10149, is a remote code execution vulnerability that was brought in in Exim […]
The HHS’ Office of Inspector General (OIG) has issued a tactical plan for monitoring the COVID-19 response and recovery work of the Department of Health and Human Services. OIG is going to evaluate how good […]
Mat-Su Surgical Associates based in Palmer, AK made an announcement that it encountered a ransomware attack in March. The staff discovered the attack on March 16 after being locked out of the computer systems because […]
Four Senators wrote to the Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) because of the latest notification telling COVID-19 research organizations that hackers associated with China are doing […]
Advanced Persistent Threat (APT) groups keep on targeting healthcare companies, research groups, pharmaceutical firms, and other organizations actively helping during the COVID-19 crisis. That is why, the United Kingdom and the United States cybersecurity authorities […]
In April 2020, 37 healthcare data breaches involving at least 500 records were reported That number is only one more than the number of breaches in March and is still lower than the average number […]
Lurie Children’s Hospital of Chicago is dealing with lawsuits regarding two privacy breaches which involved employees accessing the healthcare records of patients with no permission. The legal action was filed on behalf of a mom […]
Mille Lacs Health System based in Onamia, Mn has suffered a phishing attack that possibly exposed more than 10,000 patients’ protected health information (PHI). A number of employees of Mille Lacs Health System got phishing […]
Two privacy bills were presented in relation to the COVID-19 contact tracing apps which Congress is currently considering. Republican and Democratic lawmakers introduced contending bills that have several common ground and hope to accomplish the […]
Companies that encounter a ransomware attack might be enticed to pay the ransom demand to minimize downtime and expenses on recovery, however a Sophos survey indicates companies that pay the ransom in reality turn out […]
Management and Network Services (MNS), LLC based in Dublin, OH provides post-acute healthcare companies with administrative support services. The email accounts of some MNS employees were found to have been compromised. MNS explained in a […]
Organizations engaged in researching SARS-CoV-2 and COVID-19 received warning that hackers associated with the Peoples Republic of China (PRC) are targeting their organizations, consequently, they need to take steps to safeguard their systems from any […]
Saint Francis Healthcare Partners in Connecticut is informing 38,529 patients about the potential compromise of some of their protected health information (PHI) due to a sophisticated cybersecurity incident that permitted an unauthorized person to access […]
Business email compromise scammers from Nigeria were found targeting COVID-19 research institutions, pandemic response agencies, and government healthcare organizations to get falsified wire transfer payments and install malware. Palo Alto Networks’ Unit 42 team researchers […]
COVID-19 has compelled a lot of organizations to quickly implement a work from home scheme for employees, which resulted in new possibilities for cybercriminals to execute attacks. Cyberattacks on remote employees have grown considerably at […]
The HHS’ Office for Civil Rights (OCR) issued guidance to remind healthcare providers that under the HIPAA Privacy Rule, the media and film crews are not allowed to access healthcare facilities where patients’ protected health […]
A number of healthcare companies were impacted by a strange data breach at STAT Informatics Solutions, LLC based in Waupaca, WI. STAT provides a number of healthcare companies with secure medical records services which include […]
The Department of Health and Human Services is slow in responding to the high priority recommendations of the Government Accountability Office (GAO). Of the 54 high priority recommendations specified in a GAO report in March […]
The number of reported healthcare data breaches decreased in March 2020 by 7.69%. The number of breached records also decreased by 45.88%. In March, there were 36 healthcare data breaches involving 500 and up records […]
Parkview Medical Center located in Pueblo, Colorado is recouping from a ransomware attack which began on April 21, 2020. Several IT systems were deactivated because of the attack. The Meditech electronic medical record system of […]
The World Health Organization (WHO) is a well-known organization that is fighting COVID-19. Cybercriminals and hacktivists have escalated attacks on WHO as it addresses the COVID-19 pandemic. WHO receives five times more attacks now as […]
The American Hospital Association (AHA) and the American Medical Association (AMA) have made a joint cybersecurity guidance for work at home doctors during the COVID-19 outbreak so that they would be guided in keeping their […]
A Federal judge gave the final approval of the proposed settlement by Banner Health for a class-action lawsuit filed over its 3.7 million-record data breach last 2016. The proposed settlement having an amount of $8.9 […]
The HHS’ Office of Inspector General (OIG) recommended a rule last Tuesday that make changes to civil monetary penalty guidelines to also cover information blocking. If implemented, the new CMPs for information blocking will be […]
The FBI has given a new alert after a surge in COVID-19 phishing scams directed at healthcare companies. In the advisory, the FBI clarifies that on March 18, 2020 network perimeter cybersecurity programs utilized by […]
The Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) gave an advisory to all companies that use Pulse Secure VPN servers regarding the likelihood of not preventing cyberattacks even after patching vulnerabilities. CISA is […]
A phishing attack on Aurora Medical Center-Bay Area in Marinette, WI on January 1, 2020 resulted in the exposure of some protected health information (PHI) of 27,137 patients. A number of Aurora Medical Center employees […]
Beaumont Health, Michigan’s biggest healthcare system, announced the potential compromise of patient data located in email messages and file attachments because unauthorized persons gained access to some employees’ email accounts. Beaumont Health discovered the email […]
On April 15, 2020, Microsoft issued updates to resolve 113 vulnerabilities that affected its operating systems and software products, including 19 critical vulnerabilities. The updates this month consist of fixes for no less than 3 […]
Microsoft introduced a patch to address a critical vulnerability impacting Microsoft Exchange Servers which threat actors could potently exploit to have complete command of a vulnerable system. In spite of the warning of Microsoft that […]
The HHS has released a Notice of Enforcement Discretion that is applicable to healthcare organizations and business associates that get involved in the operations of COVID-19 community-based testing areas. According to the terms of the […]
The McHenry County Health Department in Illinois were not providing 911 dispatchers with the names of COVID-19 patients to safeguard patient privacy, just as what they do with patients that caught other infectious diseases like […]
A ransomware attack on Brandywine Urology Consultants based in Delaware on January 25, 2020 resulted in the encryption of files stored on its servers and computer systems. The scope of the attack was limited and […]
Hawaii Pacific Health learned about the 5-year snooping of an employee of Straub Medical Center (Honolulu) on patient healthcare records. Hawaii Pacific Health discovered on January 17, 2020 the unauthorized patient records access and began […]
The Federal Bureau of Investigation gave a warning after an uprise in Business Email Compromise (BEC) attacks that are making the most of the chaos associated with the COVID-19 pandemic. The term BEC refers to […]
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) presented further guidelines on HIPAA and COVID-19. The new guidance presents cases when covered entities permit disclosures of protected health information (PHI) […]
A new Proofpoint report states that cybercriminals are now mostly only doing campaigns that are related to the 2019 Novel Coronavirus. 80% of all threats found by the Proofpoint are related to coronavirus. The latest […]
Although most social engineering and phishing attacks come about through email, social engineering strategies are likewise employed to persuade people to disclose sensitive data through other channels of communication, such as the telephone. There is […]
Improper Disposal Incident Reported by the Georgia Department of Human Services The Georgia Department of Human Services reported that employees in Augusta, GA had improperly disposed of confidential case files stored in boxes. The case […]
LifeSprk, a provider of senior care based in Minnesota, is mailing notification letters to 9,000 of its clients about the potential exposure of their protected health information (PHI) as a consequence of a phishing attack […]
A sophisticated group of hackers targeted the World Health Organization (WHO) and its partners attempting to steal login credentials to get access to its network by impersonating WHO’s internal email system. Several WHO staffers received […]
American HomePatient’s proposal to settle for $1 million a class-action lawsuit filed on behalf of the 2017 data breach victims has gotten initial approval. The data breach which led to the filing of the lawsuit […]
The 2019 Novel Coronavirus was referred to by researchers as Severe Acute Respiratory Syndrome Coronavirus 2 or SARS-CoV-2. It is the virus behind the Coronavirus Disease 2019 or COVID-19. In November, researchers first discovered the […]
In February,, 39 healthcare data breaches involving at least 500 records were reported representing a 21.9% increase from January. The breached 1,531,855 healthcare records represent a 231% increase from January. February had more breached records […]
After the HHS’ Office for Civil Rights announcement that HIPAA compliance enforcement has been relaxed in relation to the good faith provision of telehealth services all through the COVID-19 national public health emergency, OCR released […]
Maze Ransomware Attack at Texas Network of Walk-in Clinics A Maze ransomware gang attacked AffordaCare Urgent Care Clinic, which is a network of walk-in clinics throughout Texas. A recent DataBreaches.net report stated that the hackers […]
A law company is filing a lawsuit against Medical Records Online (MRO), a healthcare release-of-information solution provider, for charging too much on law companies and insurance companies when furnishing electronic copies of patients’ health records. […]
For sure HIPAA covered entities, which include healthcare companies, healthcare clearinghouses, health plans, and business associates of covered entities, have plenty of queries about HIPAA compliance and the COVID-19 coronavirus cases. There may well be […]
Cybercriminals are targeting the U.S. Department of Health and Human Services (HHS) in an attempt to overload its website with hundreds of thousands of hits. As per the statement of HHS spokesperson, Caitlin B. Oakley, […]
Henry Mayo Newhall Hospital in Santa Clarita, CA has dismissed a number of its employees because of snooping on the Saugus High School shooter’s health records. Under the Health Insurance Portability and Accountability Act (HIPAA) […]
HIMSS Media on behalf of Mimecast recently published a study which revealed that for the past 12 month period, 90% of healthcare organizations have encountered a minimum of one email-based threat. While 72% have suffered […]
Privacy Breach at Harris Health System Harris Health System based in Houston, TX has informed 2,298 patients about the potential exposure of some of their protected health information (PHI). On December 30, 2019, two envelopes […]
The 2020 Healthcare Information and Management Systems Society Conference (HIMSS 20) was cancelled because of the persistent spread of COVID-19. Over 40,000 people and 1,300 exhibitors were supposed to go to the conference that was […]
The Singapore University of Technology and Design researchers identified a group of 12 vulnerabilities referred to as SweynTooth in the Bluetooth Low Energy (BLE) software development kits that came from around 7 suppliers of software-on-a-chip […]
Walgreens started notifying customers regarding the potential access of some of their protected health information (PHI) by other people because of an error in the Walgreens mobile app particularly its personal secure messaging feature. The […]
The Department of Health and Human Services’ Office of Inspector General (OIG) conducted an audit of the National Institutes of Health (NIH). The results revealed that technology control flaws in the NIH electronic medical records […]
Connectria has unveiled the release of a carbon-neutral ‘green cloud’ in its North America and European Union data centers. The brand-new green cloud is being offered to businesses using IBM i and VMware systems. Connectria […]
There are several healthcare organizations that recently reported phishing attacks namely Tennessee Orthopaedic Alliance, Jefferson Dental Care Healthcare Management, and Munson Healthcare. Phishing Attack on Tennessee Orthopaedic Alliance Tennessee Orthopaedic Alliance (TOA) found out that […]
BST & Co. CPAs LLC based in Albany, NY was attacked by a Maze ransomware gang and impacted the patients of Community Care Physicians P.C., a New York medical group. A Maze ransomware gang is […]
In January, there are more than one healthcare data breaches involving at least 500 records per day reported to the Department of Health and Human Services’ Office for Civil Rights. According to the 2019 Healthcare […]
The HHS’ Office for Civil Rights persistently enforced HIPAA compliance at the same level as the last three years. In 2019, 10 HIPAA enforcement actions resulted in the issuance of financial penalties. There were 2 […]
According to the Department of Health and Human Services’ Office for Civil Rights breach portal statistics, 2019 saw a 196% increase in healthcare data breaches from 2018. There were 510 healthcare data breaches involving 500 […]
A phishing attack on Overlake Medical Center & Clinics based in Bellevue, WA in December 2019 resulted in the potential compromise of some personal and protected health information (PHI) of 109,000 patients. Overlake Medical Center […]
Xhibit Telemetry Receiver Vulnerable to Critical BlueKeep Windows Vulnerability The Xhibit Telemetry Receiver (XTR) with model number 96280, v1.0.2, including all versions of the currently unsupported Xhibit Arkon (99999) were found to have critical BlueKeep […]
The Department of Health and Human Services’ Office of Inspector General (OIG) conducted an audit, which revealed that numerous pharmacies and other healthcare companies are incorrectly using the data of Medicare beneficiaries. OIG performed the […]
A phishing attack on Wise Health System in Decatur, TX that happened on March 14, 2019 resulted in the potential compromise of some protected health information (PHI) of 66,934 patients. Wise Health System reported to […]
Ransomware Attack on Central Kansas Orthopedic Group A ransomware attack on Central Kansas Orthopedic Group (CKOG) based in Great Bend, KS in November 2019 resulted in patient file encryption. CKOG discovered the attack on November […]
Stacey Lavette Hendricks, who is a 49-year-old local of Leesburg, FL, pleaded guilty to wire fraudulence and aggravated identity theft. Hendricks was an employee in a medical clinic who was caught impermissibly accessing the protected […]
The 2019 Internet Crime Report of the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) was just presented. It shows that cybercrime losses in 2019 exceeded $3.5 billion. IC3 received about 1,300 per […]
Hospital Sisters Health System just lately found out that an email security breach occurred in August 2019. Unauthorized persons potentially accessed e-mail messages and attachments that contain the protected health information (PHI) of 16,167 patients. […]
Sunshine Behavioral Health Group based in Portland, OR provides business services to healthcare companies. The group reported a breach of its cloud-based system that stored patient medical records because of an accidental misconfiguration. Patient data […]
The new Ponemon Institute research reveals that the occurrence of cybersecurity incidents due to insiders has gone up by 47% in the last two years. The average yearly global cost due to those cybersecurity incidents […]
The Department of Health and Human Services announced the changes to a final rule of the HIPAA National Council for Prescription Drug Programs (NCPDP) D.0 Telecommunication Standard requiring pharmacies to keep tabs on partly filled […]
In connection with the Novel Coronavirus (2019-nCoV) outbreak news recently, the Department of Health and Human Services released an advisory to remind HIPAA covered entities about sharing patient data during infectious disease outbreaks and other […]
CalHIPAA is a registered trademark. © Copyright 2003 to 2024 calHIPAA. All rights reserved.