Articles by Christine Garcia

An alert issued by cybersecurity company Emsisoft mentioned the use of a decryptor bug by Ryuk ransomware victims to recover their records. Using this bug in the decryptor application could result in file corruption and […]

Ann & Robert H. Lurie Children’s Hospital of Chicago, which is a pediatric specialty hospital, found out that an ex-employee accessed certain patients’ medical records without having an authorized work reason. The employee’s unauthorized action […]

In November 2019, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 33 healthcare data breach reports with 500 or more records, which is 36.5% less than the reported breaches in […]

The Northern District of Alabama filed a lawsuit against DCH Health System in the Western Division of U.S. District Court because of a ransomware attack that happened on October 1, 2019. The ransomware attack forced […]

The second enforcement action was issued by the Department of Health and Human Services’ Office for Civil Rights as per the HIPAA Right of Access Initiative. Korunda Medical in Florida agreed to resolve potential violations […]

The House Energy and Commerce Committee released a draft of the discussion of a new bipartisan data privacy bill. The bill concerns the national standards for privacy and security and plans to put limits on […]

LifeLabs located in Toronto, one of the biggest Canadian medical testing and diagnostics companies, submitted a serious data breach report. Hackers possibly viewed the personal and medical information of around 15 million individuals, mostly residents […]

Tidelands Health located in Georgetown, SC, is working 24 / 7 to reestablish its computer systems after discovering malware on its system on December 12, 2019. The malware attack has compelled the healthcare company to […]

Encryption makes data unavailable to unauthorized people, as long as strong encryption is utilized and the private key to decrypt information isn’t compromised. Not all encryption algorithms give a similar protection level. The effectiveness of […]

Truman Medical Centers located in Kansas City, MO, the biggest inpatient and outpatient services provider in the city, learned that an unencrypted laptop computer that contains 114,466 patients’ protected health information (PHI) was stolen from […]

Blue Cross Blue Shield of Minnesota, the state’s biggest health insurance provider, is currently working to resolve about 200,000 unaddressed vulnerabilities identified on its servers, some of which are over ten years old. In August […]

Cheyenne Regional Medical Center located in Wyoming lately discovered the compromise of patient data because of a phishing attack in April. On or around April 5, 2019, the medical center received notification concerning a potential […]

Sunrise Community Health based in Evans, CO discovered the compromise of several employees’ email accounts because its employees responded to phishing emails. Unauthorized individuals accessed the email accounts from September 11, 2019 to November 22, […]

In June 2016, Banner Health sustained a data breach which resulted in the theft of the protected health information (PHI) of 2.9 million people. Victims of the breach filed a class-action lawsuit in August 2016. […]

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) made an announcement a ransomware attack that caused the potential exposure of the protected health information (PHI) of about 80,000 patients. The ransomware attack was seen on September […]

Solara Medical Supplies is confronted with a lawsuit involving a data breach in June 2019 resulting in the exposure of the protected health information (PHI) of over 114,000 customers and the potential data theft by […]

Kalispell Regional Healthcare based in Montana is getting sued as a consequence of a phishing attack that made it possible for hackers to get access to the email accounts of employees that have the protected […]

Nebraska Medicine learned that a member of its staff got access to patients’ healthcare data without any authorized work reason for a time period of about three months. Nebraska Medicine uncovered the privacy violation while […]

Loudoun Medical Group, also called the Comprehensive Sleep Care Center (CSCC), had a phishing attack some time on June 19, 2019. The IT department was cautioned regarding a potential email security breach upon detecting suspicious […]

Amazon’s Alexa now features a new healthcare skill that patients may employ in handling their prescription drugs and purchasing prescription refills. At the beginning of this year, Amazon stated that it has made a HIPAA-eligible […]

The 8th HIPAA financial penalty of 2019 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). Sentara Hospitals has made an agreement to pay a penalty of $2.175 […]

The Anti-Phishing Working Group’s Phishing Activity Trends Report for Q3, 2019 stated that the rate of phishing attacks now is at a rate that is the highest since 2016. In Q3 of 2019, there were […]

Google has affirmed the news of its partnership with one of the biggest U.S. healthcare systems so that it could access a substantial volume of patient information. Google partnered with Ascension, which is the world’s […]

Brooklyn Hospital Center in New York announced a security breach that happened in late July 2019 involving malware installation on some hospital servers. The quick discovery of the incident minimized the problems caused since safety […]

A ransomware attack on Virtual Care Provider Inc. (VCP), a provider of data storage, internet, and email services, cybersecurity, and other IT services in Wisconsin, resulted in the encryption of the healthcare records and other […]

A phishing attack on Choice Cancer Care Treatment Center (CCCT) in May 2019 resulted in the potential access of the protected health information (PHI) of some patients by unauthorized people in May 2019. CCCT is […]

Aegis Medical Group, a physician group in Florida, began informing 9,800 patients regarding the potential access of their protected health information (PHI) by a former employee. Allegedly, that person tried to sell patient data to […]

A phishing attack on Solara Medical Supplies, LLC in Chula Vista, CA, resulted in the potential compromise of the protected health information (PHI) of a lot of its customers. Solara Medical discovered suspicious activity in […]

A misconfigured AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a network of drug and alcohol addiction rehabilitation centers based in San Juan Capistrano, CA resulted in the compromise of sensitive patient data. […]

Main Street Clinical Associates, PA. located in Durham, NC has notified a number of its patients regarding the potential compromise of some of their protected health information (PHI) because of the stolen devices from its […]

A phishing attack at Salem Health Hospitals & Clinics, Oregon on July 31, 2019 resulted in the access of some employees’ email accounts by an unauthorized person. The healthcare provider detected the breach within a […]

A new survey was done to know the expense connected with healthcare data breaches, the magnitude of the healthcare community attacked, and what proportion of the attacks become successful. The Black Book Market Research performed […]

Utah Valley Eye Center based in Provo, UT sent breach notification letters to patients concerning an unauthorized person that potentially accessed some of their personal information as a result of its scheduling reminder web portal’s […]

A wrong configuration of the billing program of Texas Health Resources caused the impermissible disclosure of the health information of 82,577 of its patients. Texas Health Resources is one of the United States’ major faith-based […]

The HHS updated its HIPAA Security Risk Assessment Tool with a number of new features requested by users to enhance usability. The HHS Office of the National Coordinator for Health Information Technology (ONC) in cooperation […]

Because a data breach on the Palmetto Health site occurred, Prisma Health Midlands is informing about 19,000 patients and 3,000 employees. Prisma Health – earlier known as Palmetto Health – found out on August 29, […]

TitanHQ, a provider of cloud security, has seen an exceptional increase in quarter three of 2019, having the most bustling quarter for its MSP enterprise all through its 20+ year history. The company grew into […]

Smith’s Food & Drug based in Salt Lake City, OH has reported that around 58,000 patients’ pharmacy records were improperly disposed of. The grocery and drug store chain discovered the improper disposal on August 29, […]

California Governor Gavin Newsom affixed his signature on bill AB-1130 which revises the data breach notification law in California. The latest bill stretches the meaning of personal information impacting the need to issue notifications to […]

The vulnerability CVE-2019-13546 was discovered in the Philips IntelliSpace Perinatal obstetrics data management system. This vulnerability is remotely exploitable by a user of an authorized remote desktop session host application or a person that could […]

Geisinger Health Plan based in Danville, PA found out that some of its members’ protected health information (PHI) was exposed because Magellan NIA, one of its business associates, had a suspected phishing attack. Magellan NIA […]

Kalispell Regional Healthcare in Montana had a security breach last summer and is informing around 129,000 patients about the potential compromise of their protected health information (PHI). Kalispell Regional Healthcare manages Kalispell Regional Medical Center, […]

Monterey Health Center in Milwaukie, OR encountered a ransomware attack, which began on August 12, 2019. Because of the incident, its electronic health records system was encrypted and made patient information inaccessible. With the assistance […]

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) and Microsoft launched a new project to create guidance on the development and implementation of an effective patch management strategy. After […]

A new report from Emsisoft, a New Zealand-based cybersecurity company, exposed the magnitude of ransomware usage in cyberattacks in America. 2019’s first 9 months had 621 reports of ransomware attacks on government agencies, healthcare companies, […]

The 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs) has been published by Gartner. It includes a study of the healthcare cloud market and points out how the cloud may be […]

A new Proofpoint report provides ideas on the cyber threats that healthcare companies run into and the most prevalent attacks that bring about healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report reveals the evolving threat […]

Hunt Regional Healthcare based in Texas learned that a May 2018 cyberattack was more extensive than earlier thought. The FBI informed Hunt Regional on May 14, 2019 that an advanced, targeted cyberattack hit its systems […]

The University of Texas at Austin McCombs School of Business introduced a special healthcare-specific professional cybersecurity certificate program. The professional leadership and educational program is the first healthcare targeted cybersecurity certification program to be made […]

Three of DCH Health System’s hospitals in Alabama were forced not to accept new patients other than those in a critical state due to a ransomware attack. The staff in DCH Regional Medical Center in […]

CHI Health in Omaha, NE, a 14-hospital health system, had a ransomware attack, which led to the potential exposure of the protected health information (PHI) of close to 48,000 patients. CHI Health became aware of […]

On behalf of Kaspersky Lab, a B2B International survey recently performed confirmed there is an increase in the average expense of a data breach at the enterprise-level from $1.23 million (2018) to $1.41 million. The […]

Cancer Treatment Centers of America (CTCA) is informing some patients about the exposure of their protected health information (PHI) because of a phishing-related email security breach at its Southeastern Regional Medical Center, which happened on […]

There has been an increase in the number of business email compromise (BEC) attacks in the United States. According to Symantec, an average of 6,029 businesses received BEC emails in the last 12 months and […]

The Department of Health and Human Services’ Office for Civil Rights consented to a negotiation with Elite Dental Associates concerning its HIPAA violation case relating to the impermissible disclosure of protected health information (PHI) of […]

Armis Security researchers found 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, which is a third-party software part utilized in some medical devices and hospital networks. The DHS Cybersecurity and Infrastructure Security Agency (CISA) received […]

North Florida OB-GYN located in Jacksonville, FL found out that hackers acquired access to selected parts of its computer system holding personal and health information of patients and infected the system with a virus that […]

A damaging ransomware attack on Wood Ranch Medical in Simi Valley, CA caused its irreversible shutting down on December 17, 2019. The attack took place on August 10, 2019 and the ransomware corrupted the servers. […]

Sen. Rand Paul, M.D., (R-Kentucky) has announced a new bill that tries to once and for all take away the HIPAA national patient identifier provision considering the privacy problems in using such a system. At […]

Dr. Ulrich Klopfer operated three abortion clinics in Indiana, but the clinics were closed down upon the suspension of his license in 2015. After his passing away on September 3, 2019, his family members discovered […]

The Department of Health and Human Services (HHS) is banned from expending any of its funds for the creation and launch of a national patient identifier, although there was anticipation that the prohibition will eventually […]

Starting October 1, 2019, medical insurance companies and related services must inform the Maryland Insurance Administration (MIA) in case a breach of insureds’ personal data occurs. The change in legislation is applicable to health plans, […]

Philips IntelliVue WLAN firmware had been found to have two vulnerabilities that affected some IntelliVue MP monitors. The vulnerabilities can be exploited by hackers to install malicious software that could have an effect on data […]

A ransomware attack on Campbell County Health located in Gillette, WY resulted in the disablement of hospital systems, which prevented access to patient information. The attack began in early in the morning of September 20, […]

Based on a recent investigation by ProPublica, Bayerischer Rundfunk (a German public broadcaster), and Greenbone Networks (vulnerability and analysis firm, 24.3 million medical images in medical image storage systems are publicly accessible on the internet […]

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices. Mobile devices permit personnel to […]

A phishing attack on East Central Indiana School Trust (ECIST) resulted in the exposure of some protected health information (PHI) of over 3,200 people. On May 19, 2019, an ECIST employee was misled into sharing […]

According to the Global Connected Industries Cybersecurity Survey conducted by Irdeto, a Swedish software company, 82% of healthcare companies utilizing Internet-of-Things (IoT) devices were attacked via one of those devices in the past year. Irdeto […]

The Office of Management and Budget (OMB) submitted its annual audit report to Congress concerning the cybersecurity status of federal agencies, as ordered by the Federal Information Security Modernization Act of 2014 (FISMA). OMB examined […]

A new research study published in JAMA Network Open revealed that many patients are okay with sharing their EHR data and biospecimens for research purposes; however, the majority of patients would like to limit the […]

When healthcare providers encounter a data breach, breach victims will naturally be annoyed and upset. People provide their data to healthcare organizations with the understanding that they implement safeguards to protect that information. Whenever patients […]

A phishing attack on Artesia General Hospital in Artesia, NM resulted to the compromise of 13,905 patients’ protected health information (PHI). The hospital detected the breach on June 18, 2019 when it was discovered that […]

The agency assigned to implement HIPAA compliance is the Department of Health and Human Services’ Office for Civil Rights. Only a handful of HIPAA violations were issued financial penalties prior to 2016. Then, the number […]

The last phishing attack on Bonita Springs, an NCH Healthcare System based in Florida, highlighted the great importance of providing healthcare employees with security awareness training. Bonita Springs detected the attack on June 14, 2019 […]

On June 26, a University of Chicago Medical Center (UCMC) patient filed legal action against UCMC and Google with regards to an alleged privacy violation involving the disclosure of protected health information (PHI) without de-identifying […]

A phishing attack on NCH Healthcare System in Naples, FL resulted in the exposure of patient information. NCH Healthcare knew about the suspicious activities on its payroll system on June 14, 2019. A third-party computer […]

The Swedish Data Protection Authority (DPA) issued its first financial penalty for a General Data Protection Regulation (GDPR) violation. A high school in Skellefteå was issued a 200,000 SEK fine (€19,000/$21,000) for conducting a pilot […]

An unsecured database online contains the personal data of individuals who exhibited an interest in Vascepa®, a cholesterol drug that Amarin Pharma manufactures. The database contained information including complete names, telephone numbers, email addresses, home […]

Massachusetts General Hospital (MGH) discovered recently the unauthorized access of the computer applications utilized by its Department of Neurology researchers. The person behind the breach could potentially access the protected health information (PHI) of around […]

Nuvance Health informed some Western Connecticut Health Network (WCHN) patients concerning their protected health information (PHI) exp. CHN sent to the Connecticut State Department of Public Health a package of medical documents on June 11, […]

The healthcare industry is being attacked with more data breaches. Why do hackers want to target the healthcare industry? FireEye came up with a new report to provide answers to this question. FireEye researchers analyzed […]

The Western District of Wisconsin US District Court has partly dismissed the class-action data breach lawsuit that UnityPoint Health is facing. In February 2018, employees of UnityPoint Health received phishing emails and responded to them. […]

A database which comprises of the personal information of men and women who expressed interest in Vascepa®, a cholesterol drug manufactured by Amarin Pharma, was exposed online. The database, which a third party vendor maintained, […]

Florida’s Integrated Regional Laboratories (IRL) is informing about 30,000 patients regarding the potential compromise of their protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) data breach, which was discovered […]

medRxiv, a health manuscript archiving firm, recently conducted a study which revealed the prevalent noncompliance with the HIPAA right of access. The researchers of this study mailed 51 healthcare providers requesting for medical record and […]

Eye Care Associates, a fully integrated eye care provider in the northeast Ohio region, had a ransomware attack in late July which led to the inaccessibility of its computer systems. Two weeks after the attack, […]

The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock […]

Because of a phishing attack on April 2019, the University of Missouri Health Care (MU Health) is charged with a lawsuit. MU Health found out on May 1, 2019 the one week unauthorized access of […]

Allscripts Healthcare Solutions proposed a preliminary settlement to resolve the violations of HIPAA, the Anti-Kickback Statute and the electronic health record (EHR) incentive program of the HITECH Act by the electronic health record (EHR) firm […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico. A press release on July 19, 2019 explained the discovery by […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico. A press release on July 19, 2019 mentioned the […]

Businesses governed by HIPAA regulations need to be mindful whenever using emergency text notification systems and ensure not to disclose Protected Health Information (PHI) without authorization. It can be quite difficult to adhere to HIPAA […]

The Department of Veteran Affairs Office of Inspector General (VA OIG) inspected a California VA medical center recently and found security vulnerabilities linked to medical device workarounds as well as non-compliance with Veterans Health Administration […]

The healthcare industry has had a particularly bad first six months. The many reports of data breaches and the volume of healthcare records exposed every day are very concerning. The trend this 2019 is over […]

A HIPAA business associate from Madison Heights, MI, Northwood Inc., reported hacking of one of its employee’s email account and potential viewing or acquisition of sensitive patient information. Northwood Inc knew about the breach on […]

The first GDPR data breach fine has been issued by Authoriteit Persoonsgegevens, the GDPR data protection authority in the Netherlands, to Haga Hospital in the Hague. The hospital is to pay a GDPR fine of […]

Patients of Wise Health System in Decatur, TX received notification regarding the potential exposure of their protected health information (PHI) because of a phishing attack. About 35,899 patients were affected by the breach. The phishing […]

The 2019 Cost of a Data Breach Report of Ponemon Institute/IBM Security has been published. It is a detailed study of the reported data breaches in 2018. It revealed the continuous increase of data breach […]

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its […]

Equifax has decided to resolve its federal data breach case by paying at least $575 million. The settlement could possibly go up to $700 million plus the need to make significant improvements to its security […]

Edgepark Medical Supplies (EMS) discovered on May 13, 2019 that an unauthorized person access the account of some of its customers accounts and altered their addresses causing a redirection of their orders to different delivery […]

Idaho is giving patients new rights as hospitals implement the new rules. The Idaho Department of Health and Welfare (IDHW) is implementing the rules which began July 1, 2019. IDHW stated that patient advocacy groups […]

Just a few days after expressing the intention to issue a penalty to British Airways the amount of £183 million ($230 M) for its 383-million records breach, the United Kingdom’s Information Commissioner’s Office (ICO) is […]

Adirondack Health Vermont notified about 25,000 patients regarding the potential exposure of their protected health information (PHI) due to hacking. The potentially compromised information include the patients’ names, birth dates, healthcare insurance member numbers or […]

The U.S. Department of Health and Human Services (HHS) Secretary has declared a partial waiver of HIPAA sanctions and penalties in Louisiana because of the damage that Tropical Storm Barry likely caused when it hit […]

UK Information Commissioners Office (ICO), which is the GDPR supervisory authority, issued the biggest GDPR penalty to British Airways amounting to £183.39 million or $228 million for failure to employ security controls that led to […]

Premera Blue Cross agreed to pay $10 million to settle a multi-state data breach lawsuit that involved 30 state attorneys general. The alleged violations of state and federal laws resulted to a breach of 10.4 […]

Essentia Health is an integrated health system providing services in the states of Minnesota, North Dakota, Wisconsin and Idaho. Notifications sent to over 1,000 Essentia Health patients stated that some of their protected health information […]

Nemadji Research Corporation, doing business under the name of California Reimbursement Enterprises, released information regarding the unauthorized person who accessed the email account of an employee. There is potential exposure of the protected health information […]

GE Aestiva and Aespire Anesthesia devices were found to have an improper authentication vulnerability. These devices are typically used in hospitals all over America. The CVE-2019-10966 vulnerability can allow an attacker to remotely change the […]

A recent nCipher Security survey explored the value consumers put on their health information privacy and security. The survey had 1,300 U.S. consumers as participants and looked into their attitudes toward online personal privacy, sharing […]

Hackers exploited a two-year-old vulnerability in Microsoft Outlook targeting U.S. government networks. A warning issued by U.S. Cyber Command talked about the active exploitation of vulnerability CVE-2017-1174 and installation of remote access Trojans and other […]

A medical student is filing a lawsuit against Marshall University and Cabell Huntington Hospital because some of his protected health information (PHI) was impermissibly disclosed to a class of students. The medical student, which the […]

Alerts regarding the cybersecurity vulnerabilities discovered in several Medtronic insulin pumps were released by the United States Computer Emergency Readiness Team (US-CERT) and the Food and Drug Administration (FDA). The vulnerable insulin pumps connect to […]

According to a recent study, larger healthcare providers are more inclined to have fully developed, sophisticated cybersecurity defenses, whereas smaller healthcare providers struggle to implement cybersecurity best practices. KLAS and CHIME conducted the study and […]

Franciscan Health located in Mishawaka, IN found out that a former staff committed unauthorized access of the protected health information (PHI) of around 2,200 patients. In a routine privacy review, Franciscan Health learned about the […]

A former UChicago Medicine patient filed a lawsuit claiming that his medical information along with those of hundred other patients were shared with Google with no prior authorization. The lawsuit accuses UChicago Medical Center, UChicago […]

Virginia-based Dominion National, which is an insurance company, health plan manager, and administrator of dental and vision benefits, learned that a data breach affected the personal information of individuals connected to the services it provides. […]

Estes Park Health (EPH) located in Colorado was attacked by ransomware, which extensively encrypted files all across its network. EPH discovered the ransomware attack on June 2, 2019 when employees noticed and reported the computers’ […]

A patient care coordinator previously employed at the University of Pittsburgh Medical Center (UPMC) received a one-year imprisonment term for accessing patient healthcare records and utilizing that data for malicious damages. Sue Kalina, 62, living […]

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning after a surge in ‘Iranian regime actors’ cyberattacks. Christopher C. Krebs gave the warning as tensions build up […]

Cybercriminals that locate and exploit vulnerabilities to access healthcare networks and patient information are increasing their activities. The last two months were the worst and second worst months in terms of number of healthcare data […]

A ransomware attack on Tenx Systems, a company providing software for assisted living communities, impacted over 60 facilities that utilize the software program. Also known as ResiDex Software, Tenx Systems stated the attack happened on […]

A phishing attack on the Oregon Department of Human Services (ODHS) resulted to the potential compromise of the personal information of 645,000 clients. The phishing attack began on January 9, 2019, which got 9 ODHS […]

A recent ransomware attack on Shingle Springs Health and Wellness Center (SSHWC) located in Placerville, CA resulted to the potential compromise of the protected health information (PHI) of 21,513 patients. SSHWC found out on April […]

Rave Mobile Safety is hosting a webinar on June 18, 2019 that seeks to give better understanding of mental health problems, the difficulties community members encounter in relation to mental health conditions, and how to […]

An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient […]

A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing […]

An ex-employee of a healthcare provider based in Germantown, MD is alleged to have accessed the protected health information (PHI) of approximately 16,542 patients. The information was allegedly given to a third party to be […]

Ever since reports regarding the massive data breach at American Medical Collection Agency (AMCA) became known, over 12 lawsuits had been submitted by breach victims. Quest Diagnostics formally reported the breach on June 3, 2019 […]

News reports spoke of the American Medical Collection Agency (AMCA) data breach that brought about the compromise of 11.9 million Quest Diagnostics patient records. Current news cite another healthcre company affected by the AMCA breach. […]

Turlock Irrigation District in California is notifying its employees who are members of their employer-sponsored health plan regarding the exposure of some of their protected health information (PHI) online due to a business associate error. […]

The huge data breaches lately which included the breach at Quest Diagnostics affecting 11.9 million records and the breach at LabCorp affecting 7.7 million records. Now, University of Chicago Medicine announced a data breach with […]

The Vermont Supreme Court issued a ruling permitting a patient to take legal action against a hospital and nurse for privacy violation, irrespective of Vermont law and the HIPAA law that do not allow private […]

Microsoft issued another warning regarding the BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) after publishing online proof-of-concept exploits for the vulnerability. Microsoft issued fixes for the vulnerability on May 14, 2019. Patches were also made […]

In March 2015, health insurer Premera Blue Cross in Seattle reported a major data breach that affected close to 10.6 million plan members. The breach happened in 2014 and a wide range of information was […]

People Inc. is a non-profit health and human services firm located in Western New York providing services to elderly people and people with developmental disabilities. A phishing attack on the organization affected roughly 1,000 persons. […]

Medical Oncology Hematology Consultants (MOHC), a Newark,DE based cancer treatment center, suffered an email security breach that lead to the compromise of the protected health information (PHI) of some patients. MOHC published a substitute breach […]

Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable […]

A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. […]

Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The […]

Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, […]

Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data […]

Thousands of health records were found left behind in a public dumpster located in Texas. The boxes comprise of patient and employee records from Today’s Vision and include documents that contain highly sensitive data. Today’s […]

Cancer Treatment Centers of America (CTCA) suffered another breach involving the e-mail account of one personnel working at its Southeastern Regional Medical Center. The breach on March 10, 2019 happened after a phishing attack. The […]

The American Academy of Neurology (AAN) spoke about their concerns on the interoperability plans of the HHS’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). […]

April was really bad for healthcare data breaches. The number of reported data breaches this month is higher than any other month since October 2009 when the Department of Health and Human Services’ Office for […]

A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security […]

American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around […]

The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack […]

A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City […]

The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and […]

Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was […]

The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach […]

After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to […]

Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties […]

A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact […]

The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & […]

The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will […]

A notification of enforcement discretion issued by the Department of Health and Human Services about the civil monetary penalties applied whenever there are HIPAA Rules violations discovered will reduce the maximum financial penalty in three […]

The Washington legislature made a unanimous decision to pass HB 1071 / SB 5064, a new data breach notification law. The only the bill needs is the signature of Washington Governor Jay Inslee. The law […]

The King County Superior Court lately agreed to a $4.7 million settlement to pay back the people whose personal data were stolen in a breach at Washington State University in April 2017. Portable hard drives […]

Three breaches involving patients’ protected health information (PHI) due to email hacking were reported. The three hacking incidents affected a total of 8,635 patients. The first breach happened in the Center for Sight and Hearing […]

The HHS’ Office of the National Coordinator for Health IT (ONC) has published a second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) and is accepting comments on the revised material. The objective […]

The highly sensitive data of patients who had received treatment at addiction rehabilitation centers were discovered to be publicly accessible online because of an unsecured database. There were around 4.91 million records in the database, […]

Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual. A breach investigation which started on February 20, 2019 revealed that a variety […]

993 beneficiaries of Medicaid or have obtained services from the Ohio Department of Job and Family Services (ODJFS) living in Ohio received notification that unauthorized persons potentially viewed some of their protected health information (PHI) […]

A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons. The counseling center discovered the […]

The website of Blue Cross of Idaho was hacked resulting to the access of its member portal by an unauthorized person who viewed the protected health information (PHI) of some members. Blue Cross of Idaho […]

The consultancy company CynergisTek conducted a study recently and found that healthcare organizations aren’t in conformity to the HIPAA Privacy and Security Rules and the NIST Cybersecurity Framework (CSF) controls. CynergisTek studied the NIST CSF […]

The Minnesota Department of Human Services (DHS) received another report of a phishing attack that resulted to the compromise of an employee’s email account. This security breach transpired on or before March 26, 2018. This […]

Massachusetts Baystate Health had a phishing attack which impacted the protected health information (PHI) of 12,000 patients. A few employees had their email accounts compromised between February 7 to March 7, 2019. When Baystate Health […]

A phishing attack on Palmetto Health, which is now called Prisma Health, allowed unauthorized persons to access several email accounts. Palmetto Health employees received email messages that have a malicious hyperlink. When the employees clicked […]

Amazon announced a new service that allows healthcare professionals to de-identify medical images by automatically removing any identifying protected health information (PHI) presented in the images. Pictures taken in medical settings often contain personally identifiable […]

A group of 81 female patients of Sharp HealthCare and Sharp Grossmont Hospital have filed a lawsuit against the facility for severe breaches in patient privacy. The lawsuit alleges that the hospital secretly recorded video […]

The number of health and fitness apps and devices has exploded in recent years. These technologies offer the user assistance in achieving a healthier lifestyle by offering personalised guidance or helping the user track any […]

A patient who found her discovered that her private medical information was available on social media platforms is suing the Northwestern Medicine Regional Medical Group for PHI exposure. Earlier this month, Gina Graziano discovered that […]

UCLA Health has settled a class action lawsuit filed by victims of a 2014 data breach for $7.5 million. The UCLA Health breach was one of the largest data breaches in history. Hackers accessed the […]

Beazley Breach Response Services have released a new report indicating that 71% of ransomware attacks target small and medium businesses (SMBs). Ransomware is malware variant which denies the user access to their device, or individual […]

Security researchers have identified two vulnerabilities in the Conexus telemetry protocol used by Medtronic MyCarelink monitors, CareLink monitors, CareLink 2090 programmers, and 17 implanted cardiac devices. One vulnerability is rated as ‘critical’, and the other […]

The University of Washington is alerting nearly a million patients of a data breach that resulted in unauthorised individuals being able to access their protected health information (PHI) through search engines online. The error was […]

Senator Gary Farmer (D-FL) and Representative Bobby DuBose (D-FL) have proposed new bills concerning consumers’ data privacy rights over their biometric data. The Florida Biometric Information Privacy Act aims to “establish requirements and restrictions on […]

Sharecare Health Data Services has reported that an unauthorised individual gained access to sensitive information stored in their systems. Sharecare Health Data Services (SHDS), based in San Diego, provides secure electronic exchange and medical records […]

The 2019 edition of the Verizon Mobile Security Index has been released, showing the significant risk that mobile device breaches pose to the healthcare industry. The report surveyed eight industry sectors to assess the data […]

Columbia Surgical Specialists have announced a ransomware attack on their facility has potentially compromised the PHI of up to 400,000 patients. Columbia Surgical Specialists (CSS), based in Spokane, Washington, discovered the attack on January 9, […]

Senator Catherine Cortex Masto (D-NV) has introduced a new bill which aims to tackle concerns consumers face about the collection and use of their data. Senator Catherine Cortex Masto’s “Data Privacy Act” calls for organisations […]

Kentucky Counselling Center has announced that a data breach has resulted in the exposure of 16,440 patient data files.  On January 4, 2019, a former employee notified Kentucky Counselling Center (KCC) that they had received […]

Rutland Medical Center has announced it has experienced a data breach after an unauthorised individual gained access to the email accounts of several employees. An employee of Rutland Medical Center noticed the breach after realising […]

UConn Health has announced that a recent phishing attack has compromised approximately 326,000 patient files.  UConn Health is the branch of the University of Connecticut that oversees clinical care, advanced biomedical research, and academic education […]

Drupal has released an update which corrects a critical vulnerability in the Drupal CMS.  Drupal is a free and open-source content management framework and provides the back-end framework for approximately 2.3% of websites worldwide.  The […]

The National Cybersecurity Center of Excellence (NCCoE) has released a guide to mobile device security. The guide entitled NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds provides practical advice for organisations looking to […]

Researchers at Carbon Black have identified a new Shlayer malware variant that targets Mac computers running MacOS versions 10.10.5 to 10.14.3. The researchers first identified the OrA new Shlayer malware variant a year ago. Mac […]

The Oregon Health Information Property Act proposes that individuals may give permission to their healthcare providers to sell their health data and receive financial compensation from the transaction.   Democrat Senator Floyd Prozanski proposed Senate […]

A new Business Email Compromise (BEC) attack targeting high-level executives has been identified. BEC campaigns are a form of phishing attack in which the cybercriminal impersonates a high-ranking member of an organisation, such as CEO […]

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an alert about vulnerabilities found in the IDenticard PremiSys access control system. ICS-CERT, a governmental organisation that works to reduce the risk of cybercrime […]

Aetna has agreed to pay the California Attorney General $935,000 for a 2017 breach which resulted in the exposure of the HIV status of 1,991 Californian residents. In July 2017, Aetna, a health insurer based […]

The Supreme Court of Illinois has issued a new ruling which allows individuals whose privacy has been violated through a breach of the Illinois Biometric Information Privacy Act to take legal action against a private […]

The Governor of Massachusetts has signed in a new law that updates the state’s existing data breach laws. Massachusetts Governor Charlie Baker signed the law, named “An Act relative to consumer protection from security breaches” […]

A Georgia-based paediatric cardiologist was sentenced to 6 months’ probation after pleading guilty to violating HIPAA legislation by disclosing patient PHI to an unauthorised organisation. Dr Eduardo Montana, 55, plead guilty at the Department of […]

An alert has been issued to IT service providers and their customers about an increase in Chinese malicious cyber activity. The warning was issued by Department of Homeland Security (DHS) United States Computer Emergency Readiness […]

The results of an investigation into a data breach at SingHealth, Singapore’s largest health network, highlight the importance of even the most basic cybersecurity practices for organisations across the globe. The data breach at SingHealth […]

A cybersecurity blog has reported that a new vishing scam in which the scammer pretends to be an employee of Apple Inc. has been uncovered. Vishing is a less common form of phishing attack. The […]

Microsoft has issued patches for 51 vulnerabilities this January 2019 Patch Tuesday. Of the vulnerabilities, 7 were rated critical. Unlike the four preceding months, none vulnerabilities were identified as being actively exploited in the wild. […]

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a critically important piece of legislation created to introduce minimum security and privacy standards in the healthcare industry. HIPAA is a federal law, organisations […]

The San Diego Unified School District has announced that a phishing attack on its network has affected more than half a million of its staff and current and former students. The San Diego Unified School […]

The Clearwater CyberIntelligence Institute (CCI) has announce that it has identified the three most critical cybersecurity risks facing the organisations in the healthcare industry. CCI, part of Clearwater Compliance, a leading healthcare cyber risk management […]

Patients affected by a data security incident at LifeBridge Health in March 2018 have filed a lawsuit against the facility. LifeBridge Health, a nonprofit healthcare corporation in Baltimore, Maryland, discovered that malware had infected one […]

The United States Senate has introduced a bill that would introduce new protections for the personal information of individuals online. The bill, entitled the Data Care Act, was proposed by Sen. Brian Schatz (D-HI) on […]

The University of Vermont Health Network has revealed that a data security incident at the facility has affected approximately 32,000 patients. The breach was discovered on October 18, 2018. An unauthorised third-party had gained access […]

IntSights, a security threat intelligence services reviewer, has released a recent study entitled “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry”. The report highlights how easily accessible huge amounts of healthcare data […]

The University of Maryland Medical System has recently announced that it has been the victim of a malware attack on its network. The University of Maryland Medical System is a private, not-for-profit corporation that operates […]

The Attorney Generals of a dozen states have filed a lawsuit against Medical Informatics Engineering, a healthcare software and systems developer and NoMoreClipboard, an electronic platform for personal health records. The lawsuit is over the […]

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of its Easy EHR Issues Reporting Challenge. ONC is a federal entity that coordinates […]

Allergy Associates of Hartford, P.C. (Allergy Associates) has agreed to pay a fine of $125,000 to the Office of Health and Human Services’ Office for Civil Rights to settle alleged violations of the Health Insurance Portability […]

The U.S. Department of Justice has released an update on the investigation of the threat actors behind the SamSam ransomware attacks. SamSam ransomware is a custom infection used in targeted attacks against the healthcare industry […]

The American Medical Informatics Association (AMIA), a non-profit organisation dedicated to developing biomedical and health informatics to improve patient care, recently called on the Trump administration to reform data privacy rules in order to better […]

Researchers at Michigan State University and John Hopkins University have released a report containing their analysis of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) between October […]

The Cybersecurity and Infrastructure Security Agency Act has been passed by unanimously by Congress on November 13, 2018.  The new legislation will allow the U.S. Department of Homeland Security will be forming a new agency […]

This week, the Centers for Medicare and Medicaid (CMS) has announced an update on the recent HealthCare.gov website breach. Last month, hackers gained access to a health insurance system that interacts with the HealthCare.gov website. […]

Inova Health System, a non-profit health organisation based in Falls Church, Virginia, has announced that it has experienced a data breach. The protected health information (PHI) of over 12,000 of its patients may have been […]

Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of […]

A North Carolina medical center has announced that a phishing attack on its systems has resulted in the protected health information (PHI) of up to 20,000 being compromised.  Catawba Valley Medical Center (CVMC), based in […]

The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is […]

September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of […]

The Centers for Medicaid & Medicare Services (CMS) has announced that it was recently the victim of a cyberattack that has resulted in approximately 75,000 consumer records being accessed by unauthorised individuals.  On October 13 […]

The U.S. Food and Drug Administration (FDA) released an advise about the vulnerabilities of a number of Medtronic implantable cardiac device programmers that hackers can potentially exploit enabling them to alter the programmer’s functionality when […]

Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker […]

Michigan Medicine is sending notification letters to 3,600 patients regarding the impermissible disclosure of some of their protected health information (PHI). The Michigan Medicine Development Office conducted a fundraising project and mailed letters to a […]

Lambda Legal filed a legal case for a data breach victim who, together with 92 lower-income HIV positive individuals, had their highly sensitive protected health information (PHI) stolen by unauthorized people from the California AIDS […]

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its […]

A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the […]

Gold Coast Health Plan located in Camarillo, CA told its 37,000 plan members that cyber attackers potentially accessed some of their protected health information (PHI) because one of its employees’ email account was compromised. The […]

The ECRI Institute is a non-profit company that studies new techniques to enhance patient care. It has recently published an annual list that includes the top 10 Health Technology Hazards for 2019. The goal of […]

Phishing is one of the leading causes of healthcare data breaches. Phishers are able to access healthcare data from email accounts. In many incidents, those email accounts contain considerable volumes of highly sensitive protected health […]

AggregateIQ is an analytics company based in Canada that acted for the Vote Leave campaign. The Information Commissioner’s Office (ICO) issued the first UK GDPR notice to AggregateIQ in connection with business executed in that […]

Claxton-Hepburn Medical Center, which is a not-for-profit community hospital based in Ogdensburg, New York, terminated several employees because they accessed patient medical records even though they do not have authorization to do so. The hospital […]

Ohio Living, which is a firm providing life plan communities and home health services, discovered that an unauthorized individual accessed some of its employees’ email accounts. On July 10, 2018, Ohio Living noticed the suspicious […]

In April 2018, a 65-year old former gynecologist named Rita Luthra from Massachusetts, Longmeadow, was charged with criminal violation of the HIPAA Privacy Rule and federal investigation obstruction. In September 19, 2018, the judge announced […]

The Massachusetts attorney general fined UMass Memorial Health Care the amount of $230,000 for its HIPAA violations with respect to two data breaches which compromised the protected health information (PHI) of over 15,000 state locals. […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) fined three hospitals the amount of $999,000 for allowing an ABC film crew to shoot a video footage of patients for its Boston […]

In June 2018, the California Consumer Privacy Act (CCPA) has been passed by the California legislature and thus important changes on how the state law safeguards consumer privacy are expected. The new consumer privacy protections […]

The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report that is saying the Food and Drug Administration (FDA) must study medical equipment cybersecurity controls more carefully and more […]

The HHS’ Centers for Medicare and Medicaid Services (CMS) investigated Fairview Southdale Hospital, which is located in Edina, MN, because of a supposed patient privacy violation. It was found out that during the psychiatric evaluations […]

The Fetal Diagnostic Institute of the Pacific (FDIP) based in Honolulu, Hawaii was attacked by ransomware on June 30, 2018. This resulted to the installation of a file-encrypting software on a server, which encrypted different […]

On September 12, 2018, President Trump approved the declaration of a federal emergency in the state of Virginia. FEMA resources were also made available to the state. Secretary Alex Azar of the U.S. Department of […]

The National Institute of Standards and Technology (NIST) published a Cybersecurity Framework in 2014 to help private companies in assessing their security policies and improving their ability to stop, identify, and respond to cyberattacks. Figures […]

From October 3, 2018, Apple App Store is going to enforce a new privacy policy regulation that app developers are required to tell users what they do with the collected personal data; how they protect […]

The New Mexico Department of Health is checking why the personal health documents of a number of of its patients fell off a truck while being transported from the facility to the safe storage location. […]

NTT Security’s new report showed that 66% of UK’s senior officers confirmed that their organizations are not ready to cover adequately the fiscal effect of data loss in the event of a data breach. This […]

The New York Attorney General fined the Arc of Erie County with $200,000 for Violating HIPAA Rules as a result of failing to safeguard its customers’ electronic protected health information (ePHI). The Arc of Erie […]

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a statement concerning nine vulnerabilities identified in Philips healthcare products upon the Amsterdam-based technology firm statement of the matter to the […]

There is a code weakness found in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS) that allows an attacker to get administrator privileges and remotely make changes to the code. The Qualcomm Life Capsule’s DTS is […]

Missouri Care made an error in a sending letters to a number of plan members reminding them to schedule well-child visits. Because of the error, the personal data of around 20,000 children was inadvertently exposed […]

Authentic Recovery Center is a drug and alcohol treatment center located in West Los Angeles that had lately encountered a phishing attack causing the possible access of personally identifiable information (PII) and protected health information […]

Dennis and Wayne Russell’s adopted two-year old boy named Keon passed away as a result of accidentally drowning. Soon after the boy was brought to McAlester Regional Health Center, they got a telephone call from […]

Central Colorado Dermatology (CCD) advised around 4,000 patients that hackers possibly viewed some of their protected health information (PHI) due to a ransomware attack on its information system. An unauthorized person obtained access to CCD’s […]

The Gordon Schanzlin New Vision Institute found in La Jolla, CA, notified thousands of patients about the stealing of their healthcare information after records that contains protected health information (PHI) were found to be in […]

In spite of many communication strategies available, healthcare providers still frequently use faxes for communicating. Some estimates propose as much as 75% of all communications take place by means of fax in the healthcare sector. […]

The Anti-Phishing Working Group issued its Phishing Activity Trends Report for Q1 2018 that indicates there was a significant rise in unique phishing webpages found in the first couple of months of 2018 in comparison […]

The healthcare records of over 17,000 patients were compromised in two healthcare data breaches in Massachusetts and Oregon. Lane County Health and Human Services located in Oregon has informed over 700 patients about the loss […]

In the last year, the quantity of email data breach reports progressively went up. The Beazley Breach Insights Report July edition said that 23% of all data breaches documented by BBR (Beazley Breach Response) in […]

On July 22, Alex Azar, The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), stated during an address that the HHS is preparing for various changes to the health privacy regulations […]

For the first quarter of 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 77 reports of healthcare data breaches. Over one million patients and health plan members were affected […]