Recent HIPAA News

The HHS’ Office for Civil Rights (OCR) is moving forward with its efforts to catch healthcare companies that fail to provide patients with prompt access to their healthcare records. OCR recently announced a settlement reached [...]

The Federal Bureau of Investigation (FBI) published a Private Industry Advisory regarding the growing number of cases of Egregor ransomware attacks. This ransomware-as-a-service operation was first discovered in September 2020. The attackers behind the Egregor [...]

An email security breach at LSU Health University Medical Center-New Orleans led to the probable exposure of the protected health information (PHI) of some patients. LSU Health New Orleans Health Care Services Division earlier announced [...]

Custom Internet Services LLC based in Winfield, KS provides Information Technology solutions to small- and medium-sized companies and institutions. It recently received a certification from Compliancy Group confirming that it has implemented an appropriate HIPAA [...]

Prestera Center for Mental Health Services, West Virginia’s biggest behavioral health services provider, became aware that an unauthorized person potentially obtained access to the protected health information (PHI) of a small number of its present [...]

Compliancy Group has certified Brightside Behavioral Health based in Warwick, Rhode Island to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) after implementing an efficient HIPAA compliance plan. Brightside Behavioral Health [...]

Compliancy Group has certified that Miiskin has achieved Health Insurance Portability and Accountability Act (HIPAA) compliance after completing all required steps to follow the HIPAA rules. Miiskin is a provider of an application and teledermatology [...]

In the fall of 2020, CISA, FBI, and HHS cybersecurity gave a joint advisory to the healthcare and public health industry subsequent to a surge in ransomware activity. The joint notice discussed that attackers are [...]

2020 was the most awful ever year when it comes to healthcare industry data breaches. There were 616 data breaches involving 500 or more health records documented by the HHS’ Office for Civil Rights. Those [...]

The U.S. National Security Agency (NSA) issued a cybersecurity advisory concerning the activity of Russian state-sponsored hacking groups targeting a vulnerability found in VMWare virtual workspaces that is used for performing remote work. The vulnerability [...]

The Department of Health and Human Services’ Office for Civil Rights has released a new Health Insurance Portability and Accountability Act (HIPAA) Rules guidance to tackle the issue of disclosing protected health information (PHI) to [...]

Atlantic.net in Orlando, Florida made statements concerning big changes that will help improve its performance, make its billing more accurate, and allow it to deliver better overall customer assistance. The hosting provider currently provides its [...]

The DHS’ Cybersecurity and infrastructure Security Agency has created a website offering information about the current cyber activities of the advanced persistent threat (APT) gang behind the compromise of the SolarWinds Orion software supply chain. [...]

Compliancy Group has certified that KeyReply, an enterprise SaaS AI chatbot software company, has integrated an appropriate HIPAA compliance program. KeyReply offers a web- and on-premise chatbot and conversational AI tool for the medical care [...]

The number of healthcare data breaches reported dropped again last November; however, take note that the number of reported breaches in October 2020 was thrice the average monthly number mostly because of the ransomware attack [...]

The Department of Health and Human Services’ Office for Civil Rights has publicized its 2016-2017 HIPAA Audits Industry Report, featuring areas where HIPAA-covered entities and their business associates are complying or unable to abide with [...]

Jacksonville Children’s and Multispecialty Clinic (JCMC) is now certified as fully HIPAA compliant after completing Compliancy Group’s established HIPAA compliance system. JCMC is operating a number of clinics in the counties of Onslow, New Hanover [...]

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has issued final guidance for healthcare delivery companies on securing the Picture Archiving and Communication System (PACS) ecosystem. PACS [...]

The Federal Bureau of Investigation (FBI) has released a private industry notice regarding the increasing DoppelPaymer ransomware activity and the threat actors’ change in strategy to compel victims into paying the ransom. DoppelPaymer ransomware first [...]

Cedar Springs Hospital based in Colorado Springs, CO is informing some patients regarding the loss of a portable storage unit that had their protected health information (PHI) last October 2020. The hospital gave a copy [...]

Horizon Information Systems, Inc based in Johnstown, PA, a software solutions developer serving human service and community action organizations, has received its Health Insurance Portability and Accountability Act (HIPAA) compliance approval from the Compliancy Group. [...]

Twitter is penalized with €450,000 ($544,600) for violating the EU’s General Data Protection Regulation (GDPR). The Data Protection Commission (DPC) in Ireland issued the fine in connection with Twitter’s privacy breach report to the DPC [...]

The House Energy and Commerce Committee passed a new bill (HR 7988), which tries to change the HITECH Act to necessitate the Department of Health and Human Services to identify whether or not HIPAA-covered entities [...]

A phishing attack on Tufts Health Plan resulted in the compromise of the protected health information (PHI) of 60,545 members’ of EyeMed, a vision benefits management company. EyeMed uncovered the phishing attack on July 1, [...]

GBMC HealthCare located in Towson, MD reported a ransomware attack that happened on December 6, 2020 causing the taking down of its computer network. The healthcare company currently implements EHR downtime protocols while it controls [...]

Dental Care Alliance, LLC based in Sarasota, FL, a dental support provider with more than 320 affiliated dental practices in 20 states, was hacked and potentially compromising the protected health information (PHI) of over a [...]

Rave Mobile Safety has announced a COVID-19 Vaccine Distribution Option that will enable public health agencies to determine persons who must have priority vaccination, customize alerts to these individuals, provide reminders for second vaccinations, and [...]

Montefiore Medical Center and Mercy Health have reported insider data breaches in the past few days. In both breaches, an employee accessed patient information even if there was no valid work reason for doing so. [...]

Kalispell Regional Healthcare based in Montana has offered a $4.2 million settlement deal to take care of a lawsuit filed on behalf of victims associated with a data breach that was reported in October 2019. [...]

Researchers at Ben-Gurion University in Israel talked about a potential bioterrorist attack that could jeopardize the synthetic DNA supply chain. DNA synthesis providers may be misled into creating unsafe DNA sequences, skipping present security controls, [...]

Four vulnerabilities were identified in the OpenClinic software, the most critical of which could possibly permit unauthorized people to get around authentication and access protected health information (PHI). A lot of private clinics, hospitals, and [...]

University of Minnesota Physicians recently experienced a phishing attack that permitted unauthorized people to obtain access to two workers’ email accounts. One email account was accessible from January 30 to January 31, 2020 and the [...]

AspenPointe based in Colorado Springs, a provider of mental health and behavioral health services, has reported a cyberattack in September 2020 that resulted in the potential compromise of patient information. Because of the attack, the [...]

Compliancy Group has certified Easy Way Delivery Services as Health Insurance Portability and Accountability Act (HIPAA) compliant after demonstrating it has effectively complied with its requirements. The HIPAA Seal of Compliance was awarded to Easy [...]

A recent private industry alert from the Federal Bureau of Investigation (FBI) revealed that threat actors that use Ragnar Locker ransomware have increased their attacks and have been choosing businesses and organizations in different sectors [...]

OCR imposed more financial penalties on HIPAA covered entities and business associates this 2020 than any year since OCR got authorized by the HIPAA Enforcement Rule to issue financial penalties on non-complying entities. As of [...]

The number of reported data breaches to OCR for October is well above average. It was 33.68% less than September’s with 63 reported breaches involving 500 or more records, but it was still 41.82% above [...]

The Compliancy Group has certified Daisee, a speech and sentiment analytics software company, as having an efficient HIPAA compliance program. Daisee is an acronym that stands for Deep Artificial Intelligence for Enterprise Ecosystem. The company [...]

The biggest eyewear business in the world, Luxottica, had a cyberattack that affected several websites managed by the company. Luxottica is the owner of the popular eyewear brands Persol, Ray-Ban, and Oakley. It produces designer [...]

Office 365 users have been cautioned regarding a continuous phishing campaign that collects user credentials. The attackers utilize sophisticated strategies to circumvent email security defenses and social engineering techniques to trick company personnel into going [...]

According to Microsoft, Advanced Persistent Threat (APT) groups in North Korea and Russia are directing attacks on companies engaged in COVID-19 research and vaccine development. Three APT groups have targeted six big pharmaceutical companies and [...]

A phishing attack affected the Department of Human Services, North Dakota Department of Health, Cavalier County Health District, and other state departments that resulted in the compromise of employee email accounts from November 23 to [...]

A ransomware attack on First Impressions Orthodontics, a Professional Dental Alliance of Connecticut PLLC’s subsidiary, occurred on September 28, 2020 that resulted in the potential compromise of the protected health information (PHI) of 23,000 patients. [...]

The BD Alaris PC Unit identified a medium severity vulnerability that could be exploited to bring about a denial of service attack and a drop in wireless capacity. Medigate discovered the vulnerability and reported it [...]

The TrickBot botnet is being used to conduct a new phishing campaign that delivers the Buer loader and Bazar backdoor malware. Researchers at Area 1 Security detected the campaign that has been operating since early [...]

RevoluIT based in Frankfort, IL is an IT and small business consulting company serving the healthcare industry was certified as compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) after taking [...]

Ransom Demands Continue to Increase The Coverware Quarterly Ransomware report for Q3 2020 reveals that the average ransom demand progressively increased during the last 8 quarters, though the quarterly growth was more significant every quarter [...]

Coveware has published its Quarterly Ransomware report for the third quarter of 2020 and featured the hottest ransomware attack developments. The report notes that data exfiltration before deploying the ransomware remains a well-liked tactic. About [...]