Recent HIPAA News

A ransomware attack on Owens Ear Center based in Fort Worth, Texas happened on May 28, 2020 that caused encryption of patient information. The encrypted device comprised patients’ healthcare records that enclosed data like names, [...]

Compliancy Group certified that Nanodropper Inc., a medical device firm, has put in place an appropriate HIPAA compliance program and has exhibited compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security, Privacy, Omnibus, [...]

Compliancy Group has certified that New Dimensions Therapeutic Alliances based in Southern California successfully carried out its exclusive 6-Stage HIPAA Risk Analysis and remediation process, which confirmed its implementation of a reliable HIPAA compliance program. [...]

The healthcare system FHN based in Freeport, IL is sending notifications to some patients that an unauthorized individual has potentially accessed several employees’ email accounts from February 12 to February 13, 2020 resulting in the [...]

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a high priority advisory to warn businesses of the threat of cyberattacks that use the Taidoor malware, which is a remote access Trojan [...]

One more pharmacy chain made an announcement that looters stole the protected health information (PHI) of some of its customers in late May during a time of civil unrest. Between May 27 to May 30, [...]

The clear decline in healthcare data breaches observed in May turned out to be temporary, with June having a big increase in data breaches. June had 52 breach reports submitted by HIPAA covered entities as [...]

There was a vulnerability discovered in the Philips DreamMapper software program, which is a mobile application used to keep track of and take care of sleep apnea. The application is not for providing treatment to [...]

A significant amount of proof shows that nation-state hacking groups are concentrating on attacking institutions engaged in COVID-19 study and vaccine development to steal data for the research programs in their own countries. In the [...]

This week, the Federal Bureau of Investigation (FBI) released a (TLP:WHITE) FLASH advisory subsequent to a rise in attacks that involve the NetWalker ransomware. NetWalker is a fairly new ransomware risk that was identified in [...]

CVS Pharmacy is notifying some patients about the loss of some of their private data and protected health information (PHI) after a number of incidents took place at its pharmacies from May 27, 2020 to [...]

MarineXchange Software GmbH is now HIPAA compliant after successfully completing the 6-stage HIPAA risk analysis and remediation process of the Compliancy Group. MarineXchange is the developer of the cruise industry’s only business software platform. MXP365 [...]

The U.S. Department of Justice (DOJ) indicted two Chinese nationals for hacking US firms and government institutions to steal sensitive data, which include COVID-19 research information. Allegedly, the hackers were operating under the command of [...]

Cybercriminals are exploiting the latest integrated network procedures to do increased damaging DDoS attacks on US systems. Three network procedures were created to be used in devices like mobile phones, IoT devices nd Macs, which [...]

The Federal judge dismissed the lawsuit filed versus Sarrell Regional Dental Center for Public Health Inc. because of a ransomware attack in July 2019 as a result of insufficient standing. Sarrell had recovered from the [...]

The cybersecurity company Emsisoft based in New Zealand has published its ransomware statistics for 2020 that show there were at least 41 successful ransomware attacks on hospitals and other healthcare providers in the first half [...]

The CVSS v3 base rating of vulnerability CVE-2019-5024 is 7.6 out of 10. This vulnerability was observed in Capsule Technologies SmartLinx Neuron 2 medical data collection devices using software program version 6.9.1. SmartLinx Neuron 2 [...]

Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020. Third-party cybersecurity specialists assisted with the investigation to ascertain whether [...]

The radiology practice Quantum Imaging and Therapeutic Associates in Pennsylvania announced that there were reports received regarding the non-physician personnel who allegedly shared with a Facebook group an x-ray photo of a male patient’s genitalia. [...]

The Central California Alliance for Health found out that an unauthorized individual acquired access to several employees’ email accounts and possibly viewed or duplicated information in emails and file attachments. The healthcare provider detected the [...]

A growing number of healthcare companies are confronted with legal action mainly because a ransomware attack had led to patient data theft. The Florida Orthopedic Institute in Florida, which is a big orthopedic provider, recently [...]

Benefit Recovery Specialists, Inc., a billing and collection firm located in Houston, TX, reported finding malware on its networks, and unauthorized persons may have accessed some protected health information (PHI). BRSI as a business associate [...]

Compliancy Group has declared that Optimum Behavioral Care, Inc. doing business as Frank Morelli, LMHC, has an efficient HIPAA compliance program in place and has confirmed its conformity to the Health Insurance Portability and Accountability [...]

The FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) issued a joint advisory recently regarding cybercriminals using The Onion Router (Tor) in their attacks. The U.S. Navy developed the Tor as a free, open-source [...]

TigerConnect, the most extensively used care team collaboration option, was acknowledged by KLAS and ranked among the leading systems in the KLAS Clinical Communications 2020 Advanced User Insights report. KLAS is a medical care IT [...]

Several vulnerabilities were identified in the Apache Guacamole remote access system. Lots of companies employed Apache Guacamole to let administrators and employees access Windows and Linux devices remotely. The system became well-known during the COVID-19 [...]

The U.S. National Security Agency (NSA) has released guidance to assist companies in securing IP Security (IPsec) Virtual Private Networks (VPNs) that are employed to permit employees to securely link to corporate networks to do [...]

Healthcare Fiscal Management Inc. (HFMI) based in Wilmington, NC provides hospitals, physician groups and clinics with self-pay conversion and insurance eligibility services. HFMI encountered a ransomware attack that resulted in the exposure of the personal [...]

OpenClinic GA has 12 vulnerabilities identified in its open-source integrated hospital information management system. Numerous hospitals and clinics use OpenClinic GA for managing financial, administrative, clinical, laboratory and pharmacy workflows. It is also used for medical [...]

On July 1, 2020, implementation of the California Consumer Privacy Act (CCPA) of 2018 started. The CCPA was already effective starting on January 1, 2020, however, all businesses covered by the Act were granted a [...]

Philips found an authentication bypass issue affecting Philips Ultrasound Systems. An attacker can potentially manipulate this problem to access or modify data. The vulnerability is set off by the existence of an optional path or [...]

May 2020 had a noticeable drop in the reports of healthcare data breaches as 28 data breaches involving 500 or more records were submitted to the HHS’ Office for Civil Rights. This number is the [...]

Compliancy Group has declared that primary care clinic Princeton Internal Medicine and Geriatrics in Princeton, NJ has put in place a reliable HIPAA compliance program. That means Princeton Internal Medicine and Geriatrics complies with the [...]

American Medical Technologies based in Irvine, CA, a provider of wound care solutions and medical supplies, reported that an unauthorized person accessed the email account of an employee and most likely viewed and copied the [...]

Sunrise Treatment Center located in Cincinnati, OH is notifying 3,660 patients about the potential unauthorized access of some of their protected health information (PHI) contained in an employee’s email account. The breach happened on February [...]

Compliancy Group has declared that the information technology consulting company MAD Technology Solutions, LLC based in Dauphin, PA as HIPAA compliant. It was confirmed that MAD Technology Solutions has taken all required steps to make [...]

The Senate Health, Education, Labor, and Pensions (HELP) Committee is thinking about what must be retained of the 31 latest changes to telehealth policies once the COVID-19 national public health crisis ends. The interim modifications [...]

On June 16, 2020, The National Association of Attorneys General (NAAG) sent a letter to Apple and Google to communicate issues regarding consumer privacy connected to COVID-19 contact tracing along with exposure notification programs. NAAG [...]

There were 19 zero-day vulnerabilities identified in the TCP/IP communication software library that Treck Inc. developed. Innumerable connected devices throughout practically all industry sectors, which include healthcare, were affected. Treck is a company based in [...]

Cano Health, a population health management company and healthcare provider based in Florida, discovered that an unauthorized person accessed the email accounts of three employees by setting up a mail forwarder the email accounts and [...]

A chatbot and telehealth startup based in the UK has experienced a humiliating privacy breach this week. Babylon Health created a telehealth app that general practitioners may use for virtual sessions with patients. The app [...]

There is an upcoming virtual event to be hosted on June 23, 2020 to assist managed service providers (MSPs) in facing the obstacles of operations during these difficult times. COVID-19 has compelled companies in all [...]

A warning issued by the DHS Cybersecurity and Infrastructure Security Agency (CISA) stated that there is a functional proof of concept (PoC) exploit associated with a critical remote code execution vulnerability identified in the Microsoft [...]

The Everett & Hurite Ophthalmic Association (EHOA) refers to a group of ophthalmology experts offering their services in Pittsburgh & Warrendale, PA. EHOA discovered an unauthorized person had accessed the email account of an employee [...]

The Commonwealth of Kentucky Personnel Cabinet has reported two data breaches that happened from late April to Early May. Because of the attacks, the protected health information (PHI) of about 1,000 members of the Kentucky [...]

St Joseph Health System in North Central Indiana is sending notifications to patients regarding the exposure of some of their protected health information (PHI) due to unauthorized viewing. The breach did not occur at St [...]

InterlinkONE Inc based in Boston provides cloud marketing and digital asset and order management software solutions. Recently, the Compliancy Group, the biggest HIPAA compliance training and software provider in the U.S., confirmed that InterlinkONE has [...]