Recent HIPAA News

A recent joint cybersecurity alert published by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that a hacking group connected to the Iranian government was detected exploiting [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the newly released version of its tool for Security Risk Assessment (SRA). The Office of the National Coordinator for Health Information Technology [...]

Inova Health System in Falls Church, VA is one of the healthcare companies that lately confirmed the impact of the Blackbaud ransomware attack on its company. The information contained in a backup donor database included [...]

A Federal judge dismissed a potential class-action lawsuit that was filed in June 2019 against UChicago Medicine, the University of Chicago, and Google. The lawsuit was a response to an alleged breach of HIPAA Rules [...]

Compliancy Group has certified MeDLiTE Inc. as HIPAA-compliant after satisfactorily meeting all Health Insurance Portability and Accountability Act (HIPAA) requirements. MeDLite is a full-service medical billing firm based in Hackensack, NJ. MeDLiTE has been in [...]

The Baton Rouge Clinic located in Louisiana suffered a cyberattack at the beginning of July that made its email and phone system inaccessible and constrained its laboratory and radiology services. The ransomware attack caused systems [...]

The National Insider Threat Awareness Month (NITAM) is being observed this September 2020 for the second time. The whole month, resources are being made accessible to point out the value of discovering, blocking, and reporting [...]

Recently, the Center for Democracy and Technology (CDT) and the eHealth Initiative & Foundation (eHI) issued a draft of a consumer privacy framework for health data to deal with the loopholes in legal protections for [...]

There is a growing number of healthcare providers that are confirmed to have experienced a data breach as a result of the Blackbaud ransomware attack. Four more healthcare providers sent breach notification reports in the [...]

Northwestern Memorial HealthCare has reported the potential exposure of the personal data of persons who donated to Northwestern Memorial HealthCare in the past due to a Blackbaud ransomware attack fairly recently. An unauthorized man or [...]

Paramount Counseling Services (PCS) based in Whitefish Bay, WI, a mental health agency providing counseling and psychotherapy services to outpatients, has proven its compliance with the requirements of the Health Information Portability and Accountability Act [...]

The Society for Imaging Informatics in Medicine, the American College of Radiology, and the Radiological Society of North America published an advisory with regards to online medical presentations and the possibility of inadvertent exposure of [...]

The Secretary Alex Azar of the HHS has a public health emergency declared in the states of Texas and Louisiana because of Hurricane Laura, and in California because of the continuing wildfires. HIPAA Rules continue [...]

In 2019, Heritage Valley Health System in Beaver, PA filed a case against Nuance Communications in relation to the 2017 NotPetya malware attack. The case was dismissed by a federal judge in the US District [...]

A cyberattack on Dynasplint Systems in Severna Park, MD resulted in the potential access or theft of personal and protected health information (PHI). The company  manufactures proprietary stretching gadgets for enhancing joint motion. The security [...]

In June 2020, the web servers of Netsential based in Houston, TX was hacked resulting in the theft of roughly 270 gigabytes of information. The hacking group Distributed Denial of Secrets (DDoSecrets) published the stolen [...]

A group of researchers from Harvard University investigated the technologies being used in COVID-19 home monitoring. A variety of technologies were created to cut down the possibility of being exposed to SARS-CoV-2 and diagnose signs [...]

HEOPS Inc. together with its subsidiary CENTIPEDE Care Solutions LLC had finished the 6-stage HIPAA risk analysis and remediation process of Compliancy Group and had shown that they have a reliable HIPAA compliance program in [...]

There were two critical vulnerabilities discovered in XenMobile Server / Citrix Endpoint Management (CEM). An unauthenticated attacker may exploit the vulnerabilities tracked as CVE-2020-8208 and CVE-2020-8209 to get access to the credentials of a domain [...]

Technology and security consultant Jeremiah Fowler announced that the personal and health information of about 2.5 million patients were exposed on the internet. On July 7, 2020, two folders that contain the information were found [...]

July had a big decrease in the amount of data breach reports involving at least 500 healthcare records. July had 36 data breach reports, which was 30.8% month-over-month less than June’s 52 breach reports. But [...]

A database that contains the personal data of over 3.1 million patients was exposed on the internet and was eventually wiped out by the Meow bot. A security researcher named Volodymyr ‘Bob’ Diachenko found the [...]

Behavioral Health Network (BHN), the biggest provider of behavioral health service in Western Massachusetts, has reported a malware attack on its computer systems which made its files inaccessible. BHN discovered the security breach on May [...]

A phishing attack on the University of Maryland Faculty Physicians, Inc. (FPI) potentially resulted in the access of the protected health information (PHI) of the University of Maryland Medical Center (UMMC) patients by unauthorized people. [...]

A ransomware attack on Owens Ear Center based in Fort Worth, Texas happened on May 28, 2020 that caused encryption of patient information. The encrypted device comprised patients’ healthcare records that enclosed data like names, [...]

Compliancy Group certified that Nanodropper Inc., a medical device firm, has put in place an appropriate HIPAA compliance program and has exhibited compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security, Privacy, Omnibus, [...]

Compliancy Group has certified that New Dimensions Therapeutic Alliances based in Southern California successfully carried out its exclusive 6-Stage HIPAA Risk Analysis and remediation process, which confirmed its implementation of a reliable HIPAA compliance program. [...]

The healthcare system FHN based in Freeport, IL is sending notifications to some patients that an unauthorized individual has potentially accessed several employees’ email accounts from February 12 to February 13, 2020 resulting in the [...]

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a high priority advisory to warn businesses of the threat of cyberattacks that use the Taidoor malware, which is a remote access Trojan [...]

One more pharmacy chain made an announcement that looters stole the protected health information (PHI) of some of its customers in late May during a time of civil unrest. Between May 27 to May 30, [...]

The clear decline in healthcare data breaches observed in May turned out to be temporary, with June having a big increase in data breaches. June had 52 breach reports submitted by HIPAA covered entities as [...]

There was a vulnerability discovered in the Philips DreamMapper software program, which is a mobile application used to keep track of and take care of sleep apnea. The application is not for providing treatment to [...]

A significant amount of proof shows that nation-state hacking groups are concentrating on attacking institutions engaged in COVID-19 study and vaccine development to steal data for the research programs in their own countries. In the [...]

This week, the Federal Bureau of Investigation (FBI) released a (TLP:WHITE) FLASH advisory subsequent to a rise in attacks that involve the NetWalker ransomware. NetWalker is a fairly new ransomware risk that was identified in [...]

CVS Pharmacy is notifying some patients about the loss of some of their private data and protected health information (PHI) after a number of incidents took place at its pharmacies from May 27, 2020 to [...]

MarineXchange Software GmbH is now HIPAA compliant after successfully completing the 6-stage HIPAA risk analysis and remediation process of the Compliancy Group. MarineXchange is the developer of the cruise industry’s only business software platform. MXP365 [...]

The U.S. Department of Justice (DOJ) indicted two Chinese nationals for hacking US firms and government institutions to steal sensitive data, which include COVID-19 research information. Allegedly, the hackers were operating under the command of [...]

Cybercriminals are exploiting the latest integrated network procedures to do increased damaging DDoS attacks on US systems. Three network procedures were created to be used in devices like mobile phones, IoT devices nd Macs, which [...]

The Federal judge dismissed the lawsuit filed versus Sarrell Regional Dental Center for Public Health Inc. because of a ransomware attack in July 2019 as a result of insufficient standing. Sarrell had recovered from the [...]

The cybersecurity company Emsisoft based in New Zealand has published its ransomware statistics for 2020 that show there were at least 41 successful ransomware attacks on hospitals and other healthcare providers in the first half [...]

The CVSS v3 base rating of vulnerability CVE-2019-5024 is 7.6 out of 10. This vulnerability was observed in Capsule Technologies SmartLinx Neuron 2 medical data collection devices using software program version 6.9.1. SmartLinx Neuron 2 [...]

Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020. Third-party cybersecurity specialists assisted with the investigation to ascertain whether [...]

The radiology practice Quantum Imaging and Therapeutic Associates in Pennsylvania announced that there were reports received regarding the non-physician personnel who allegedly shared with a Facebook group an x-ray photo of a male patient’s genitalia. [...]

The Central California Alliance for Health found out that an unauthorized individual acquired access to several employees’ email accounts and possibly viewed or duplicated information in emails and file attachments. The healthcare provider detected the [...]

A growing number of healthcare companies are confronted with legal action mainly because a ransomware attack had led to patient data theft. The Florida Orthopedic Institute in Florida, which is a big orthopedic provider, recently [...]

Benefit Recovery Specialists, Inc., a billing and collection firm located in Houston, TX, reported finding malware on its networks, and unauthorized persons may have accessed some protected health information (PHI). BRSI as a business associate [...]

Compliancy Group has declared that Optimum Behavioral Care, Inc. doing business as Frank Morelli, LMHC, has an efficient HIPAA compliance program in place and has confirmed its conformity to the Health Insurance Portability and Accountability [...]

The FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) issued a joint advisory recently regarding cybercriminals using The Onion Router (Tor) in their attacks. The U.S. Navy developed the Tor as a free, open-source [...]