Recent HIPAA News

Office 365 users have been cautioned regarding a continuous phishing campaign that collects user credentials. The attackers utilize sophisticated strategies to circumvent email security defenses and social engineering techniques to trick company personnel into going [...]

According to Microsoft, Advanced Persistent Threat (APT) groups in North Korea and Russia are directing attacks on companies engaged in COVID-19 research and vaccine development. Three APT groups have targeted six big pharmaceutical companies and [...]

A phishing attack affected the Department of Human Services, North Dakota Department of Health, Cavalier County Health District, and other state departments that resulted in the compromise of employee email accounts from November 23 to [...]

A ransomware attack on First Impressions Orthodontics, a Professional Dental Alliance of Connecticut PLLC’s subsidiary, occurred on September 28, 2020 that resulted in the potential compromise of the protected health information (PHI) of 23,000 patients. [...]

The BD Alaris PC Unit identified a medium severity vulnerability that could be exploited to bring about a denial of service attack and a drop in wireless capacity. Medigate discovered the vulnerability and reported it [...]

The TrickBot botnet is being used to conduct a new phishing campaign that delivers the Buer loader and Bazar backdoor malware. Researchers at Area 1 Security detected the campaign that has been operating since early [...]

RevoluIT based in Frankfort, IL is an IT and small business consulting company serving the healthcare industry was certified as compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) after taking [...]

Ransom Demands Continue to Increase The Coverware Quarterly Ransomware report for Q3 2020 reveals that the average ransom demand progressively increased during the last 8 quarters, though the quarterly growth was more significant every quarter [...]

Coveware has published its Quarterly Ransomware report for the third quarter of 2020 and featured the hottest ransomware attack developments. The report notes that data exfiltration before deploying the ransomware remains a well-liked tactic. About [...]

An unauthorized person had accessed the email account of an employee of Centerstone, which provides mental health and substance use disorder treatment services in Illinois, Indiana, Florida and Tennessee. Centerstone detected strange activity in the [...]

computer systems remained offline, it is still providing patient care. The hospital’s emergency and urgent care departments are open and are fully operational. Most scheduled elective procedures will proceed as scheduled. Right now, while the [...]

Compliancy Group made an announcement that health tech start-up BIONWORKS has attained compliance with the Health Insurance Portability and Accountability Act (HIPAA) requirements. BIONWORKS develops an advanced ML-driven enterprise mobility software program for the healthcare [...]

The coronavirus pandemic has triggered a significant increase in healthcare providers extending telehealth services to individuals. Virtual consultations are being made available to minimize the number of individuals traveling to hospitals and clinics to restrict [...]

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) have given an advisory regarding elevated Ryuk ransomware activity directed at the public [...]

On October 11, 2020, Sonoma Valley Hospital based in California encountered a computer security breach that resulted in the shutdown of its computer systems, hence “a significant downtime event” occurred. The hospital went ahead with [...]

At the beginning of this year, Rave Mobile Safety conducted a 2020 Healthcare Emergency Preparedness and Security Trends Survey. Now on November 12, 2020, there will be a webinar hosted by Rave Mobile Safety where [...]

LuxSci, a provider of HIPAA-compliant email communications services based in Massachusetts, has reported that it has gotten HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is an all-inclusive, certifiable platform for companies that generate, [...]

September is awful in terms of data breaches. HIPAA-covered entities and business associates reported 95 data breaches involving at least 500 records. The increase in breaches is 156.75% compared to last August 2020. There wasn’t [...]

On October 2020 Patch Tuesday, Microsoft launched a patch to fix a critical remove code execution vulnerability identified in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The vulnerability is caused by the way TCP/IP [...]

Silent Librarian, also known as Cobalt Dickens and TA407, centered in Iran has begun again spear-phishing attacks on colleges in America and all over the world. Since 2013, the hacking group has been executing attacks [...]

Compliancy Group has certified NeuronUP’s good faith effort to achieve HIPAA compliance and satisfactorily fulfilled the specifications of the Health Insurance Portability and Accountability Act’s regulations. NeuronUP is a 3-in-1 tool created to assist neurorehabilitation [...]

Universal Health Services has affirmed that its 250 hospitals in the USA are operational and hoping to catch a person thought to be behind the ransomware attack that shut down its systems for three weeks. [...]

eResearchTechnology in Philadelphia is a company marketing software for clinical trials, for instance, the clinical trials relating to Covid-19 vaccines. The company experienced a ransomware attack last September 20, 2020 that affected several clients, including [...]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint alert about advanced persistent hackers stringing exploits for a number of vulnerabilities in cyberattacks directed at federal and [...]

The chiropractor Accents on Health based in Lone Tree, CO encountered a ransomware attack on August 5, 2020 that saw the encryption of information kept on its computer systems. Cybersecurity forensics experts looked into the [...]

Maternal Fetal Associates based in Virginia is a medical group composed of maternal fetal medicine professionals. It recently announced its completion of the Six Stage Implementation Program of Compliancy Group and has received certification as [...]

On September 30, 2020, Blackbaud submitted a Form 8-K with the SEC (U.S. Securities and Exchange Commission) that gave more details on the ransomware attack encountered by the company in May 2020. Blackbaud stated that [...]

Oaklawn Hospital located in Marshall, MI, has begun informing 26,861 patients regarding a potential compromise of their personal and medical data. It is not clear when the hospital detected the breach, however, the forensic investigation [...]

Health insurer Anthem Inc. based in Indianapolis, IN has settled its multi-state actions filed by state attorneys general in relation to its 2014 78.8 million record data breach. One settlement deal for $39.5 million was [...]

Alameda Health System (AHS) based in Alameda, CA, an inpatient, outpatient, emergency, and wellness services provider around the East Bay area, became aware that an unauthorized individual had briefly gained access to an employee’s email [...]

Universal Health Services (UHS) located in King of Prussia, PA has experienced a big security breach that resulted in the inaccessibility of its IT systems. The health system has got at least 400 healthcare facilities [...]

stealing credentials from several applications and data resources, such as Firefox, Safari, and Chrome web browsers. It likewise rips off credentials utilized for email accounts, sFTP and FTP clients. The malware can be used to [...]

Sudden Infant Death Services (SIDS) of Illinois, Inc. has been certified as compliant with the standards of the Health Insurance Portability and Accountability Act’s (HIPAA) Security and Privacy Rules, the Breach Notification Rules, and the [...]

The HHS’ Office for Civil Rights received 37 reports of healthcare data breaches involving 500 or more records in August 2020. The number of breaches continued to be rather constant month-over-month, however, breached records in [...]

There are 5 vulnerabilities with low- to medium-severity discovered in the Philips Clinical Collaboration Platform (Vue PACS). An attacker could exploit the vulnerability and influence an authorized user to perform unauthorized activities or disclose data [...]

A recent joint cybersecurity alert published by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that a hacking group connected to the Iranian government was detected exploiting [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the newly released version of its tool for Security Risk Assessment (SRA). The Office of the National Coordinator for Health Information Technology [...]

Inova Health System in Falls Church, VA is one of the healthcare companies that lately confirmed the impact of the Blackbaud ransomware attack on its company. The information contained in a backup donor database included [...]

A Federal judge dismissed a potential class-action lawsuit that was filed in June 2019 against UChicago Medicine, the University of Chicago, and Google. The lawsuit was a response to an alleged breach of HIPAA Rules [...]