Recent HIPAA News
-
An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient [...]
-
A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing [...]
-
An ex-employee of a healthcare provider based in Germantown, MD is alleged to have accessed the protected health information (PHI) of approximately 16,542 patients. The information was allegedly given to a third party to be [...]
-
Ever since reports regarding the massive data breach at American Medical Collection Agency (AMCA) became known, over 12 lawsuits had been submitted by breach victims. Quest Diagnostics formally reported the breach on June 3, 2019 [...]
-
News reports spoke of the American Medical Collection Agency (AMCA) data breach that brought about the compromise of 11.9 million Quest Diagnostics patient records. Current news cite another healthcre company affected by the AMCA breach. [...]
-
Turlock Irrigation District in California is notifying its employees who are members of their employer-sponsored health plan regarding the exposure of some of their protected health information (PHI) online due to a business associate error. [...]
-
The huge data breaches lately which included the breach at Quest Diagnostics affecting 11.9 million records and the breach at LabCorp affecting 7.7 million records. Now, University of Chicago Medicine announced a data breach with [...]
-
The Vermont Supreme Court issued a ruling permitting a patient to take legal action against a hospital and nurse for privacy violation, irrespective of Vermont law and the HIPAA law that do not allow private [...]
-
Microsoft issued another warning regarding the BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) after publishing online proof-of-concept exploits for the vulnerability. Microsoft issued fixes for the vulnerability on May 14, 2019. Patches were also made [...]
-
In March 2015, health insurer Premera Blue Cross in Seattle reported a major data breach that affected close to 10.6 million plan members. The breach happened in 2014 and a wide range of information was [...]
-
People Inc. is a non-profit health and human services firm located in Western New York providing services to elderly people and people with developmental disabilities. A phishing attack on the organization affected roughly 1,000 persons. [...]
-
Medical Oncology Hematology Consultants (MOHC), a Newark,DE based cancer treatment center, suffered an email security breach that lead to the compromise of the protected health information (PHI) of some patients. MOHC published a substitute breach [...]
-
Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable [...]
-
A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. [...]
-
Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The [...]
-
Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, [...]
-
Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data [...]
-
Thousands of health records were found left behind in a public dumpster located in Texas. The boxes comprise of patient and employee records from Today’s Vision and include documents that contain highly sensitive data. Today’s [...]
-
Cancer Treatment Centers of America (CTCA) suffered another breach involving the e-mail account of one personnel working at its Southeastern Regional Medical Center. The breach on March 10, 2019 happened after a phishing attack. The [...]
-
The American Academy of Neurology (AAN) spoke about their concerns on the interoperability plans of the HHS’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). [...]
-
April was really bad for healthcare data breaches. The number of reported data breaches this month is higher than any other month since October 2009 when the Department of Health and Human Services’ Office for [...]
-
A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security [...]
-
American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around [...]
-
A new analysis report by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) highlights a number of the prevalent risks and vulnerabilities related to switching from on-premise to cloud-based mail services like Microsoft Office 365. [...]
-
The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack [...]
-
A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City [...]
-
The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and [...]
-
Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was [...]
-
The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach [...]
-
After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to [...]
-
Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties [...]
-
A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact [...]
-
The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & [...]
-
The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will [...]
-
A notification of enforcement discretion issued by the Department of Health and Human Services about the civil monetary penalties applied whenever there are HIPAA Rules violations discovered will reduce the maximum financial penalty in three [...]
-
The Washington legislature made a unanimous decision to pass HB 1071 / SB 5064, a new data breach notification law. The only the bill needs is the signature of Washington Governor Jay Inslee. The law [...]
-
The King County Superior Court lately agreed to a $4.7 million settlement to pay back the people whose personal data were stolen in a breach at Washington State University in April 2017. Portable hard drives [...]
-
Three breaches involving patients’ protected health information (PHI) due to email hacking were reported. The three hacking incidents affected a total of 8,635 patients. The first breach happened in the Center for Sight and Hearing [...]
-
The HHS’ Office of the National Coordinator for Health IT (ONC) has published a second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) and is accepting comments on the revised material. The objective [...]
-
The highly sensitive data of patients who had received treatment at addiction rehabilitation centers were discovered to be publicly accessible online because of an unsecured database. There were around 4.91 million records in the database, [...]
-
Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual. A breach investigation which started on February 20, 2019 revealed that a variety [...]
-
993 beneficiaries of Medicaid or have obtained services from the Ohio Department of Job and Family Services (ODJFS) living in Ohio received notification that unauthorized persons potentially viewed some of their protected health information (PHI) [...]
-
A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons. The counseling center discovered the [...]
-
The website of Blue Cross of Idaho was hacked resulting to the access of its member portal by an unauthorized person who viewed the protected health information (PHI) of some members. Blue Cross of Idaho [...]
-
The consultancy company CynergisTek conducted a study recently and found that healthcare organizations aren’t in conformity to the HIPAA Privacy and Security Rules and the NIST Cybersecurity Framework (CSF) controls. CynergisTek studied the NIST CSF [...]
-
The Minnesota Department of Human Services (DHS) received another report of a phishing attack that resulted to the compromise of an employee’s email account. This security breach transpired on or before March 26, 2018. This [...]
-
Massachusetts Baystate Health had a phishing attack which impacted the protected health information (PHI) of 12,000 patients. A few employees had their email accounts compromised between February 7 to March 7, 2019. When Baystate Health [...]
-
A phishing attack on Palmetto Health, which is now called Prisma Health, allowed unauthorized persons to access several email accounts. Palmetto Health employees received email messages that have a malicious hyperlink. When the employees clicked [...]
-
Can Docusign be used with electronic protected health information (ePHI) by healthcare organizations without violating HIPAA Rules? Is DocuSign compliant with HIPAA? DocuSign is a provider that offers electronic signature and transaction management services. DocuSign [...]
-
Amazon announced a new service that allows healthcare professionals to de-identify medical images by automatically removing any identifying protected health information (PHI) presented in the images. Pictures taken in medical settings often contain personally identifiable [...]