Recent HIPAA News

The Compliancy Group helped CTI Technology, a managed IT service provider located in Elgin, IL, to be certified as Health Insurance Portability and Accountability Act (HIPAA) compliant. CTI Technology used The Guard of Compliancy Group, [...]

Based on a recent investigation by ProPublica, Bayerischer Rundfunk (a German public broadcaster), and Greenbone Networks (vulnerability and analysis firm, 24.3 million medical images in medical image storage systems are publicly accessible on the internet [...]

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices. Mobile devices permit personnel to [...]

Integration Link, LLC, a cybersecurity consultancy services provider and virtual Chief Information Security Officers to small, medium and large businesses, has finished the 6-Stage HIPAA Risk Analysis and remediation process of Compliancy Group. It has [...]

A phishing attack on East Central Indiana School Trust (ECIST) resulted in the exposure of some protected health information (PHI) of over 3,200 people. On May 19, 2019, an ECIST employee was misled into sharing [...]

According to the Global Connected Industries Cybersecurity Survey conducted by Irdeto, a Swedish software company, 82% of healthcare companies utilizing Internet-of-Things (IoT) devices were attacked via one of those devices in the past year. Irdeto [...]

CTI Technology in Elgin, IL, which is a managed IT service provider, has been certified as compliant with the Health Insurance Portability and Accountability Act (HIPAA) Rules. This was made possible with the help of [...]

The Office of Management and Budget (OMB) submitted its annual audit report to Congress concerning the cybersecurity status of federal agencies, as ordered by the Federal Information Security Modernization Act of 2014 (FISMA). OMB examined [...]

IT service provider in Wichita, KS, Choose Networks, received its certification of HIPAA compliance with Compliancy Group. The company began operations in 2001 offering enterprise-level IT support to small and medium-sized companies. At present, over 35 [...]

A new research study published in JAMA Network Open revealed that many patients are okay with sharing their EHR data and biospecimens for research purposes; however, the majority of patients would like to limit the [...]

When healthcare providers encounter a data breach, breach victims will naturally be annoyed and upset. People provide their data to healthcare organizations with the understanding that they implement safeguards to protect that information. Whenever patients [...]

A phishing attack on Artesia General Hospital in Artesia, NM resulted to the compromise of 13,905 patients’ protected health information (PHI). The hospital detected the breach on June 18, 2019 when it was discovered that [...]

The agency assigned to implement HIPAA compliance is the Department of Health and Human Services’ Office for Civil Rights. Only a handful of HIPAA violations were issued financial penalties prior to 2016. Then, the number [...]

The last phishing attack on Bonita Springs, an NCH Healthcare System based in Florida, highlighted the great importance of providing healthcare employees with security awareness training. Bonita Springs detected the attack on June 14, 2019 [...]

On June 26, a University of Chicago Medical Center (UCMC) patient filed legal action against UCMC and Google with regards to an alleged privacy violation involving the disclosure of protected health information (PHI) without de-identifying [...]

A phishing attack on NCH Healthcare System in Naples, FL resulted in the exposure of patient information. NCH Healthcare knew about the suspicious activities on its payroll system on June 14, 2019. A third-party computer [...]

The Swedish Data Protection Authority (DPA) issued its first financial penalty for a General Data Protection Regulation (GDPR) violation. A high school in Skellefteå was issued a 200,000 SEK fine (€19,000/$21,000) for conducting a pilot [...]

An unsecured database online contains the personal data of individuals who exhibited an interest in Vascepa®, a cholesterol drug that Amarin Pharma manufactures. The database contained information including complete names, telephone numbers, email addresses, home [...]

Massachusetts General Hospital (MGH) discovered recently the unauthorized access of the computer applications utilized by its Department of Neurology researchers. The person behind the breach could potentially access the protected health information (PHI) of around [...]

Nuvance Health informed some Western Connecticut Health Network (WCHN) patients concerning their protected health information (PHI) exp. CHN sent to the Connecticut State Department of Public Health a package of medical documents on June 11, [...]

The healthcare industry is being attacked with more data breaches. Why do hackers want to target the healthcare industry? FireEye came up with a new report to provide answers to this question. FireEye researchers analyzed [...]

The Western District of Wisconsin US District Court has partly dismissed the class-action data breach lawsuit that UnityPoint Health is facing. In February 2018, employees of UnityPoint Health received phishing emails and responded to them. [...]

A database which comprises of the personal information of men and women who expressed interest in Vascepa®, a cholesterol drug manufactured by Amarin Pharma, was exposed online. The database, which a third party vendor maintained, [...]

Florida’s Integrated Regional Laboratories (IRL) is informing about 30,000 patients regarding the potential compromise of their protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) data breach, which was discovered [...]

medRxiv, a health manuscript archiving firm, recently conducted a study which revealed the prevalent noncompliance with the HIPAA right of access. The researchers of this study mailed 51 healthcare providers requesting for medical record and [...]

Eye Care Associates, a fully integrated eye care provider in the northeast Ohio region, had a ransomware attack in late July which led to the inaccessibility of its computer systems. Two weeks after the attack, [...]

The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock [...]

Because of a phishing attack on April 2019, the University of Missouri Health Care (MU Health) is charged with a lawsuit. MU Health found out on May 1, 2019 the one week unauthorized access of [...]

Allscripts Healthcare Solutions proposed a preliminary settlement to resolve the violations of HIPAA, the Anti-Kickback Statute and the electronic health record (EHR) incentive program of the HITECH Act by the electronic health record (EHR) firm [...]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico. A press release on July 19, 2019 explained the discovery by [...]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico. A press release on July 19, 2019 mentioned the [...]

Businesses governed by HIPAA regulations need to be mindful whenever using emergency text notification systems and ensure not to disclose Protected Health Information (PHI) without authorization. It can be quite difficult to adhere to HIPAA [...]

Compliancy Group made an announcement regarding the new appointment of an experienced healthcare lawyer and legal researcher to the task of helping simplify the complicated Health Insurance Portability and Accountability Act (HIPAA) requirements. The goal [...]

The Department of Veteran Affairs Office of Inspector General (VA OIG) inspected a California VA medical center recently and found security vulnerabilities linked to medical device workarounds as well as non-compliance with Veterans Health Administration [...]

The healthcare industry has had a particularly bad first six months. The many reports of data breaches and the volume of healthcare records exposed every day are very concerning. The trend this 2019 is over [...]

A HIPAA business associate from Madison Heights, MI, Northwood Inc., reported hacking of one of its employee’s email account and potential viewing or acquisition of sensitive patient information. Northwood Inc knew about the breach on [...]

The first GDPR data breach fine has been issued by Authoriteit Persoonsgegevens, the GDPR data protection authority in the Netherlands, to Haga Hospital in the Hague. The hospital is to pay a GDPR fine of [...]

Qmetis, a healthcare technology firm based in New York, was certified compliant with the Health Insurance Portability and Accountability Act (HIPAA) Rules for HIPAA business associates after successfully completing the 6-Stage HIPAA Risk Analysis and [...]

Computer Doc is an IT company located in Indian Trail, NC that is now awarded a certificate of compliance with the HIPAA Security, Privacy and Breach Notification Rules, the HITECH Act and the Omnibus Rules [...]

Patients of Wise Health System in Decatur, TX received notification regarding the potential exposure of their protected health information (PHI) because of a phishing attack. About 35,899 patients were affected by the breach. The phishing [...]

The 2019 Cost of a Data Breach Report of Ponemon Institute/IBM Security has been published. It is a detailed study of the reported data breaches in 2018. It revealed the continuous increase of data breach [...]

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its [...]

Equifax has decided to resolve its federal data breach case by paying at least $575 million. The settlement could possibly go up to $700 million plus the need to make significant improvements to its security [...]

Edgepark Medical Supplies (EMS) discovered on May 13, 2019 that an unauthorized person access the account of some of its customers accounts and altered their addresses causing a redirection of their orders to different delivery [...]

Idaho is giving patients new rights as hospitals implement the new rules. The Idaho Department of Health and Welfare (IDHW) is implementing the rules which began July 1, 2019. IDHW stated that patient advocacy groups [...]

Just a few days after expressing the intention to issue a penalty to British Airways the amount of £183 million ($230 M) for its 383-million records breach, the United Kingdom’s Information Commissioner’s Office (ICO) is [...]

Adirondack Health Vermont notified about 25,000 patients regarding the potential exposure of their protected health information (PHI) due to hacking. The potentially compromised information include the patients’ names, birth dates, healthcare insurance member numbers or [...]

The U.S. Department of Health and Human Services (HHS) Secretary has declared a partial waiver of HIPAA sanctions and penalties in Louisiana because of the damage that Tropical Storm Barry likely caused when it hit [...]

UK Information Commissioners Office (ICO), which is the GDPR supervisory authority, issued the biggest GDPR penalty to British Airways amounting to £183.39 million or $228 million for failure to employ security controls that led to [...]

Premera Blue Cross agreed to pay $10 million to settle a multi-state data breach lawsuit that involved 30 state attorneys general. The alleged violations of state and federal laws resulted to a breach of 10.4 [...]