Recent HIPAA News

Compliancy Group has declared that Optimum Behavioral Care, Inc. doing business as Frank Morelli, LMHC, has an efficient HIPAA compliance program in place and has confirmed its conformity to the Health Insurance Portability and Accountability [...]

The FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) issued a joint advisory recently regarding cybercriminals using The Onion Router (Tor) in their attacks. The U.S. Navy developed the Tor as a free, open-source [...]

TigerConnect, the most extensively used care team collaboration option, was acknowledged by KLAS and ranked among the leading systems in the KLAS Clinical Communications 2020 Advanced User Insights report. KLAS is a medical care IT [...]

Several vulnerabilities were identified in the Apache Guacamole remote access system. Lots of companies employed Apache Guacamole to let administrators and employees access Windows and Linux devices remotely. The system became well-known during the COVID-19 [...]

The U.S. National Security Agency (NSA) has released guidance to assist companies in securing IP Security (IPsec) Virtual Private Networks (VPNs) that are employed to permit employees to securely link to corporate networks to do [...]

Healthcare Fiscal Management Inc. (HFMI) based in Wilmington, NC provides hospitals, physician groups and clinics with self-pay conversion and insurance eligibility services. HFMI encountered a ransomware attack that resulted in the exposure of the personal [...]

OpenClinic GA has 12 vulnerabilities identified in its open-source integrated hospital information management system. Numerous hospitals and clinics use OpenClinic GA for managing financial, administrative, clinical, laboratory and pharmacy workflows. It is also used for medical [...]

On July 1, 2020, implementation of the California Consumer Privacy Act (CCPA) of 2018 started. The CCPA was already effective starting on January 1, 2020, however, all businesses covered by the Act were granted a [...]

Philips found an authentication bypass issue affecting Philips Ultrasound Systems. An attacker can potentially manipulate this problem to access or modify data. The vulnerability is set off by the existence of an optional path or [...]

May 2020 had a noticeable drop in the reports of healthcare data breaches as 28 data breaches involving 500 or more records were submitted to the HHS’ Office for Civil Rights. This number is the [...]

Compliancy Group has declared that primary care clinic Princeton Internal Medicine and Geriatrics in Princeton, NJ has put in place a reliable HIPAA compliance program. That means Princeton Internal Medicine and Geriatrics complies with the [...]

American Medical Technologies based in Irvine, CA, a provider of wound care solutions and medical supplies, reported that an unauthorized person accessed the email account of an employee and most likely viewed and copied the [...]

Sunrise Treatment Center located in Cincinnati, OH is notifying 3,660 patients about the potential unauthorized access of some of their protected health information (PHI) contained in an employee’s email account. The breach happened on February [...]

Compliancy Group has declared that the information technology consulting company MAD Technology Solutions, LLC based in Dauphin, PA as HIPAA compliant. It was confirmed that MAD Technology Solutions has taken all required steps to make [...]

The Senate Health, Education, Labor, and Pensions (HELP) Committee is thinking about what must be retained of the 31 latest changes to telehealth policies once the COVID-19 national public health crisis ends. The interim modifications [...]

On June 16, 2020, The National Association of Attorneys General (NAAG) sent a letter to Apple and Google to communicate issues regarding consumer privacy connected to COVID-19 contact tracing along with exposure notification programs. NAAG [...]

There were 19 zero-day vulnerabilities identified in the TCP/IP communication software library that Treck Inc. developed. Innumerable connected devices throughout practically all industry sectors, which include healthcare, were affected. Treck is a company based in [...]

Cano Health, a population health management company and healthcare provider based in Florida, discovered that an unauthorized person accessed the email accounts of three employees by setting up a mail forwarder the email accounts and [...]

A chatbot and telehealth startup based in the UK has experienced a humiliating privacy breach this week. Babylon Health created a telehealth app that general practitioners may use for virtual sessions with patients. The app [...]

There is an upcoming virtual event to be hosted on June 23, 2020 to assist managed service providers (MSPs) in facing the obstacles of operations during these difficult times. COVID-19 has compelled companies in all [...]

A warning issued by the DHS Cybersecurity and Infrastructure Security Agency (CISA) stated that there is a functional proof of concept (PoC) exploit associated with a critical remote code execution vulnerability identified in the Microsoft [...]

The Everett & Hurite Ophthalmic Association (EHOA) refers to a group of ophthalmology experts offering their services in Pittsburgh & Warrendale, PA. EHOA discovered an unauthorized person had accessed the email account of an employee [...]

The Commonwealth of Kentucky Personnel Cabinet has reported two data breaches that happened from late April to Early May. Because of the attacks, the protected health information (PHI) of about 1,000 members of the Kentucky [...]

St Joseph Health System in North Central Indiana is sending notifications to patients regarding the exposure of some of their protected health information (PHI) due to unauthorized viewing. The breach did not occur at St [...]

InterlinkONE Inc based in Boston provides cloud marketing and digital asset and order management software solutions. Recently, the Compliancy Group, the biggest HIPAA compliance training and software provider in the U.S., confirmed that InterlinkONE has [...]

Healthcare provider Kaiser Permanente based in Oakland, CA discovered that a former staff gained access to the radiology information of many patients without permission for a period of 8 years. Kaiser Permanente knew about the [...]

The U.S. Federal Trade Commission (FTC) would like to get comments on its breach notification requirements for non-HIPAA-covered entities collecting personally identifiable health data. In 2009, the FTC launched the Health Breach Notification Rule along [...]

The FBI and the Cybersecurity and Infrastructure Security Agency lately made a joint public service announcement explaining the 2016 to 2019 top 10 most exploited vulnerabilities. Advanced nation state hackers exploit these vulnerabilities to target [...]

A Russian hacking gang referred to as Sandworm (Fancy Bear) is exploiting an Exim Mail Transfer Agent vulnerability. The flaw, labeled as CVE-2019-10149, is a remote code execution vulnerability that was brought in in Exim [...]

The HHS’ Office of Inspector General (OIG) has issued a tactical plan for monitoring the COVID-19 response and recovery work of the Department of Health and Human Services. OIG is going to evaluate how good [...]

Mat-Su Surgical Associates based in Palmer, AK made an announcement that it encountered a ransomware attack in March. The staff discovered the attack on March 16 after being locked out of the computer systems because [...]

The Compliancy Group confirmed that South Texas Children’s Dentistry has an effective HIPAA Compliance program set up. South Texas Children’s Dentistry already took action towards complying with the regulations of the Health Insurance Portability and [...]

Four Senators wrote to the Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) because of the latest notification telling COVID-19 research organizations that hackers associated with China are doing [...]

Advanced Persistent Threat (APT) groups keep on targeting healthcare companies, research groups, pharmaceutical firms, and other organizations actively helping during the COVID-19 crisis. That is why, the United Kingdom and the United States cybersecurity authorities [...]

In April 2020, 37 healthcare data breaches involving at least 500 records were reported That number is only one more than the number of breaches in March and is still lower than the average number [...]

Lurie Children’s Hospital of Chicago is dealing with lawsuits regarding two privacy breaches which involved employees accessing the healthcare records of patients with no permission. The legal action was filed on behalf of a mom [...]

Mille Lacs Health System based in Onamia, Mn has suffered a phishing attack that possibly exposed more than 10,000 patients’ protected health information (PHI). A number of employees of Mille Lacs Health System got phishing [...]

Two privacy bills were presented in relation to the COVID-19 contact tracing apps which Congress is currently considering. Republican and Democratic lawmakers introduced contending bills that have several common ground and hope to accomplish the [...]

Companies that encounter a ransomware attack might be enticed to pay the ransom demand to minimize downtime and expenses on recovery, however a Sophos survey indicates companies that pay the ransom in reality turn out [...]

Management and Network Services (MNS), LLC based in Dublin, OH provides post-acute healthcare companies with administrative support services. The email accounts of some MNS employees were found to have been compromised. MNS explained in a [...]

Organizations engaged in researching SARS-CoV-2 and COVID-19 received warning that hackers associated with the Peoples Republic of China (PRC) are targeting their organizations, consequently, they need to take steps to safeguard their systems from any [...]

Saint Francis Healthcare Partners in Connecticut is informing 38,529 patients about the potential compromise of some of their protected health information (PHI) due to a sophisticated cybersecurity incident that permitted an unauthorized person to access [...]

Compliancy Group has certified that Safe Partner Inc. has proven it has an effective HIPAA compliance program in place and has excellently concluded its exclusive 6-stage HIPAA risk analysis and remediation program. Safe Partner Inc. [...]

Business email compromise scammers from Nigeria were found targeting COVID-19 research institutions, pandemic response agencies, and government healthcare organizations to get falsified wire transfer payments and install malware. Palo Alto Networks’ Unit 42 team researchers [...]

COVID-19 has compelled a lot of organizations to quickly implement a work from home scheme for employees, which resulted in new possibilities for cybercriminals to execute attacks. Cyberattacks on remote employees have grown considerably at [...]

A number of healthcare companies were impacted by a strange data breach at STAT Informatics Solutions, LLC based in Waupaca, WI. STAT provides a number of healthcare companies with secure medical records services which include [...]