Recent HIPAA News

Compliancy Group confirmed ProtoLytic, LLC, a developer providing decision support tools to medical cost management in Tampa, FL as HIPAA-compliant. Healthcare providers use ProtoLytic tools to create patient treatment plans using evidence-based recommendations and demographic [...]

A misconfigured AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a network of drug and alcohol addiction rehabilitation centers based in San Juan Capistrano, CA resulted in the compromise of sensitive patient data. [...]

Main Street Clinical Associates, PA. located in Durham, NC has notified a number of its patients regarding the potential compromise of some of their protected health information (PHI) because of the stolen devices from its [...]

A phishing attack at Salem Health Hospitals & Clinics, Oregon on July 31, 2019 resulted in the access of some employees’ email accounts by an unauthorized person. The healthcare provider detected the breach within a [...]

A new survey was done to know the expense connected with healthcare data breaches, the magnitude of the healthcare community attacked, and what proportion of the attacks become successful. The Black Book Market Research performed [...]

Utah Valley Eye Center based in Provo, UT sent breach notification letters to patients concerning an unauthorized person that potentially accessed some of their personal information as a result of its scheduling reminder web portal’s [...]

A wrong configuration of the billing program of Texas Health Resources caused the impermissible disclosure of the health information of 82,577 of its patients. Texas Health Resources is one of the United States’ major faith-based [...]

Compliancy Group declared Technology Response Team as an entity that has successfully finished its 6-stage HIPAA risk analysis and remediation procedure and has showed its compliance with the requirements of the HIPAA Security, Privacy, Breach [...]

The HHS updated its HIPAA Security Risk Assessment Tool with a number of new features requested by users to enhance usability. The HHS Office of the National Coordinator for Health Information Technology (ONC) in cooperation [...]

Because a data breach on the Palmetto Health site occurred, Prisma Health Midlands is informing about 19,000 patients and 3,000 employees. Prisma Health – earlier known as Palmetto Health – found out on August 29, [...]

TitanHQ, a provider of cloud security, has seen an exceptional increase in quarter three of 2019, having the most bustling quarter for its MSP enterprise all through its 20+ year history. The company grew into [...]

Smith’s Food & Drug based in Salt Lake City, OH has reported that around 58,000 patients’ pharmacy records were improperly disposed of. The grocery and drug store chain discovered the improper disposal on August 29, [...]

California Governor Gavin Newsom affixed his signature on bill AB-1130 which revises the data breach notification law in California. The latest bill stretches the meaning of personal information impacting the need to issue notifications to [...]

The vulnerability CVE-2019-13546 was discovered in the Philips IntelliSpace Perinatal obstetrics data management system. This vulnerability is remotely exploitable by a user of an authorized remote desktop session host application or a person that could [...]

Geisinger Health Plan based in Danville, PA found out that some of its members’ protected health information (PHI) was exposed because Magellan NIA, one of its business associates, had a suspected phishing attack. Magellan NIA [...]

Kalispell Regional Healthcare in Montana had a security breach last summer and is informing around 129,000 patients about the potential compromise of their protected health information (PHI). Kalispell Regional Healthcare manages Kalispell Regional Medical Center, [...]

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) and Microsoft launched a new project to create guidance on the development and implementation of an effective patch management strategy. After [...]

A new report from Emsisoft, a New Zealand-based cybersecurity company, exposed the magnitude of ransomware usage in cyberattacks in America. 2019’s first 9 months had 621 reports of ransomware attacks on government agencies, healthcare companies, [...]

The 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs) has been published by Gartner. It includes a study of the healthcare cloud market and points out how the cloud may be [...]

A new Proofpoint report provides ideas on the cyber threats that healthcare companies run into and the most prevalent attacks that bring about healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report reveals the evolving threat [...]

Hunt Regional Healthcare based in Texas learned that a May 2018 cyberattack was more extensive than earlier thought. The FBI informed Hunt Regional on May 14, 2019 that an advanced, targeted cyberattack hit its systems [...]

The University of Texas at Austin McCombs School of Business introduced a special healthcare-specific professional cybersecurity certificate program. The professional leadership and educational program is the first healthcare targeted cybersecurity certification program to be made [...]

Three of DCH Health System’s hospitals in Alabama were forced not to accept new patients other than those in a critical state due to a ransomware attack. The staff in DCH Regional Medical Center in [...]

CHI Health in Omaha, NE, a 14-hospital health system, had a ransomware attack, which led to the potential exposure of the protected health information (PHI) of close to 48,000 patients. CHI Health became aware of [...]

On behalf of Kaspersky Lab, a B2B International survey recently performed confirmed there is an increase in the average expense of a data breach at the enterprise-level from $1.23 million (2018) to $1.41 million. The [...]

Cancer Treatment Centers of America (CTCA) is informing some patients about the exposure of their protected health information (PHI) because of a phishing-related email security breach at its Southeastern Regional Medical Center, which happened on [...]

There has been an increase in the number of business email compromise (BEC) attacks in the United States. According to Symantec, an average of 6,029 businesses received BEC emails in the last 12 months and [...]

The Department of Health and Human Services’ Office for Civil Rights consented to a negotiation with Elite Dental Associates concerning its HIPAA violation case relating to the impermissible disclosure of protected health information (PHI) of [...]

Armis Security researchers found 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, which is a third-party software part utilized in some medical devices and hospital networks. The DHS Cybersecurity and Infrastructure Security Agency (CISA) received [...]

North Florida OB-GYN located in Jacksonville, FL found out that hackers acquired access to selected parts of its computer system holding personal and health information of patients and infected the system with a virus that [...]

A damaging ransomware attack on Wood Ranch Medical in Simi Valley, CA caused its irreversible shutting down on December 17, 2019. The attack took place on August 10, 2019 and the ransomware corrupted the servers. [...]

Sen. Rand Paul, M.D., (R-Kentucky) has announced a new bill that tries to once and for all take away the HIPAA national patient identifier provision considering the privacy problems in using such a system. At [...]

Dr. Ulrich Klopfer operated three abortion clinics in Indiana, but the clinics were closed down upon the suspension of his license in 2015. After his passing away on September 3, 2019, his family members discovered [...]

The Department of Health and Human Services (HHS) is banned from expending any of its funds for the creation and launch of a national patient identifier, although there was anticipation that the prohibition will eventually [...]

Starting October 1, 2019, medical insurance companies and related services must inform the Maryland Insurance Administration (MIA) in case a breach of insureds’ personal data occurs. The change in legislation is applicable to health plans, [...]

Philips IntelliVue WLAN firmware had been found to have two vulnerabilities that affected some IntelliVue MP monitors. The vulnerabilities can be exploited by hackers to install malicious software that could have an effect on data [...]

The Compliancy Group helped CTI Technology, a managed IT service provider located in Elgin, IL, to be certified as Health Insurance Portability and Accountability Act (HIPAA) compliant. CTI Technology used The Guard of Compliancy Group, [...]

Based on a recent investigation by ProPublica, Bayerischer Rundfunk (a German public broadcaster), and Greenbone Networks (vulnerability and analysis firm, 24.3 million medical images in medical image storage systems are publicly accessible on the internet [...]

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices. Mobile devices permit personnel to [...]

Integration Link, LLC, a cybersecurity consultancy services provider and virtual Chief Information Security Officers to small, medium and large businesses, has finished the 6-Stage HIPAA Risk Analysis and remediation process of Compliancy Group. It has [...]

A phishing attack on East Central Indiana School Trust (ECIST) resulted in the exposure of some protected health information (PHI) of over 3,200 people. On May 19, 2019, an ECIST employee was misled into sharing [...]

According to the Global Connected Industries Cybersecurity Survey conducted by Irdeto, a Swedish software company, 82% of healthcare companies utilizing Internet-of-Things (IoT) devices were attacked via one of those devices in the past year. Irdeto [...]

CTI Technology in Elgin, IL, which is a managed IT service provider, has been certified as compliant with the Health Insurance Portability and Accountability Act (HIPAA) Rules. This was made possible with the help of [...]

The Office of Management and Budget (OMB) submitted its annual audit report to Congress concerning the cybersecurity status of federal agencies, as ordered by the Federal Information Security Modernization Act of 2014 (FISMA). OMB examined [...]

IT service provider in Wichita, KS, Choose Networks, received its certification of HIPAA compliance with Compliancy Group. The company began operations in 2001 offering enterprise-level IT support to small and medium-sized companies. At present, over 35 [...]