Recent HIPAA News
-
The last day for reporting healthcare data breaches involving less than 500 records that were identified in 2020 is on March 1, 2021. Until then, HIPAA-covered entities and business associates can submit their breach reports [...]
-
Kroger made an announcement that it has encountered a data security incident, which exploited the SQL injection vulnerabilities found in its Accellion File Transfer Appliance (FTA). The Accellion FTA is an old appliance that was [...]
-
The number of healthcare data breaches involving 500 or more records in January 2021 decreased by 48% month-over-month. There were 32 data breaches reported in January compared to December’s 62. Although this is below the [...]
-
Wilmington Surgical Associates located in North Carolina is dealing with a class suit due to a Netwalker ransomware attack that resulted in a data breach last October 2020. In most ransomware attacks today, data files [...]
-
Grand River Medical Group based in Dubuque, OH found out that an unauthorized person acquired access to an employee’s email account and might have seen or gathered the protected health information (PHI) of 34,000 patients. [...]
-
A Campbell County Health (CCH) personnel had done an email error that led to the impermissible disclosure of the protected health information (PHI) of 900 people. The health system based in Gillette, WY found out [...]
-
The court has given preliminary approval of a settlement proposal by 21st Century Oncology to take care of a November 2020 class-action lawsuit. The class-action lawsuit was submitted in District Court for the Middle District [...]
-
The Conti ransomware gang has left a big set of healthcare information online that was presumably taken from Leon Medical Centers based in Florida and Nocona General Hospital based in Texas. Leon Medical Centers experienced [...]
-
TeleVine Therapy based in New Philadelphia, OH was independently confirmed to have an effective HIPAA compliance program. TeleVine Therapy is a first-class speech and language therapy services provider serving the residents of Ohio, Pennsylvania, and [...]
-
Compliancy Group has certified that Send Mammogram has put in place an appropriate HIPAA compliance program and is found compliant with the criteria as outlined in the Health Insurance Portability and Accountability Act. With its [...]
-
The National Cyber Investigative Joint Task Force (NCIJTF) published a ransomware fact sheet to increase awareness regarding the ransomware attack threats and offer information that could be used to avoid and offset attacks. An interagency [...]
-
University of Pittsburgh Medical Center (UPMC) has reported that the protected health information (PHI) of over 36,000 patients was potentially accessed by unauthorized persons subsequent to a cyberattack on a company that provides UPMC with [...]
-
Compliancy Group has certified The Speech Paradigm LLC as having put in place an efficient HIPAA compliance program. The program is found to be in compliance with the requirements of the HIPAA Security, Privacy, Breach [...]
-
Cybersecurity firm Imperva released a report that showed significant growth of attacks on healthcare sector web apps. Imperva Research Labs noted 51% more web app attacks for the period November 2020 to December 2020, the [...]
-
Two personnel of the Department of Veteran Affairs’ (VA) information technology allegedly made false representations regarding the privacy and security risks of a huge data AI project involving the VA and a private firm that [...]
-
Europol stated that the well known Emotet Botnet was taken down in association with a multinational law enforcement operation. Law enforcement agencies in the United States, Europe, and Canada controlled the Emotet infrastructure, which is [...]
-
The contract of Philly Fighting COVID to distribute COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was ended following accusations that the organization’s privacy policies potentially allowed the purchase of private [...]
-
Compliancy Group has certified that Team Keep has passed the compliance requirements of the Health Insurance Portability and Accountability Act (HIPAA). Team Keep is a nonprofit company that offers a safe online document storage service [...]
-
Lake Region Healthcare located in Fergus Falls, Minnesota is having an investigation of a ransomware attack detected on December 22, 2020. The ransomware attack impacted a number of systems of the healthcare company that interrupted [...]
-
2020 ended with healthcare data breach reports at the rate of two each day, which is two times the rate of breach reports last January 2020. There was a 31.9% month over month increase in [...]
-
A recent study printed in the Journal of the American Medical Informatics Association (JAMIA) revealed that information blocking by electronic health record (EHR) vendors remains remarkably rampant in spite of recent policymaking that forbids information [...]
-
Ransomware attacks have had a big impact on companies and organizations in the United States, and 2020 was in particular a bad year. Ransomware gangs targeted the healthcare sector, education industry, and federal, state, and [...]
-
Compliancy Group has certified that COPS Monitoring based in Williamstown, NJ, the biggest professional monitoring provider in the United States, has put in place a good HIPAA compliance program. The regulatory requirements of the Health [...]
-
Minnesota South Country Health Alliance based in Owatonna, MN has identified that an unauthorized individual got access to a staff’s email account that held the protected health information (PHI) of 66,874 of its members. The [...]
-
The HHS’ Office for Civil Rights (OCR) is moving forward with its efforts to catch healthcare companies that fail to provide patients with prompt access to their healthcare records. OCR recently announced a settlement reached [...]
-
The Federal Bureau of Investigation (FBI) published a Private Industry Advisory regarding the growing number of cases of Egregor ransomware attacks. This ransomware-as-a-service operation was first discovered in September 2020. The attackers behind the Egregor [...]
-
An email security breach at LSU Health University Medical Center-New Orleans led to the probable exposure of the protected health information (PHI) of some patients. LSU Health New Orleans Health Care Services Division earlier announced [...]
-
Custom Internet Services LLC based in Winfield, KS provides Information Technology solutions to small- and medium-sized companies and institutions. It recently received a certification from Compliancy Group confirming that it has implemented an appropriate HIPAA [...]
-
Prestera Center for Mental Health Services, West Virginia’s biggest behavioral health services provider, became aware that an unauthorized person potentially obtained access to the protected health information (PHI) of a small number of its present [...]
-
Compliancy Group has certified Brightside Behavioral Health based in Warwick, Rhode Island to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) after implementing an efficient HIPAA compliance plan. Brightside Behavioral Health [...]
-
Compliancy Group has certified that Miiskin has achieved Health Insurance Portability and Accountability Act (HIPAA) compliance after completing all required steps to follow the HIPAA rules. Miiskin is a provider of an application and teledermatology [...]
-
In the fall of 2020, CISA, FBI, and HHS cybersecurity gave a joint advisory to the healthcare and public health industry subsequent to a surge in ransomware activity. The joint notice discussed that attackers are [...]
-
2020 was the most awful ever year when it comes to healthcare industry data breaches. There were 616 data breaches involving 500 or more health records documented by the HHS’ Office for Civil Rights. Those [...]
-
The U.S. National Security Agency (NSA) issued a cybersecurity advisory concerning the activity of Russian state-sponsored hacking groups targeting a vulnerability found in VMWare virtual workspaces that is used for performing remote work. The vulnerability [...]
-
The Department of Health and Human Services’ Office for Civil Rights has released a new Health Insurance Portability and Accountability Act (HIPAA) Rules guidance to tackle the issue of disclosing protected health information (PHI) to [...]
-
Atlantic.net in Orlando, Florida made statements concerning big changes that will help improve its performance, make its billing more accurate, and allow it to deliver better overall customer assistance. The hosting provider currently provides its [...]
-
The DHS’ Cybersecurity and infrastructure Security Agency has created a website offering information about the current cyber activities of the advanced persistent threat (APT) gang behind the compromise of the SolarWinds Orion software supply chain. [...]
-
Compliancy Group has certified that KeyReply, an enterprise SaaS AI chatbot software company, has integrated an appropriate HIPAA compliance program. KeyReply offers a web- and on-premise chatbot and conversational AI tool for the medical care [...]
-
The number of healthcare data breaches reported dropped again last November; however, take note that the number of reported breaches in October 2020 was thrice the average monthly number mostly because of the ransomware attack [...]
-
Meharry Medical College located in Nashville, TN found an email account breach that possibly allowed unauthorized persons to get access or steal the protected health information (PHI) of up to 20,983 patients. Meharry Medical College [...]
-
The Department of Health and Human Services’ Office for Civil Rights has publicized its 2016-2017 HIPAA Audits Industry Report, featuring areas where HIPAA-covered entities and their business associates are complying or unable to abide with [...]
-
Jacksonville Children’s and Multispecialty Clinic (JCMC) is now certified as fully HIPAA compliant after completing Compliancy Group’s established HIPAA compliance system. JCMC is operating a number of clinics in the counties of Onslow, New Hanover [...]
-
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has issued final guidance for healthcare delivery companies on securing the Picture Archiving and Communication System (PACS) ecosystem. PACS [...]
-
The Federal Bureau of Investigation (FBI) has released a private industry notice regarding the increasing DoppelPaymer ransomware activity and the threat actors’ change in strategy to compel victims into paying the ransom. DoppelPaymer ransomware first [...]
-
Cedar Springs Hospital based in Colorado Springs, CO is informing some patients regarding the loss of a portable storage unit that had their protected health information (PHI) last October 2020. The hospital gave a copy [...]
-
Horizon Information Systems, Inc based in Johnstown, PA, a software solutions developer serving human service and community action organizations, has received its Health Insurance Portability and Accountability Act (HIPAA) compliance approval from the Compliancy Group. [...]
-
Twitter is penalized with €450,000 ($544,600) for violating the EU’s General Data Protection Regulation (GDPR). The Data Protection Commission (DPC) in Ireland issued the fine in connection with Twitter’s privacy breach report to the DPC [...]
-
The House Energy and Commerce Committee passed a new bill (HR 7988), which tries to change the HITECH Act to necessitate the Department of Health and Human Services to identify whether or not HIPAA-covered entities [...]
-
A phishing attack on Tufts Health Plan resulted in the compromise of the protected health information (PHI) of 60,545 members’ of EyeMed, a vision benefits management company. EyeMed uncovered the phishing attack on July 1, [...]
-
GBMC HealthCare located in Towson, MD reported a ransomware attack that happened on December 6, 2020 causing the taking down of its computer network. The healthcare company currently implements EHR downtime protocols while it controls [...]