Recent HIPAA News

Based on the newest report from ransomware incident response firm Coveware, there is a 38% decline in the average ransom payment made by victims of ransomware attacks between Q1 and Q2, 2021. Q2’s average ransom [...]

2020 was notably bad for the healthcare sector considering the record numbers of reported data breaches. Ransomware was a big threat. Emsisoft identified 560 ransomware attacks on healthcare companies last 2020. According to Comparitech, the [...]

The Cancer Center at Greenwood Leflore Hospital (CCGLH) in Mississippi informed its patients about the Elekta ransomware attack as a preventative measure to avert identity theft and fraud. Elekta notified CCGLH on May 17 regarding [...]

The Nebraska Department of Health and Human Services has made an announcement about a security incident that involved the protected health information (PHI) of clients of Aging Partners, a department of the City of Lincoln. [...]

Oklahoma Heart Hospital has begun informing a number of patients regarding a privacy incident wherein paperwork that contains some patient data was unintentionally contributed to charity. A former worker had written notes by hand that [...]

For three successive months, there has been an increase in the number of reported healthcare data breaches involving at least 500 records. June had 70 data breaches involving at least 500 records reported to the [...]

University Medical Center of Southern Nevada (UMC) has encountered a ransomware attack and had patient data stolen. The medical center said it identified suspicious activity within the hospital system in mid-June and had taken fast [...]

Another three healthcare providers made an announcement that they were affected by the recent ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery solution provider. Elekta has a cloud-based mobile app known as [...]

Sierra Nevada Primary Care Physicians based in California is notifying 1,717 patients regarding an incident that resulted in the stealing of selected protected health information (PHI), which includes names and credit card details. The District [...]

The protected health information (PHI) of around 30,063 Florida Blue (Blue Shield of Florida and Blue Cross) members might have been seen or acquired during a brute force attack on the online member portal of [...]

Like California and Virginia, Colorado has passed a comprehensive data privacy law to protect state locals. There were several amendments made before the Colorado Privacy Act went over the line. The state Senate finally passed [...]

Coastal Family Health Center (CFHC), the fourth biggest community health center based in Mississippi, has begun informing patients regarding a May 13, 2021 cyberattack that compromised some of their protected health information (PHI). CFHC stated [...]

According to a new NBC4 Investigates Report, a breach of the Ohio State University’s (OSU) pilot program that assists veterans to recuperate from Post Traumatic Stress Disorder (PTSD) and other psychological health problems led ot [...]

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has released a new information that details cybersecurity bad practices, which are extremely harmful and considerably increase threat to critical infrastructure. There are a lot of publicized [...]

Five Rivers Health Centers located in Ohio has advised 155,748 patients regarding the unauthorized access to some of their protected health information (PHI) contained in email accounts as a consequence of a phishing attack. There [...]

The Government Accountability Office has released a report right after an evaluation of the organizational strategy to the U.S. Department of Health and Human Services (HHS)cybersecurity. The study was done because both the HHS and [...]

Scripps Health in San Diego is looking at several class-action lawsuits due to a ransomware attack on April 29, 2021 that affected 147,267 people. As a result of the attack, the 5-hospital healthcare system needed [...]

The National Institute of Standards and Technology (NIST) has published a draft Cybersecurity Framework Profile for Ransomware Risk Management to be able to guide organizations avoid, respond and recuperate from ransomware attacks. The Ransomware Profile [...]

A bipartisan group of senators has brought in a federal data breach notification bill- the Cyber Incident Notification Act of 2021 – that calls for all federal organizations, contractors, and firms that have supervision over [...]

May was 2021’s worst month thus far in terms of healthcare data breaches. The Department of Health and Human Services’ Office for Civil Rights recorded 63 breaches involving 500 or more records in May. For [...]

South Texas Health System has informed 6,761 regarding some of their protected health information (PHI) that had been accidentally disclosed. South Texas Health System offers discharge directions following patients are given medical care in its [...]

The Connecticut legislature has improved its data breach notification rule, extending the definition of personal information and reducing the maximum period of time for providing breach notices. The new legislation brings the data breach notification [...]

A cyberattack on Service Employees International Union 775 (SEIU 775) Benefits Group, which is a benefits manager for home healthcare and nursing home employees, resulted in the removal of sensitive information. IT employees discovered issues [...]

The Cybersecurity and Infrastructure Security Agency (CISA) has released a security alert concerning 6 vulnerabilities identified in the ZOLL Defibrillator Dashboard, which include a remote code execution vulnerability with critical 9.9 severity. An anonymous person [...]

The National Institute of Standards and Technology (NIST) has posted its latest report about the usage of biometric authentication on cellular devices to permit first responders to obtain quick access to sensitive information, at the [...]

Attleboro, MA-based Sturdy Memorial Hospital is notifying 57,379 patients regarding a computer security incident that happened on February 9, 2021 whereby patient data was compromised. In accordance with the breach notice issued by the hospital, [...]

The Federal Bureau of Investigation (FBI) has given a Flash Notification cautioning Fortinet Fortigate appliances end users that Advanced Persistent Threat (APT) groups are planning to target devices that haven’t been patched for three vulnerabilities: [...]

Microsoft has found a huge spear-phishing campaign executed by the Russian Advanced Persistent Threat (APT) group, which is responsible for the SolarWinds Orion supply chain attack. Since January 2021, Microsoft has tracked the APT group [...]

RMcKinley Christian Health Care Services (RMCHCS) in Gallup, NM submitted a report regarding a ransomware attack in February 2021 that resulted in patient data exfiltration. The attack in February conducted by the Conti ransomware gang [...]

CareSouth Carolina based in Hartsville, SC has informed 76,035 patients regarding the likely exposure of some of their protected health information (PHI) because of a ransomware attack on Netgain Technologies, its IT service provider. Netgain [...]

ZocDoc based in New York, which provides a platform that allows potential patients to schedule meetings with doctors and dentists, has found an issue in its software program that permitted patient information to be seen [...]

Health Plan of San Joaquin (HPSJ), which is a non-profit provider of Medi-Cal managed care located in French Camp, CA, found out that an unauthorized person has acquired access to its email system and possibly [...]

A number of healthcare organizations have shown concern concerning the HIPAA Privacy Rule modifications recommended by the Department of Health and Human Services (HHS) last December 2020 and publicized in the Federal Register last January. [...]

New England Dermatology has begun informing 58,106 patients regarding the compromise of some of their protected health information (PHI). In a breach notice last April 30, 2021, New England Dermatology stated that its in-house pathology [...]

April was notably an awful month for healthcare data breaches as 62 breaches involving at least 500 records were reported. March 2021 had the same number of healthcare data breaches. April had more than 2 [...]

2020 was definitely not a usual year. The pandemic put big challenges on IT security teams and companies were compelled to quickly speed up their digital transformation strategies and greatly expand their remote working capacities. [...]

Compliancy Group has certified that Macadamian Technologies has an efficient HIPAA compliance program in place and granted the company its HIPAA Seal of Compliance award. Macadamian Technologies is a software design and development company based [...]