Recent HIPAA News

Just a few days after expressing the intention to issue a penalty to British Airways the amount of £183 million ($230 M) for its 383-million records breach, the United Kingdom’s Information Commissioner’s Office (ICO) is [...]

Adirondack Health Vermont notified about 25,000 patients regarding the potential exposure of their protected health information (PHI) due to hacking. The potentially compromised information include the patients’ names, birth dates, healthcare insurance member numbers or [...]

The U.S. Department of Health and Human Services (HHS) Secretary has declared a partial waiver of HIPAA sanctions and penalties in Louisiana because of the damage that Tropical Storm Barry likely caused when it hit [...]

UK Information Commissioners Office (ICO), which is the GDPR supervisory authority, issued the biggest GDPR penalty to British Airways amounting to £183.39 million or $228 million for failure to employ security controls that led to [...]

Premera Blue Cross agreed to pay $10 million to settle a multi-state data breach lawsuit that involved 30 state attorneys general. The alleged violations of state and federal laws resulted to a breach of 10.4 [...]

Essentia Health is an integrated health system providing services in the states of Minnesota, North Dakota, Wisconsin and Idaho. Notifications sent to over 1,000 Essentia Health patients stated that some of their protected health information [...]

Nemadji Research Corporation, doing business under the name of California Reimbursement Enterprises, released information regarding the unauthorized person who accessed the email account of an employee. There is potential exposure of the protected health information [...]

GE Aestiva and Aespire Anesthesia devices were found to have an improper authentication vulnerability. These devices are typically used in hospitals all over America. The CVE-2019-10966 vulnerability can allow an attacker to remotely change the [...]

A recent nCipher Security survey explored the value consumers put on their health information privacy and security. The survey had 1,300 U.S. consumers as participants and looked into their attitudes toward online personal privacy, sharing [...]

Hackers exploited a two-year-old vulnerability in Microsoft Outlook targeting U.S. government networks. A warning issued by U.S. Cyber Command talked about the active exploitation of vulnerability CVE-2017-1174 and installation of remote access Trojans and other [...]

A medical student is filing a lawsuit against Marshall University and Cabell Huntington Hospital because some of his protected health information (PHI) was impermissibly disclosed to a class of students. The medical student, which the [...]

Alerts regarding the cybersecurity vulnerabilities discovered in several Medtronic insulin pumps were released by the United States Computer Emergency Readiness Team (US-CERT) and the Food and Drug Administration (FDA). The vulnerable insulin pumps connect to [...]

According to a recent study, larger healthcare providers are more inclined to have fully developed, sophisticated cybersecurity defenses, whereas smaller healthcare providers struggle to implement cybersecurity best practices. KLAS and CHIME conducted the study and [...]

Franciscan Health located in Mishawaka, IN found out that a former staff committed unauthorized access of the protected health information (PHI) of around 2,200 patients. In a routine privacy review, Franciscan Health learned about the [...]

A former UChicago Medicine patient filed a lawsuit claiming that his medical information along with those of hundred other patients were shared with Google with no prior authorization. The lawsuit accuses UChicago Medical Center, UChicago [...]

Virginia-based Dominion National, which is an insurance company, health plan manager, and administrator of dental and vision benefits, learned that a data breach affected the personal information of individuals connected to the services it provides. [...]

Estes Park Health (EPH) located in Colorado was attacked by ransomware, which extensively encrypted files all across its network. EPH discovered the ransomware attack on June 2, 2019 when employees noticed and reported the computers’ [...]

A patient care coordinator previously employed at the University of Pittsburgh Medical Center (UPMC) received a one-year imprisonment term for accessing patient healthcare records and utilizing that data for malicious damages. Sue Kalina, 62, living [...]

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning after a surge in ‘Iranian regime actors’ cyberattacks. Christopher C. Krebs gave the warning as tensions build up [...]

Cybercriminals that locate and exploit vulnerabilities to access healthcare networks and patient information are increasing their activities. The last two months were the worst and second worst months in terms of number of healthcare data [...]

A ransomware attack on Tenx Systems, a company providing software for assisted living communities, impacted over 60 facilities that utilize the software program. Also known as ResiDex Software, Tenx Systems stated the attack happened on [...]

A phishing attack on the Oregon Department of Human Services (ODHS) resulted to the potential compromise of the personal information of 645,000 clients. The phishing attack began on January 9, 2019, which got 9 ODHS [...]

A recent ransomware attack on Shingle Springs Health and Wellness Center (SSHWC) located in Placerville, CA resulted to the potential compromise of the protected health information (PHI) of 21,513 patients. SSHWC found out on April [...]

Rave Mobile Safety is hosting a webinar on June 18, 2019 that seeks to give better understanding of mental health problems, the difficulties community members encounter in relation to mental health conditions, and how to [...]

An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient [...]

A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing [...]

An ex-employee of a healthcare provider based in Germantown, MD is alleged to have accessed the protected health information (PHI) of approximately 16,542 patients. The information was allegedly given to a third party to be [...]

Ever since reports regarding the massive data breach at American Medical Collection Agency (AMCA) became known, over 12 lawsuits had been submitted by breach victims. Quest Diagnostics formally reported the breach on June 3, 2019 [...]

News reports spoke of the American Medical Collection Agency (AMCA) data breach that brought about the compromise of 11.9 million Quest Diagnostics patient records. Current news cite another healthcre company affected by the AMCA breach. [...]

Turlock Irrigation District in California is notifying its employees who are members of their employer-sponsored health plan regarding the exposure of some of their protected health information (PHI) online due to a business associate error. [...]

The huge data breaches lately which included the breach at Quest Diagnostics affecting 11.9 million records and the breach at LabCorp affecting 7.7 million records. Now, University of Chicago Medicine announced a data breach with [...]

The Vermont Supreme Court issued a ruling permitting a patient to take legal action against a hospital and nurse for privacy violation, irrespective of Vermont law and the HIPAA law that do not allow private [...]

Microsoft issued another warning regarding the BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) after publishing online proof-of-concept exploits for the vulnerability. Microsoft issued fixes for the vulnerability on May 14, 2019. Patches were also made [...]

In March 2015, health insurer Premera Blue Cross in Seattle reported a major data breach that affected close to 10.6 million plan members. The breach happened in 2014 and a wide range of information was [...]

People Inc. is a non-profit health and human services firm located in Western New York providing services to elderly people and people with developmental disabilities. A phishing attack on the organization affected roughly 1,000 persons. [...]

Medical Oncology Hematology Consultants (MOHC), a Newark,DE based cancer treatment center, suffered an email security breach that lead to the compromise of the protected health information (PHI) of some patients. MOHC published a substitute breach [...]

Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable [...]

A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. [...]

Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The [...]

Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, [...]

Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data [...]

Thousands of health records were found left behind in a public dumpster located in Texas. The boxes comprise of patient and employee records from Today’s Vision and include documents that contain highly sensitive data. Today’s [...]

Cancer Treatment Centers of America (CTCA) suffered another breach involving the e-mail account of one personnel working at its Southeastern Regional Medical Center. The breach on March 10, 2019 happened after a phishing attack. The [...]

The American Academy of Neurology (AAN) spoke about their concerns on the interoperability plans of the HHS’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). [...]

April was really bad for healthcare data breaches. The number of reported data breaches this month is higher than any other month since October 2009 when the Department of Health and Human Services’ Office for [...]

A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security [...]

American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around [...]

The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack [...]

A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City [...]