Recent HIPAA News
-
The Connecticut legislature has improved its data breach notification rule, extending the definition of personal information and reducing the maximum period of time for providing breach notices. The new legislation brings the data breach notification [...]
-
A cyberattack on Service Employees International Union 775 (SEIU 775) Benefits Group, which is a benefits manager for home healthcare and nursing home employees, resulted in the removal of sensitive information. IT employees discovered issues [...]
-
The Chief Operating Officer of an IT security agency is facing a lawsuit due to a financially driven cyberattack on Gwinnett Medical Center based in Lawrenceville, GA last September 2018. Vikas Singla, aged 45, of [...]
-
The Cybersecurity and Infrastructure Security Agency (CISA) has released a security alert concerning 6 vulnerabilities identified in the ZOLL Defibrillator Dashboard, which include a remote code execution vulnerability with critical 9.9 severity. An anonymous person [...]
-
The health insurance and healthcare provider Humana in Louisville, KY and its business associate Cotiviti are confronted with legal action due to a data breach identified in late December 2020. On May 26, 2021, a [...]
-
In September 2020, Nebraska Medicine and the University of Nebraska Medical Center found out that their systems were hacked and downloaded with malware allowing the hackers access to the protected health information (PHI) of approximately [...]
-
The National Institute of Standards and Technology (NIST) has posted its latest report about the usage of biometric authentication on cellular devices to permit first responders to obtain quick access to sensitive information, at the [...]
-
Attleboro, MA-based Sturdy Memorial Hospital is notifying 57,379 patients regarding a computer security incident that happened on February 9, 2021 whereby patient data was compromised. In accordance with the breach notice issued by the hospital, [...]
-
The HHS’ Office for Civil Rights has reached a settlement with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) to resolve a potential violation of the HIPAA Right of Access. This is OCR’s 8th financial [...]
-
The Federal Bureau of Investigation (FBI) has given a Flash Notification cautioning Fortinet Fortigate appliances end users that Advanced Persistent Threat (APT) groups are planning to target devices that haven’t been patched for three vulnerabilities: [...]
-
Microsoft has found a huge spear-phishing campaign executed by the Russian Advanced Persistent Threat (APT) group, which is responsible for the SolarWinds Orion supply chain attack. Since January 2021, Microsoft has tracked the APT group [...]
-
RMcKinley Christian Health Care Services (RMCHCS) in Gallup, NM submitted a report regarding a ransomware attack in February 2021 that resulted in patient data exfiltration. The attack in February conducted by the Conti ransomware gang [...]
-
CareSouth Carolina based in Hartsville, SC has informed 76,035 patients regarding the likely exposure of some of their protected health information (PHI) because of a ransomware attack on Netgain Technologies, its IT service provider. Netgain [...]
-
ZocDoc based in New York, which provides a platform that allows potential patients to schedule meetings with doctors and dentists, has found an issue in its software program that permitted patient information to be seen [...]
-
There has been a great deal of uncertainty regarding the case of inquiring somebody if they have gotten a COVID-19 vaccine. Does it constitute a HIPAA violation, particularly with regards to employers asking their staff [...]
-
Health Plan of San Joaquin (HPSJ), which is a non-profit provider of Medi-Cal managed care located in French Camp, CA, found out that an unauthorized person has acquired access to its email system and possibly [...]
-
A number of healthcare organizations have shown concern concerning the HIPAA Privacy Rule modifications recommended by the Department of Health and Human Services (HHS) last December 2020 and publicized in the Federal Register last January. [...]
-
New England Dermatology has begun informing 58,106 patients regarding the compromise of some of their protected health information (PHI). In a breach notice last April 30, 2021, New England Dermatology stated that its in-house pathology [...]
-
April was notably an awful month for healthcare data breaches as 62 breaches involving at least 500 records were reported. March 2021 had the same number of healthcare data breaches. April had more than 2 [...]
-
Universal Health Services (UHS) is facing a lawsuit associated with a 2020 data breach; but, the lawsuit proceeded only for one of the patients identified on the lawsuit. UHS manages approximately 400 hospitals and care [...]
-
2020 was definitely not a usual year. The pandemic put big challenges on IT security teams and companies were compelled to quickly speed up their digital transformation strategies and greatly expand their remote working capacities. [...]
-
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have given an advisory regarding DarkSide ransomware after the attack on the fuel pipeline firm Colonial Pipeline. The cyberattack triggered significant disruption [...]
-
Compliancy Group has certified that Macadamian Technologies has an efficient HIPAA compliance program in place and granted the company its HIPAA Seal of Compliance award. Macadamian Technologies is a software design and development company based [...]
-
The Pennsylvania Department of Health and also its COVID-19 contact tracing provider are getting sued because of a breach of the personal and medical information of 72,000 Pennsylvanians. Insight Global and the Department of Health [...]
-
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory regarding a new ransomware variant that is employed in attacks on a number of industry sectors, such as medical care. To date, the [...]
-
Full-service home medical equipment firm, Health Aid of Ohio in Parma, OH, has learned that unauthorized people obtained access to its networks and stolen a number of files. The data breach was identified on February [...]
-
CaptureRx, a 340B administrative services provider to healthcare organizations in San Antonio, TX, has experienced a ransomware attack that resulted in the theft of files that contain the protected health information (PHI) of its customers’ [...]
-
Elekta, a Swedish provider of oncology and radiology system, is recovering from a cyberattack that shoved it to take offline its first-generation web-based storage platform on April 20, 2021. Even though the firm has reported [...]
-
The healthcare provider Scripps Health located in San Diego experienced a ransomware attack on May 1, 2021 which compelled it to shut down its information technology systems. Scripps Health manages four hospitals throughout the San [...]
-
Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web. DCM had hired the SaaS platform company Medifies [...]
-
Einstein Healthcare Network, a health system based in Philadelphia, is dealing with a class-action lawsuit associated with an August 2020 phishing attack that enabled an unauthorized person to access several employee email accounts. Einstein Healthcare [...]
-
The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 people were accidentally exposed on the internet because of a mistake made by a member of its employees. [...]
-
An email security breach at HME Specialists LLC, doing business as Home Medical Equipment Holdco, resulted in the potential compromise of the protected health information (PHI) of 153,013 people. HME Specialists found suspicious activity within [...]
-
Due to the escalating danger from ransomware attacks, the U.S Department of Justice has started a brand new Ransomware and Digital Extortion Task Force that is going to focus on the whole ransomware ecosystem. The [...]
-
The healthcare data breaches reported in March increased by 38.8%. There were 62 breaches involving at least 500 records reported to the HHS’ Office for Civil Rights, the majority of which were hacking incidents. The [...]
-
A cyberattack on CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) resulted in the theft of CHPDC members’ protected health information (PHI). CHPDC, formerly called Trusted Health Plans, found out that its computer [...]
-
Pressure between Russia and the U.S. is increasing because of the nonstop cyberattacks on private and public sector establishments as well as the U.S. government by Russian government hackers. The National Security Agency (NSA), DHS’ [...]
-
Health-ISAC, together with the American Hospital Association (AHA), has shared guidance for healthcare data security teams to assist them to develop resilience in the event of supply chain cyberattacks like the latest SolarWinds Orion occurrence. [...]
-
Compliancy Group has certified that SageData, the business intelligence platform provider from Bulgarian, has effectively enforced a HIPAA compliance program and is keeping the regulatory requirements of the HIPAA Security Rule, Privacy Rule, Omnibus Rule, [...]
-
The U.S. National Security Agency (NSA) has reported four zero-day vulnerabilities identified in Microsoft Exchange Server versions 2013, 2016, and 2019 which are employed for on-premises Microsoft Exchange Servers. Quick patching is necessary as threat [...]
-
The Ventura County District Attorney directed Adventist Health Physicians Network located in Simi Valley, California to pay civil momentary penalties worth $40,000 for a civil privacy settlement resolving a patient privacy breach that impacted 3,797 [...]
-
The business and technology consulting company Fresh Gravity has been verified by Compliancy Group as having undertaken all required actions to show compliance with the HIPAA Security Rule, Privacy Rule, Omnibus Rule, Breach Notification Rule, [...]
-
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has introduced a brand new tool to go with the open-source Sparrow detection tool based on PowerShell that was launched in December 2020 to support network defenders [...]
-
Roper St Francis Healthcare is confronted with a class action lawsuit associated with an October 2020 data breach wherein patient information was purportedly stolen. The lawsuit alleges negligence for not protecting patients’ private information. From [...]
-
Advanced persistent threat (APT) actors are exploiting vulnerabilities in the Fortinet FortiOS operating system to gain access to servers to get into networks as pre-positioning for follow-on data exfiltration and information encryption attacks. In the [...]
-
Med-Data Inc., a revenue cycle management services vendor based in Spring, TX, has given confirmation that the protected health information (PHI) of patients of some of its clients were loaded to GitHub, an open-source software [...]
-
Compliancy Group has reported that Kleva Health Inc. has an appropriate HIPAA compliance program in place and is satisfying the prerequisites of the HIPAA Rules. Kleva Health as a digital health technology firm offers a [...]
-
Wake Forest Baptist Health made an announcement that an unauthorized individual acquired access to the systems of Healthgrades Operating Co. Inc, its technology vendor between October 16 and October 28, 2020 and possibly viewed or [...]
-
Security company Proofpoint has associated the Advanced Persistent Threat (APT) group called Charming Kitten with a spear-phishing campaign carried out at the end of 2020 aimed towards senior pros at medical research institutions in the [...]
-
At the beginning of 2020, phishers began taking advantage of the pandemic and changed from their typical lures to many pandemic-associated themes for their campaigns. After one year since the COVID pandemic began, researchers at [...]