Recent HIPAA News

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory regarding a new ransomware variant that is employed in attacks on a number of industry sectors, such as medical care. To date, the [...]

Full-service home medical equipment firm, Health Aid of Ohio in Parma, OH, has learned that unauthorized people obtained access to its networks and stolen a number of files. The data breach was identified on February [...]

CaptureRx, a 340B administrative services provider to healthcare organizations in San Antonio, TX, has experienced a ransomware attack that resulted in the theft of files that contain the protected health information (PHI) of its customers’ [...]

Elekta, a Swedish provider of oncology and radiology system, is recovering from a cyberattack that shoved it to take offline its first-generation web-based storage platform on April 20, 2021. Even though the firm has reported [...]

The healthcare provider Scripps Health located in San Diego experienced a ransomware attack on May 1, 2021 which compelled it to shut down its information technology systems. Scripps Health manages four hospitals throughout the San [...]

Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web. DCM had hired the SaaS platform company Medifies [...]

The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 people were accidentally exposed on the internet because of a mistake made by a member of its employees. [...]

An email security breach at HME Specialists LLC, doing business as Home Medical Equipment Holdco, resulted in the potential compromise of the protected health information (PHI) of 153,013 people. HME Specialists found suspicious activity within [...]

Due to the escalating danger from ransomware attacks, the U.S Department of Justice has started a brand new Ransomware and Digital Extortion Task Force that is going to focus on the whole ransomware ecosystem. The [...]

A cyberattack on CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) resulted in the theft of CHPDC members’ protected health information (PHI). CHPDC, formerly called Trusted Health Plans, found out that its computer [...]

Pressure between Russia and the U.S. is increasing because of the nonstop cyberattacks on private and public sector establishments as well as the U.S. government by Russian government hackers. The National Security Agency (NSA), DHS’ [...]

Compliancy Group has certified that SageData, the business intelligence platform provider from Bulgarian, has effectively enforced a HIPAA compliance program and is keeping the regulatory requirements of the HIPAA Security Rule, Privacy Rule, Omnibus Rule, [...]

The U.S. National Security Agency (NSA) has reported four zero-day vulnerabilities identified in Microsoft Exchange Server versions 2013, 2016, and 2019 which are employed for on-premises Microsoft Exchange Servers. Quick patching is necessary as threat [...]

The business and technology consulting company Fresh Gravity has been verified by Compliancy Group as having undertaken all required actions to show compliance with the HIPAA Security Rule, Privacy Rule, Omnibus Rule, Breach Notification Rule, [...]

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has introduced a brand new tool to go with the open-source Sparrow detection tool based on PowerShell that was launched in December 2020 to support network defenders [...]

Advanced persistent threat (APT) actors are exploiting vulnerabilities in the Fortinet FortiOS operating system to gain access to servers to get into networks as pre-positioning for follow-on data exfiltration and information encryption attacks. In the [...]

Compliancy Group has reported that Kleva Health Inc. has an appropriate HIPAA compliance program in place and is satisfying the prerequisites of the HIPAA Rules. Kleva Health as a digital health technology firm offers a [...]

Wake Forest Baptist Health made an announcement that an unauthorized individual acquired access to the systems of Healthgrades Operating Co. Inc, its technology vendor between October 16 and October 28, 2020 and possibly viewed or [...]

Security company Proofpoint has associated the Advanced Persistent Threat (APT) group called Charming Kitten with a spear-phishing campaign carried out at the end of 2020 aimed towards senior pros at medical research institutions in the [...]

At the beginning of 2020, phishers began taking advantage of the pandemic and changed from their typical lures to many pandemic-associated themes for their campaigns. After one year since the COVID pandemic began, researchers at [...]

The Compliancy Group has certified WellnessLiving, a top-rated business management software provider for health and wellness companies, as HIPAA compliant. Any software company that offers products that are likely to access PHI is categorized as [...]

Cancer Treatment Centers of America is notifying 104,808 of its Midwestern Regional Medical Center patients regarding the potential access by an unauthorized person to some of their protected health information (PHI) that is included in [...]

In February 2021, reported data breaches involving 500 or more healthcare records increased by 40.63%. There were 45 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, almost all [...]

Compliancy Group certifies Canary Global Inc. as having a good HIPAA compliance program setup. Canary Global Inc. is a medical technology firm that has created a selection of revolutionary medical devices, software programs, and services, [...]

MyWoundDoctor Inc. has been certified by Compliancy Group as having a good HIPAA compliance plan and is dedicated to making sure that all electronic protected health information (ePHI) recorded and sent by its telehealth mobile [...]

On January 12, 2021, Colorado Retina Associates in Denver found out that an unauthorized person accessed the email account of one employee and utilized it to send out phishing emails to contacts listed in the [...]

Health plan management and back-office services provider PeakTPA based in St. Louis, MO-based provider reported a cyberattack with protected health information (PHI) theft that occurred on or approximately December 28, 2020. PeakTPA detected the security [...]

Premier Diagnostics, a COVID-19 testing service based in Utah, has accidentally compromised the protected health information (PHI) of thousands of people. Bob Diachenko of Comparitech discovered two exposed Amazon S3 buckets on February 22, 2021. [...]

About 207,000 people were confirmed to have been impacted by a ransomware attack on St. Cloud-based Netgain Technology LLC and that number may still go up. A number of entities in the healthcare sector, such [...]

Making changes to the HIPAA Rules is not frequent, therefore whenever there is a proposition for updates, a range of new specifications and updates to existing terms is commonly included. Before undertaking any updates, a [...]

On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Mikie Sherrill (D-New Jersey) and Bonnie Watson Coleman (D-New Jersey)wrote a letter advocating the Federal Trade Commission (FTC) to begin imposing the Health Breach [...]

Governor Ralph Northam has signed into law the Virginia Consumer Data Protection Act (CDPA). CDPA mandates persons doing business in the Commonwealth of Virginia to follow new data privacy and security standards. The CDPA will [...]

The IBM X-Force published a new report that shows healthcare cyberattacks had a 100% increase in 2020 and 28% of attacks were ransomware attacks. The substantial increase in healthcare sector cyberattacks put the sector on [...]

2020 was a notably awful year for the healthcare industry in terms of ransomware attacks. Fortune 500 healthcare system Universal Health Services (UHS) based in King of Prussia, PA suffered one of the worst ransomware [...]

The performance analytics and end-user experience solution provider Accedian based in Montreal, Canada has been certified as HIPAA compliant by Compliancy Group. Accedian’s solutions help its clients with their digital infrastructure, at the same time, [...]

Covenant Healthcare based in Saginaw, MI has found out that an unauthorized individual acquired access to two email accounts of employees. The account held the protected health information (PHI) of roughly 45,000 patients. The healthcare [...]

The last day for reporting healthcare data breaches involving less than 500 records that were identified in 2020 is on March 1, 2021. Until then, HIPAA-covered entities and business associates can submit their breach reports [...]

Kroger made an announcement that it has encountered a data security incident, which exploited the SQL injection vulnerabilities found in its Accellion File Transfer Appliance (FTA). The Accellion FTA is an old appliance that was [...]