Recent HIPAA News

In December 2021, there were 56 data breaches involving 500 and up healthcare records reported to the HHS’ Office for Civil Rights (OCR), which showed a 17.64% drop compared to the past month. In 2021, [...]

Jefferson Surgical Clinic based in Roanoke, VA has started alerting patients concerning the potential compromise of some of their protected health information (PHI) due to a cyberattack that was uncovered on June 5, 2021. Based [...]

The tech firm Accellion in Palo Alto, CA made a proposal for an $8.1 million settlement to take care of a class action data breach suit that was filed on behalf of affected individuals of [...]

The digital pharmacy and health app developer Ravkoo based in Auburndale, FL has started sending notification letters to a number of patients regarding an unauthorized individual who viewed and potentially stole some of their sensitive [...]

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) have given a joint alert to caution about the danger of Russian cyberattacks on critical infrastructures, [...]

In 2019, it was scary to have over 1 healthcare data breach report daily. In 2021, certain months had over two healthcare data breaches per day. With data breaches occurring so often and ransomware attacks [...]

Anthem Inc. has notified 2,003 members that an unauthorized individual potentially viewed or obtained some of their protected health information (PHI) after gaining access to the network of one of its business associates. Anthem works [...]

Fertility Centers of Illinois (FCI) has lately advised 79,943 present and past patients concerning unauthorized persons that may have accessed or acquired some of their protected health information (PHI). FCI found suspicious system activity last [...]

The Rhode Island Public Transit Authority (RIPTA) has just informed the Department of Health and Human Services’ Office for Civil Rights regarding a data breach that affected the protected health information (PHI) of 5,015 individuals [...]

Some of the major healthcare data breaches of 2021 are the worst in history. This post summarizes the major data breaches reported in 2021. The Department of Health and Human Services’ Office for Civil Rights’ [...]

Saltzer Health based in Nampa, Idaho has begun informing a number of patients regarding the exposure of their protected health information (PHI) due to an email account breach, which was discovered on June 1, 2021. [...]

The gastroenterology healthcare provider based in Bradenton, FL called Florida Digestive Health Specialists (FDHS) has lately begun informing over 212,000 patients regarding the exposure of some of their protected health information (PHI) in a cyberattack [...]

There is a 15.25% increase (compared to October) in the number of healthcare data breaches reported to the HHS’ Office for Civil Rights. November had 68 data breaches involving 500 and up records reported. For [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued new guidance to discuss how the HIPAA Privacy Rule is applicable to disclosures of protected health information (PHI) to support applications [...]

Eduro Healthcare in Salt Lake City, UT has advised 8,059 individuals regarding the potential exposure of their PHI. In March 2021, the healthcare company found suspicious activity in its network and took quick action to [...]

Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) recently suffered a cyberattack that was discovered on October 19, 2021. The moment the attack was identified, immediate action was done to avoid further access [...]

The number of healthcare organizations affected by the latest ransomware attack on Kronos has been increasing in the past few days. 7 healthcare companies have now reported that they have been impacted by the attack. [...]

The accountancy company Bansley and Kiener LLP based in Chicago, IL has announced that it encountered a ransomware attack in December 2020 that resulted in the encryption of certain files within its systems. The attack [...]

On July 11, 2021, the Oregon Anesthesiology Group found out that it encountered a ransomware attack that resulted in the encryption of files on its systems and preventing access to its servers and patient data. [...]

A maximum-severity vulnerability was discovered in Apache Log4j, which is an open-source logging library based in Java. It is utilized by a lot of organizations in their business programs and by numerous cloud solutions. The [...]

A number of Hillrom Welch Allyn Cardio products had been found to have a high severity vulnerability that permits an attacker to access accounts without using a password. The vulnerability involves an authentication bypass problem [...]

SonicWall has launched a new software program for its Secure Mobile Access (SMA) 100 series remote access appliances that correct 8 vulnerabilities which include 2 critical and 4 high-severity vulnerabilities. Threat actors are exploiting vulnerabilities [...]

Three healthcare providers have lately announced security breaches affecting the email accounts of workers. The incidents potentially led to the compromise and possible theft of the protected health information (PHI) of over 40,000 people. Saltzer [...]

The Department of Health and Human Services made an announcement about its new website that provides guidance and resources to assist the medical care and public health industry to offset cybersecurity threats. The website was developed [...]

Mental health clinic NorthCare based in Oklahoma City, OK encountered a ransomware attack in June 2021 that led to the exposure of the protected health information (PHI) of patients. NorthCare learned about the suspicious activity [...]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance for businesses to help them protect mobile devices and safely access company resources utilizing mobile gadgets. The Enterprise Mobility Management (EMM) system checklist was [...]

Upstate Homecare, Consociate Health and Sarasota MRI, and have lately informed regulators and patients concerning security incidents relating to their personal data and protected health information (PHI). Upstate Homecare Informs 5,100 Patients Concerning Ransomware Attack [...]

The Department of Health and Human Services’ Office for Civil Rights received 59 healthcare data breach reports involving 500 or higher records in October. The number of healthcare breaches in October is 25.5% higher than [...]

The health insurance agency True Health New Mexico based in Albuquerque, NM began informing a number of health plan members regarding the exposure and possible theft of protected health information (PHI). True Health New Mexico [...]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have cautioned companies in the United States regarding the greater risk of cyberattacks during the Thanksgiving period. Cyber threat actors are [...]

University Hospital Newark (NY) reported that a former hospital employee acquired the protected health information (PHI) of thousands of patients by accessing the records without authorized consent for a one-year period. That information was later [...]

Orthopedic practice Lakeshore Bone & Joint Institute based in Indiana, has encountered a breach that affected its Microsoft Office 365 environment, including emails and file attachments that store the protected health information (PHI) of some [...]

The protected health information (PHI) of 1,271,642 people was exposed and possibly stolen in two healthcare hacking incidents that were recently reported to the Department of Health and Human Services’ Office for Civil Rights. PHI [...]

Southern Ohio Medical Center (SOMC) in Portsmouth, OH, is recouping from a cyberattack that happened on November 11, 2021. Because of the cyberattack, the hospital had to go on diversion and reroute ambulances to alternative [...]

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has released a threat alert for the healthcare sector regarding cyber threat actors using the Cobalt Strike penetration testing tool. Cobalt Strike is a potent red team [...]

Compliancy Group has certified that the healthcare technology startup Wasfago based in Dubai has an efficient HIPAA compliance program in place and has satisfied the necessary requirements of the Health Insurance Portability and Accountability Act [...]

8,412 Patients’ PHI Potentially Exposed Due to Surecare Specialty Pharmacy Ransomware Attack Surecare Specialty Pharmacy based in El Paso, TX has lately reported that it had suffered a sophisticated ransomware attack last August 16, 2021. [...]

Two vulnerabilities with high severity scores were discovered in the Philips Tasy EMR that may result in the extraction of sensitive patient information from the database. An attacker can exploit the vulnerabilities remotely. There’s a [...]

Seneca Family of Agencies located in California, a provider of education, juvenile justice, mental health, placement, and permanency services, discovered unauthorized activity in its computer systems on August 27, 2021. The action was promptly undertaken [...]

Family of Woodstock (FOW), a New York provider of crisis intervention, information, prevention, and support services, has experienced a cyberattack that resulted in the potential compromise of the protected health information (PHI) of 8,214 people. [...]

Hallettsville, Texas’  critical access hospital Lavaca Medical Center, has begun informing 48,705 individuals regarding a security breach wherein their protected health information (PHI) was exposed. Lavaca Medical Center stated it detected abnormal activity in its [...]