Month: April 2018

Many people talk about the General Data Protection Regulation (GDPR) nowadays with its pending enforcement on May 25, 2018. Since the GDPR is an EU law, does it only impact organizations located within the EU? […]

MEDantex, a transcription service provider, accidentally left patient medical records unsecured and freely accessible to anyone without the need of a password.  The error in restricting access to a physician’s portal resulted in the exposure […]

For the first quarter of 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 77 reports of healthcare data breaches. Over one million patients and health plan members were affected […]

According to Symantec, there’s a recently identified threat group called Orangeworm, which is launching targeted attacks on big healthcare companies in the United States. Orangeworm was first discovered in January 2015. It has been doing […]

The protected health information of 1,071 patients who received medical services at the Des Moines Crisis Observation Center was “accidentally and unknowingly disseminated” for a period of three and a half years. The Crisis Observation […]

The updated version of the Cybersecurity Framework was made available by the National Institute of Standards and Technology this April 16, 2018. This framework for improving critical infrastructure cybersecurity was issued initially on February 2014. […]

The number of healthcare data breaches increased month-over-month. In March 2018, HIPAA covered entities reported 29 security breaches. February 2018 had 25 breach incidents. Though the number of reported data breaches increased in March, there […]

UnityPoint Health discovered that unauthorized individuals accessed the email accounts of several employees. It was found that the email accounts were accessed for a period of three months starting from November 1, 2017 up to […]

Inogen is a company that manufactures portable oxygen concentrators. An unauthorized person got the login credentials of one Inogen employee and accessed his email account. The personal information of about 30,000 persons that Inogen provided […]

Baptist Health’s West Kendall Baptist Hospital in Miami, FL discovered that a former employee stole the credit card information of patients then used the details for fraudulent purchases. Baptist Health found out about the misuse […]

The protected health information (PHI) of tens of thousands of Middletown Medical patients was exposed due to a misconfiguration in the security setting of a radiology interface. Middletown Medical, a multi-specialty physician’s group that is […]

Ponemon Institute conducted a survey on behalf of ServiceNow to learn about the issues on patching that healthcare and pharmaceutical industries are struggling with. The study revealed that organizations are not patching vulnerabilities promptly hence […]

Finally, Alabama has a law requiring companies to issue notifications to residents whose personal information has been exposed or compromised because of a data breach. On March 28, 2018, Governor Kay Ivey signed the data […]

Law enforcement discovered that the protected health information (PHI) of some Cambridge Health Alliance (CHA) patients fell into the hands of an unauthorized person. Everett Massachusetts Police Department notified CHA on January 31, 2018 about […]

Almost all states in the U.S. have their own data breach notification legislation. Now, there are new federal regulations being proposed that could render state level laws obsolete. The Data Acquisition and Technology Accountability and […]

All 48 U.S. states are already implementing a Breach Notification Law that requires individuals and companies storing personal information to send a notification letter to individuals when a data breach occurs. South Dakota is one […]

Owen Graduate School of Management researcher Dr. Sung Choi conducted a study on the effects of data breaches in hospitals. The results indicated a rise in mortality rates at breached hospitals due to a drop […]