Year: 2019

Ann & Robert H. Lurie Children’s Hospital of Chicago, which is a pediatric specialty hospital, found out that an ex-employee accessed certain patients’ medical records without having an authorized work reason. The employee’s unauthorized action […]

In November 2019, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 33 healthcare data breach reports with 500 or more records, which is 36.5% less than the reported breaches in […]

The Northern District of Alabama filed a lawsuit against DCH Health System in the Western Division of U.S. District Court because of a ransomware attack that happened on October 1, 2019. The ransomware attack forced […]

The second enforcement action was issued by the Department of Health and Human Services’ Office for Civil Rights as per the HIPAA Right of Access Initiative. Korunda Medical in Florida agreed to resolve potential violations […]

The House Energy and Commerce Committee released a draft of the discussion of a new bipartisan data privacy bill. The bill concerns the national standards for privacy and security and plans to put limits on […]

LifeLabs located in Toronto, one of the biggest Canadian medical testing and diagnostics companies, submitted a serious data breach report. Hackers possibly viewed the personal and medical information of around 15 million individuals, mostly residents […]

Tidelands Health located in Georgetown, SC, is working 24 / 7 to reestablish its computer systems after discovering malware on its system on December 12, 2019. The malware attack has compelled the healthcare company to […]

Encryption makes data unavailable to unauthorized people, as long as strong encryption is utilized and the private key to decrypt information isn’t compromised. Not all encryption algorithms give a similar protection level. The effectiveness of […]

Truman Medical Centers located in Kansas City, MO, the biggest inpatient and outpatient services provider in the city, learned that an unencrypted laptop computer that contains 114,466 patients’ protected health information (PHI) was stolen from […]

Blue Cross Blue Shield of Minnesota, the state’s biggest health insurance provider, is currently working to resolve about 200,000 unaddressed vulnerabilities identified on its servers, some of which are over ten years old. In August […]

Cheyenne Regional Medical Center located in Wyoming lately discovered the compromise of patient data because of a phishing attack in April. On or around April 5, 2019, the medical center received notification concerning a potential […]

Sunrise Community Health based in Evans, CO discovered the compromise of several employees’ email accounts because its employees responded to phishing emails. Unauthorized individuals accessed the email accounts from September 11, 2019 to November 22, […]

In June 2016, Banner Health sustained a data breach which resulted in the theft of the protected health information (PHI) of 2.9 million people. Victims of the breach filed a class-action lawsuit in August 2016. […]

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) made an announcement a ransomware attack that caused the potential exposure of the protected health information (PHI) of about 80,000 patients. The ransomware attack was seen on September […]

Solara Medical Supplies is confronted with a lawsuit involving a data breach in June 2019 resulting in the exposure of the protected health information (PHI) of over 114,000 customers and the potential data theft by […]

Kalispell Regional Healthcare based in Montana is getting sued as a consequence of a phishing attack that made it possible for hackers to get access to the email accounts of employees that have the protected […]

Nebraska Medicine learned that a member of its staff got access to patients’ healthcare data without any authorized work reason for a time period of about three months. Nebraska Medicine uncovered the privacy violation while […]

Loudoun Medical Group, also called the Comprehensive Sleep Care Center (CSCC), had a phishing attack some time on June 19, 2019. The IT department was cautioned regarding a potential email security breach upon detecting suspicious […]

Amazon’s Alexa now features a new healthcare skill that patients may employ in handling their prescription drugs and purchasing prescription refills. At the beginning of this year, Amazon stated that it has made a HIPAA-eligible […]

The 8th HIPAA financial penalty of 2019 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). Sentara Hospitals has made an agreement to pay a penalty of $2.175 […]

The Anti-Phishing Working Group’s Phishing Activity Trends Report for Q3, 2019 stated that the rate of phishing attacks now is at a rate that is the highest since 2016. In Q3 of 2019, there were […]

Google has affirmed the news of its partnership with one of the biggest U.S. healthcare systems so that it could access a substantial volume of patient information. Google partnered with Ascension, which is the world’s […]

Brooklyn Hospital Center in New York announced a security breach that happened in late July 2019 involving malware installation on some hospital servers. The quick discovery of the incident minimized the problems caused since safety […]

A ransomware attack on Virtual Care Provider Inc. (VCP), a provider of data storage, internet, and email services, cybersecurity, and other IT services in Wisconsin, resulted in the encryption of the healthcare records and other […]

A phishing attack on Choice Cancer Care Treatment Center (CCCT) in May 2019 resulted in the potential access of the protected health information (PHI) of some patients by unauthorized people in May 2019. CCCT is […]

Aegis Medical Group, a physician group in Florida, began informing 9,800 patients regarding the potential access of their protected health information (PHI) by a former employee. Allegedly, that person tried to sell patient data to […]

A phishing attack on Solara Medical Supplies, LLC in Chula Vista, CA, resulted in the potential compromise of the protected health information (PHI) of a lot of its customers. Solara Medical discovered suspicious activity in […]

A misconfigured AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a network of drug and alcohol addiction rehabilitation centers based in San Juan Capistrano, CA resulted in the compromise of sensitive patient data. […]

Main Street Clinical Associates, PA. located in Durham, NC has notified a number of its patients regarding the potential compromise of some of their protected health information (PHI) because of the stolen devices from its […]

A phishing attack at Salem Health Hospitals & Clinics, Oregon on July 31, 2019 resulted in the access of some employees’ email accounts by an unauthorized person. The healthcare provider detected the breach within a […]

A new survey was done to know the expense connected with healthcare data breaches, the magnitude of the healthcare community attacked, and what proportion of the attacks become successful. The Black Book Market Research performed […]

Utah Valley Eye Center based in Provo, UT sent breach notification letters to patients concerning an unauthorized person that potentially accessed some of their personal information as a result of its scheduling reminder web portal’s […]

A wrong configuration of the billing program of Texas Health Resources caused the impermissible disclosure of the health information of 82,577 of its patients. Texas Health Resources is one of the United States’ major faith-based […]

The HHS updated its HIPAA Security Risk Assessment Tool with a number of new features requested by users to enhance usability. The HHS Office of the National Coordinator for Health Information Technology (ONC) in cooperation […]

Because a data breach on the Palmetto Health site occurred, Prisma Health Midlands is informing about 19,000 patients and 3,000 employees. Prisma Health – earlier known as Palmetto Health – found out on August 29, […]

TitanHQ, a provider of cloud security, has seen an exceptional increase in quarter three of 2019, having the most bustling quarter for its MSP enterprise all through its 20+ year history. The company grew into […]

Smith’s Food & Drug based in Salt Lake City, OH has reported that around 58,000 patients’ pharmacy records were improperly disposed of. The grocery and drug store chain discovered the improper disposal on August 29, […]

California Governor Gavin Newsom affixed his signature on bill AB-1130 which revises the data breach notification law in California. The latest bill stretches the meaning of personal information impacting the need to issue notifications to […]

The vulnerability CVE-2019-13546 was discovered in the Philips IntelliSpace Perinatal obstetrics data management system. This vulnerability is remotely exploitable by a user of an authorized remote desktop session host application or a person that could […]

Geisinger Health Plan based in Danville, PA found out that some of its members’ protected health information (PHI) was exposed because Magellan NIA, one of its business associates, had a suspected phishing attack. Magellan NIA […]

Kalispell Regional Healthcare in Montana had a security breach last summer and is informing around 129,000 patients about the potential compromise of their protected health information (PHI). Kalispell Regional Healthcare manages Kalispell Regional Medical Center, […]

Monterey Health Center in Milwaukie, OR encountered a ransomware attack, which began on August 12, 2019. Because of the incident, its electronic health records system was encrypted and made patient information inaccessible. With the assistance […]

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) and Microsoft launched a new project to create guidance on the development and implementation of an effective patch management strategy. After […]

A new report from Emsisoft, a New Zealand-based cybersecurity company, exposed the magnitude of ransomware usage in cyberattacks in America. 2019’s first 9 months had 621 reports of ransomware attacks on government agencies, healthcare companies, […]

The 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs) has been published by Gartner. It includes a study of the healthcare cloud market and points out how the cloud may be […]

A new Proofpoint report provides ideas on the cyber threats that healthcare companies run into and the most prevalent attacks that bring about healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report reveals the evolving threat […]

Hunt Regional Healthcare based in Texas learned that a May 2018 cyberattack was more extensive than earlier thought. The FBI informed Hunt Regional on May 14, 2019 that an advanced, targeted cyberattack hit its systems […]

The University of Texas at Austin McCombs School of Business introduced a special healthcare-specific professional cybersecurity certificate program. The professional leadership and educational program is the first healthcare targeted cybersecurity certification program to be made […]

Three of DCH Health System’s hospitals in Alabama were forced not to accept new patients other than those in a critical state due to a ransomware attack. The staff in DCH Regional Medical Center in […]

CHI Health in Omaha, NE, a 14-hospital health system, had a ransomware attack, which led to the potential exposure of the protected health information (PHI) of close to 48,000 patients. CHI Health became aware of […]

On behalf of Kaspersky Lab, a B2B International survey recently performed confirmed there is an increase in the average expense of a data breach at the enterprise-level from $1.23 million (2018) to $1.41 million. The […]

Cancer Treatment Centers of America (CTCA) is informing some patients about the exposure of their protected health information (PHI) because of a phishing-related email security breach at its Southeastern Regional Medical Center, which happened on […]

There has been an increase in the number of business email compromise (BEC) attacks in the United States. According to Symantec, an average of 6,029 businesses received BEC emails in the last 12 months and […]

The Department of Health and Human Services’ Office for Civil Rights consented to a negotiation with Elite Dental Associates concerning its HIPAA violation case relating to the impermissible disclosure of protected health information (PHI) of […]

Armis Security researchers found 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, which is a third-party software part utilized in some medical devices and hospital networks. The DHS Cybersecurity and Infrastructure Security Agency (CISA) received […]

North Florida OB-GYN located in Jacksonville, FL found out that hackers acquired access to selected parts of its computer system holding personal and health information of patients and infected the system with a virus that […]

A damaging ransomware attack on Wood Ranch Medical in Simi Valley, CA caused its irreversible shutting down on December 17, 2019. The attack took place on August 10, 2019 and the ransomware corrupted the servers. […]

Sen. Rand Paul, M.D., (R-Kentucky) has announced a new bill that tries to once and for all take away the HIPAA national patient identifier provision considering the privacy problems in using such a system. At […]

Dr. Ulrich Klopfer operated three abortion clinics in Indiana, but the clinics were closed down upon the suspension of his license in 2015. After his passing away on September 3, 2019, his family members discovered […]

The Department of Health and Human Services (HHS) is banned from expending any of its funds for the creation and launch of a national patient identifier, although there was anticipation that the prohibition will eventually […]

Starting October 1, 2019, medical insurance companies and related services must inform the Maryland Insurance Administration (MIA) in case a breach of insureds’ personal data occurs. The change in legislation is applicable to health plans, […]

Philips IntelliVue WLAN firmware had been found to have two vulnerabilities that affected some IntelliVue MP monitors. The vulnerabilities can be exploited by hackers to install malicious software that could have an effect on data […]

A ransomware attack on Campbell County Health located in Gillette, WY resulted in the disablement of hospital systems, which prevented access to patient information. The attack began in early in the morning of September 20, […]

Based on a recent investigation by ProPublica, Bayerischer Rundfunk (a German public broadcaster), and Greenbone Networks (vulnerability and analysis firm, 24.3 million medical images in medical image storage systems are publicly accessible on the internet […]

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices. Mobile devices permit personnel to […]

A phishing attack on East Central Indiana School Trust (ECIST) resulted in the exposure of some protected health information (PHI) of over 3,200 people. On May 19, 2019, an ECIST employee was misled into sharing […]

According to the Global Connected Industries Cybersecurity Survey conducted by Irdeto, a Swedish software company, 82% of healthcare companies utilizing Internet-of-Things (IoT) devices were attacked via one of those devices in the past year. Irdeto […]

The Office of Management and Budget (OMB) submitted its annual audit report to Congress concerning the cybersecurity status of federal agencies, as ordered by the Federal Information Security Modernization Act of 2014 (FISMA). OMB examined […]

A new research study published in JAMA Network Open revealed that many patients are okay with sharing their EHR data and biospecimens for research purposes; however, the majority of patients would like to limit the […]

When healthcare providers encounter a data breach, breach victims will naturally be annoyed and upset. People provide their data to healthcare organizations with the understanding that they implement safeguards to protect that information. Whenever patients […]

A phishing attack on Artesia General Hospital in Artesia, NM resulted to the compromise of 13,905 patients’ protected health information (PHI). The hospital detected the breach on June 18, 2019 when it was discovered that […]

The agency assigned to implement HIPAA compliance is the Department of Health and Human Services’ Office for Civil Rights. Only a handful of HIPAA violations were issued financial penalties prior to 2016. Then, the number […]

The last phishing attack on Bonita Springs, an NCH Healthcare System based in Florida, highlighted the great importance of providing healthcare employees with security awareness training. Bonita Springs detected the attack on June 14, 2019 […]

On June 26, a University of Chicago Medical Center (UCMC) patient filed legal action against UCMC and Google with regards to an alleged privacy violation involving the disclosure of protected health information (PHI) without de-identifying […]

A phishing attack on NCH Healthcare System in Naples, FL resulted in the exposure of patient information. NCH Healthcare knew about the suspicious activities on its payroll system on June 14, 2019. A third-party computer […]

The Swedish Data Protection Authority (DPA) issued its first financial penalty for a General Data Protection Regulation (GDPR) violation. A high school in Skellefteå was issued a 200,000 SEK fine (€19,000/$21,000) for conducting a pilot […]

An unsecured database online contains the personal data of individuals who exhibited an interest in Vascepa®, a cholesterol drug that Amarin Pharma manufactures. The database contained information including complete names, telephone numbers, email addresses, home […]

Massachusetts General Hospital (MGH) discovered recently the unauthorized access of the computer applications utilized by its Department of Neurology researchers. The person behind the breach could potentially access the protected health information (PHI) of around […]

Nuvance Health informed some Western Connecticut Health Network (WCHN) patients concerning their protected health information (PHI) exp. CHN sent to the Connecticut State Department of Public Health a package of medical documents on June 11, […]

The healthcare industry is being attacked with more data breaches. Why do hackers want to target the healthcare industry? FireEye came up with a new report to provide answers to this question. FireEye researchers analyzed […]

The Western District of Wisconsin US District Court has partly dismissed the class-action data breach lawsuit that UnityPoint Health is facing. In February 2018, employees of UnityPoint Health received phishing emails and responded to them. […]

A database which comprises of the personal information of men and women who expressed interest in Vascepa®, a cholesterol drug manufactured by Amarin Pharma, was exposed online. The database, which a third party vendor maintained, […]

Florida’s Integrated Regional Laboratories (IRL) is informing about 30,000 patients regarding the potential compromise of their protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) data breach, which was discovered […]

medRxiv, a health manuscript archiving firm, recently conducted a study which revealed the prevalent noncompliance with the HIPAA right of access. The researchers of this study mailed 51 healthcare providers requesting for medical record and […]

Eye Care Associates, a fully integrated eye care provider in the northeast Ohio region, had a ransomware attack in late July which led to the inaccessibility of its computer systems. Two weeks after the attack, […]

The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock […]

Because of a phishing attack on April 2019, the University of Missouri Health Care (MU Health) is charged with a lawsuit. MU Health found out on May 1, 2019 the one week unauthorized access of […]

Allscripts Healthcare Solutions proposed a preliminary settlement to resolve the violations of HIPAA, the Anti-Kickback Statute and the electronic health record (EHR) incentive program of the HITECH Act by the electronic health record (EHR) firm […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico. A press release on July 19, 2019 explained the discovery by […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico. A press release on July 19, 2019 mentioned the […]

Businesses governed by HIPAA regulations need to be mindful whenever using emergency text notification systems and ensure not to disclose Protected Health Information (PHI) without authorization. It can be quite difficult to adhere to HIPAA […]

The Department of Veteran Affairs Office of Inspector General (VA OIG) inspected a California VA medical center recently and found security vulnerabilities linked to medical device workarounds as well as non-compliance with Veterans Health Administration […]

The healthcare industry has had a particularly bad first six months. The many reports of data breaches and the volume of healthcare records exposed every day are very concerning. The trend this 2019 is over […]

A HIPAA business associate from Madison Heights, MI, Northwood Inc., reported hacking of one of its employee’s email account and potential viewing or acquisition of sensitive patient information. Northwood Inc knew about the breach on […]

The first GDPR data breach fine has been issued by Authoriteit Persoonsgegevens, the GDPR data protection authority in the Netherlands, to Haga Hospital in the Hague. The hospital is to pay a GDPR fine of […]

Patients of Wise Health System in Decatur, TX received notification regarding the potential exposure of their protected health information (PHI) because of a phishing attack. About 35,899 patients were affected by the breach. The phishing […]

The 2019 Cost of a Data Breach Report of Ponemon Institute/IBM Security has been published. It is a detailed study of the reported data breaches in 2018. It revealed the continuous increase of data breach […]

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its […]