Month: May 2019

Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable […]

A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. […]

Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The […]

Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, […]

Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data […]

Thousands of health records were found left behind in a public dumpster located in Texas. The boxes comprise of patient and employee records from Today’s Vision and include documents that contain highly sensitive data. Today’s […]

Cancer Treatment Centers of America (CTCA) suffered another breach involving the e-mail account of one personnel working at its Southeastern Regional Medical Center. The breach on March 10, 2019 happened after a phishing attack. The […]

The American Academy of Neurology (AAN) spoke about their concerns on the interoperability plans of the HHS’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). […]

April was really bad for healthcare data breaches. The number of reported data breaches this month is higher than any other month since October 2009 when the Department of Health and Human Services’ Office for […]

A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security […]

American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around […]

The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack […]

A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City […]

The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and […]

Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was […]

The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach […]

After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to […]

Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties […]

A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact […]

The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & […]

The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will […]