Healthcare ransomware attacks have increased twofold in the past 5 years, file recovery from backups has dropped, and it is now usual for information to be stolen and released to the public right after a […]
The HIPAA law addresses security safeguards by requiring covered entities and business associates to implement administrative, physical, and technical measures to protect the confidentiality, integrity, and availability of ePHI, including risk assessments, workforce training, access […]
Several lawsuits were filed against Shields Health Care Group in Massachusetts in relation to one of the biggest healthcare data breaches in 2022, where nearly 2 million people were affected. The lawsuits were combined into […]
HIPAA compliance training is typically required to be conducted annually, though the specific frequency may vary depending on the organization’s policies, changes to regulations, and the roles and responsibilities of employees handling protected health information. […]
The health system CommonSpirit Health based in Chicago, IL is dealing with a class action lawsuit due to a ransomware attack in October 2022. Malicious actors accessed its IT network on September 16, 2022, and […]
The common types of HIPAA violations include unauthorized access to or disclosure of PHI, failure to implement appropriate safeguards to protect PHI, lack of employee training on HIPAA policies and procedures, neglecting to obtain patient […]
The practices of acquiring permission from users of Facebook and Instagram to utilize their personal information for marketing purposes have been subject to a lengthy investigation. Finally, Meta has been penalized €390 million or $414 […]
HIPAA compliance requires that all ePHI transmitted or stored must be encrypted with strong, industry-standard algorithms and protocols to ensure the confidentiality, integrity, and security of patient data. HIPAA is a healthcare industry legislation aimed […]
To avoid HIPAA penalties in telemedicine practices, ensure strict adherence to HIPAA regulations by implementing robust encryption and security measures for ePHI, conducting regular risk assessments, maintaining training programs for staff regarding privacy protocols, obtaining […]
Heartland Alliance located in Chicago, IL, a social justice and human rights organization, announced on December 15, 2022, that it experienced a cyberattack. The organization discovered the security breach on January 26, 2022, and took […]
HIPAA penalties for non-compliance can range from $100 to $50,000 per violation, with an annual maximum of $1.5 million for each violation category, depending on the level of negligence and the extent of the violation, […]
As of September 2021, the HIPAA violation fines for improper safeguards can range from $100 to $50,000 per violation, with an annual maximum penalty of $1.5 million, depending on the level of negligence and the […]
In June 2022, it was reported that Fitzgibbon Hospital based in Marshall, MO suffered a ransomware attack, which the DAIXIN Team threat group claimed responsibility for. According to the group’s spokesperson, the hospital’s systems were […]
HIPAA violation penalties for data breaches can range from $100 to $50,000 per violation, with a maximum annual penalty of $1.5 million, depending on the level of culpability and the organization’s efforts to correct the […]
Many ransomware attacks are still carried out on healthcare companies, however, finding out the magnitude to which healthcare providers are being attacked by ransomware groups is a difficult task. Ransomware attack victims do not usually […]
HIPAA compliance protects patient data by establishing strict standards and regulations for healthcare providers and organizations, ensuring the confidentiality, integrity, and availability of PHI, safeguarding against unauthorized access, use, or disclosure, and imposing penalties for […]
Fertility Centers of Illinois has offered to pay $450,000 to settle a lawsuit submitted on behalf of patients and staff members who were impacted by its data breach in February 2021. On February 1, 2021, […]
The HIPAA law impacts telemedicine practices by requiring healthcare providers to maintain the confidentiality, security, and privacy of patient health information during electronic transmission and storage, requiring the implementation of appropriate safeguards and controls to […]
The key requirements for HIPAA compliance include ensuring the security, confidentiality, and integrity of PHI by implementing administrative, physical, and technical safeguards, providing employee training and awareness, conducting regular risk assessments and audits, maintaining compliant […]
The HIPAA law guidelines for patient consent require healthcare providers to obtain written authorization from patients before disclosing their PHI to third parties, except in cases of treatment, payment, healthcare operations, or situations where the […]
November had 31% fewer healthcare data breaches reported compared to October 2022. November had a total of 49 breaches involving 500 and up records, which is below the 58 breaches per month 12-month average. In […]
Plaintiffs in a consolidated class action lawsuit against Meta lately sought an injunction versus Meta to make the company discontinue accumulating and transmitting information gathered from the sites of healthcare companies via Meta Pixel tracking […]
Midwest Orthopaedic Consultants based in Illinois has reported that unauthorized persons accessed its computer system and encrypted files using ransomware. The healthcare provider detected the cyberattack on September 29, 2022, and took steps right away […]
Morley Companies has decided to resolve a class action lawsuit sent in on behalf of persons impacted by a big data breach that happened on or about August 1, 2022. Funding of $4.3 million was […]
Avem Health Partners based in Oklahoma City provides healthcare companies with administrative and technology services. It recently began informing its healthcare clients regarding a data breach that happened at 365 Data Centers, its vendor. 365 […]
An ex-nurse working at the Roswell Park Comprehensive Cancer Center based in Buffalo, NY was sentenced to serve 37 months in jail for tinkering with and stealing controlled prescription drugs meant for patients with cancer. […]
Citrix Application Delivery Controller (ADC) and Citrix Gateway users are advised to see and ensure that their systems aren’t prone to a critical unauthenticated remote code execution vulnerability that a highly capable Chinese advanced persistent […]
Occupational health services provider, Work Health Solutions based in San Jose, CA, has reported the exposure and potential theft of the protected health information (PHI) of 13,157 persons by unauthorized people who got access to […]
The private data of people visiting telehealth websites is being disclosed to big tech firms without the consent of the user because of the tracking code snippets added to websites, based on a recent review […]
The HHS’ Office for Civil Rights (OCR) reported an arrangement with a Californian dental practice to settle multiple HIPAA violations associated with a complaint concerning impermissible disclosures of protected health information (PHI) on Yelp, an […]
San Gorgonio Memorial Hospital based in California and Receivables Performance Management based in Washington recently reported data breaches. The latter’s data breach has impacted more than 3.7 million persons. Receivables Performance Management Receivables Performance Management […]
Non-profit healthcare system Conway Regional Medical Center located in north central Arkansas has offered to pay $295,000 to settle a class action lawsuit that was submitted for people impacted by a 2019 data breach. The […]
Mobile health applications creators may need to comply with certain government legislation such as the Children’s Online Privacy Protection Act (COPPA), FTC Health Breach Notification Rule, Federal Food, Drug and Cosmetics Act (FD&C Act), FTC […]
Multiple class action lawsuits were filed against Empress EMS, the New York ambulance service, because of a ransomware attack that was discovered on July 14, 2022. The group responsible for the attack was the Hive […]
San Juan Regional Medical Center (SJRMC) based in Farmington, New Mexico, has presented a settlement to take care of a class action lawsuit associated with a data breach in September 2020 that impacted 68,792 individuals. […]
LastPass has announced that hackers acquired access to a third-party cloud storage solution that held customer information, though there was no compromise of user passwords. The hacking incident is associated with the data breach that […]
A team of 10 state Attorney Generals lately sent a letter to Apple CEO, Tim Cook, telling the company to use tougher privacy and security settings for programs accessible via the Apple App Store that […]
There was a small decrease in ransomware attacks in Q3, but it is too soon to say whether that decreasing trend will go on. Despite the decrease in attacks, ransomware continues to be the main […]
563,000 Patients and Health Plan Members Affected by Hacking and IT Incidents Consulting company Health Care Management Solutions LLC based in West Virginia, which provides healthcare for vulnerable individuals including veterans, has just submitted a […]
Hope Health Systems Inc. (HHS) based in Woodlawn, MD has just reported that it suffered a ransomware attack. The healthcare provider detected the attack on June 20, 2022, and engaged third-party forensics specialists to look […]
Gateway Rehabilitation Center (Gateway Rehab) based in Pennsylvania recently reported that it encountered an incident causing access problems to selected systems. Gateway Rehab detected the incident on June 13, 2022 and took quick action to […]
The dermatology practice, Forefront Dermatology, based in Wisconsin has offered to resolve a class action lawsuit filed by patients who had their protected health information (PHI) exposed during a ransomware attack at the end of […]
Wright & Filippis, the prosthetics, orthotics, and accessibility service provider based in Rochester Hills, MI has just reported that it encountered a ransomware attack on its system. The attack happened from January 26 to January […]
There was a worldwide upsurge in cyberattacks in Quarter 3 of 2022. Attacks increased by 28% in contrast to the same period in 2021. Attacks today occur at an average rate of 1,130 every week, […]
Salud Family Health Gives Latest News on September 2022 Ransomware Attack Salud Family Health based in Colorado, a Federal Qualified Health Center (FQHC), just gave the latest information on a cyberattack that happened in September […]
Governor Tom Wolf of Pennsylvania just approved Senate Bill 696. The bill broadens the definition of personal information that is covered in the Breach of Personal Information Notification Act which requires the issuance of notifications […]
A federal grand jury in Memphis charged five ex-employees of Methodist Hospital in Tennessee with Health Insurance Portability and Accountability Act (HIPAA) criminal violations for impermissibly obtaining the protected health information (PHI) of patients and […]
CommonSpirit Health has just given news updates about the development of its recovery effort in response to the October 2022 ransomware attack that impacted numerous services throughout its network. The health system discovered the attack […]
The Health Sector Cybersecurity Coordination Center (HC3) has lately provided information on the tactics, techniques, and procedures related to Venus ransomware attacks. It gave a number of tips about mitigations that healthcare groups can carry […]
CommonSpirit Health has lately given an announcement about the development that has been done in recouping from a ransomware attack in October 2022 that impacted a lot of services throughout its network. The health system […]
Ann & Robert H. Lurie Children’s Hospital has offered to settle a class action lawsuit that was filed in relation to two privacy breaches where employees accessed medical records without authorization. The Chicago hospital found […]
Aveanna Healthcare has decided to pay the Office of the Attorney General of Massachusetts $425,000 as a financial penalty for not implementing proper safety measures to avoid phishing attacks, thus violating state and government legislation. […]
A number of anesthesia service providers have reported that they were impacted by a data breach encountered by their management services organization (MSO). In October, 13 anesthesia services providers to hospitals were impacted by the […]
President Biden proclaimed November to be observed as Critical Infrastructure Security and Resilience Month. It is a month focused on increasing understanding of the requirement to enhance critical infrastructure and toning up the strength of […]
The Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) has published a YouTube video that tells at length how the HITECH Act amendment in 2021 concerning “Recognized Security Practices” is applicable […]
Passwords are an affordable and easy way of authentication. Although passwords offer a high level of security, the fact is that they are a weak spot that threat actors frequently exploit to acquire access to […]
A Californian appellate court has just announced the lower court’s decision to reject class-action status for a legal action filed against a healthcare provider in California because of an insider data breach that impacted 5,485 […]
The American Civil Liberties Union of Rhode Island (ACLU of RI) is filing a lawsuit against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare New England (UHC) because of a data breach in August […]
The U.S. government is working on enhancing critical infrastructure cybersecurity. The White House has chosen the healthcare, communications, and water sectors as the next priority areas. The White House is about to release new guidance […]
First, Novant Health stated that the protected health information (PHI) of 1.36 million individuals was transmitted to Meta. Now, Advocate Aurora Health is the second to confirm that it also put the Meta Pixel tracking […]
VisionWeb Holdings based in Austin, TX, a company providing the eye care industry with Internet-delivered software solutions for enhancing practice efficiency, lately submitted a data breach report to the HHS’ Office for Civil Rights indicating […]
Cybercriminals extensively target the healthcare industry in order to access healthcare networks for a variety of nefarious uses. Why are healthcare records remarkably valuable to criminals? Hackers do a lot to gain access to healthcare […]
Radiology Associates of Albuquerque (also known as RAA Imaging/Advanced Imaging, LLC) has lately informed patients about the theft of some of their protected health information (PHI) in a cyberattack that was discovered over A year […]
Aesthetic Dermatology Associates based in Pennsylvania has lately confirmed that unauthorized individuals accessed its network and possibly viewed and/or obtained files that contain the personal data and protected health information (PHI) of 33,793 present and […]
United Health Centers of the San Joaquin Valley (UNC) has offered a settlement deal to take care of a class action lawsuit filed for the sake of patients impacted by its Vice Society ransomware attack […]
Cardiac Imaging Associates based in Los Angeles, CA, has found out that an unauthorized person got access to the email account of an employee. The healthcare provider discovered the incident in April 2022, and took […]
Cytometry Specialists, Inc., conducting business as CSI Laboratories based in Alpharetta, GA, has lately reported that an unauthorized person accessed the email account of a worker and could have seen or acquired the protected health […]
CommonSpirit Health is dealing with a data security incident that has impacted a lot of its healthcare services. Based on an October 4, 2022 statement released by the health system, IT systems were inaccessible online […]
Mon Health is dealing with a class action lawsuit associated with a hacking incident that enabled unauthorized persons to acquire access to its system for 11 days in December 2021. According to Mon Health, it […]
Microsoft was cautioned about the exploitation in the wild of two zero-day vulnerabilities in Microsoft Exchange Server. It has discussed mitigations prior to the patching of the vulnerabilities. The two vulnerabilities are being linked together […]
Magellan Health has decided to resolve a class action data breach legal action and will set up a $1.43 million funding to pay for claims submitted by patients impacted by the data breach. Patients whose […]
A warning was released to the healthcare and public health (HPH) community regarding a Monkeypox phishing campaign attacking U.S. healthcare providers that tries to steal Office 365, Outlook, and other email account credentials. Monkeypox is […]
The HHS’ Office for Civil Rights (OCR) has made a decision to settle three investigations of dental practices for probable violations of HIPAA Right of Access . The three investigations were started after patients filed […]
Google Meet is an innovative VoIP and videoconferencing program that healthcare providers can use to deliver telehealth services, remote consultation services, and virtual patient sessions. However, is Google Meet compliant with HIPAA? Google Meet is […]
For three months now, the reported number of healthcare data breaches has gone down. August had 49 reported breaches involving 500 or more records, which is below the typical 58 breaches a month. The number […]
The Physicians’ Spine and Rehabilitation Specialists of Georgia (PSRSG) has informed 38,765 patients about the potential compromise of some of their protected health information (PHI) in a cyberattack that happened approximately on July 11, 2022. […]
The Ohio law company, Bricker & Eckler LLP, decided to resolve a class action data breach lawsuit filed on behalf of those impacted by a ransomware attack on the company in 2021. Bricker & Eckler […]
The Federal Bureau of Investigation (FBI) has released a TLP:WHITE Private Industry Notification notifying about persistent cybercriminal efforts attacking healthcare payment processors that endeavor to direct victim payments to accounts controlled by the attackers. These […]
Ambry Genetics has made a decision to settle a class action lawsuit that was due to a breach of the protected health information (PHI) of 232,772 patients. In April 2020, Ambry Genetics informed patients about […]
The Federal Bureau of Investigation (FBI) has given a private industry notification alert concerning the growing number of vulnerabilities in healthcare devices. When medical devices aren’t immediately patched and are operating on obsolete programs, malicious […]
Emerging technologies could transform the healthcare sector. Although there are lots of potential advantages, these technologies could bring risks that can endanger patient privacy and security. When vulnerabilities aren’t appropriately dealt with, threat actors can […]
Rapid 7 researchers found four vulnerabilities in Baxter and Sigma Spectrum infusion pumps. These devices are employed to supply patients with medications and nutrition. These TCP/IP enabled-devices are typically linked to healthcare networks. Vulnerabilities can […]
The healthcare provider based in Morristown, VT, Lamoille Health Partners, is dealing with a class action lawsuit because of a ransomware attack in June 2022 that impacted approximately 60,000 patients. Lamoille Health Partners discovered the […]
The HHS’ Office of Inspector General (OIG) has required the Health Resources and Services Administration (HRSA) to enhance supervision of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OPTN is a nationwide […]
Five vulnerabilities were found in CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor of Contec Health. A threat actor could exploit the vulnerabilities to carry out a denial-of-service attack, gain access to a root shell, […]
CorrectHealth Notifies 54,000 Patients About the Email System Breach in November 2021 CorrectHealth based in Alpharetta, GA is sending notifications to patients regarding a breach of its email accounts. The security breach was identified on […]
The Health Sector Cybersecurity Coordination Center (HC3) is alerting the healthcare and public health sector (HPH) regarding one of the ablest and hostile cybercrime syndicates presently active – Evil Corp. The group works from Russia […]
Avamere Holdings based in Wilsonville, OR, a provider of home health care services and operator of a nursing home, is dealing with a class action lawsuit due to a serious data breach that impacted 96 […]
EmergeOrtho, an orthopedic practice in North Carolina, has just informed 75,200 patients that unauthorized individuals accessed some of their protected health information (PHI). As per the substitute breach notice posted by EmergeOrtho, the practice detected […]
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released an alert to the Healthcare and Public Health Sector (HPH) regarding a fairly new ransom threat group named Karakurt, which […]
Humana & Cotiviti have decided to resolve a class action lawsuit and the claims from people impacted by a data breach in 2020 that compromised the protected health information (PHI) of 64,654 people. Humana had […]
Onyx Technologies based in Largo, MD, a company offering Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), recently informed 96,814 health plan members about the potential compromise of some […]
July 2022 had 66 healthcare data breaches affecting 500 and up records reported to the Department of Health and Human Services Office for Civil Rights. This figure is 5.71% less than the 70 data breach […]
A digital marketing and analytics company based in Idaho filed a lawsuit against the Federal Trade Commission for allegedly violating the Federal Trade Commission (FTC) Act with its data practices. Kochava’s principal business unit offers […]
Practice Resources based in Syracuse, NY provides billing and other professional services. It encountered a data breach that affected the data of 942,138 persons. The breach notification provided to the California Attorney General indicated that […]
The health plan provider Priority Health based in Michigan has reported that it was affected by a data breach that occurred at a business associate, the law agency Warner Norcross & Judd (WNJ). Steps were […]
The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a joint security advisory concerning the extensive attack on organizations in the healthcare and medical sectors by the […]
The American Data Privacy and Protection Act (ADPPA) presented in June was considerably revised in just a few days. Then, last month there was a new draft of ADPPA law presented having more changes. The […]
Zenith American Solutions, the Sound Health and Wellness Trust’s third-party manager, recently advised people regarding a mailing error that compromised their Social Security numbers of the people. Based on the breach notification, the company sent […]
Salinas Valley Memorial Healthcare System based in California has decided to negotiate a class action lawsuit by paying $340,000 to settle claims from patients impacted by the email security breach in 2020. From April 30, […]
Additional information was recently published regarding two cyberattacks on healthcare companies: Behavioral Health Group and Goodman Campbell Brain and Spine. Behavioral Health Group Reports Potential Compromise of Patient Data in December 2021 Cyberattack Behavioral Health […]
Dental Care Alliance decided to resolve a class action lawsuit filed due to a data breach that affected approximately 1.7 million people. A $3 million fund was reserved to cover claims from persons impacted by […]
Fast Track Urgent Care, an urgent healthcare clinic network in Florida, has announced that the protected health information (PHI) of 258,411 persons was exposed and possibly stolen due to a ransomware attack on PracticeMax, a […]
Meta is dealing with one more class action lawsuit because of the illegal collection and disclosure of health information with no content. The Northern District of California received the filed lawsuit on behalf of the […]
A big data breach was reported that has impacted many healthcare, senior living and rehabilitation centers in Arizona, Oregon, Nevada, Colorado, Utah, and Washington, which are managed by organizations that belong to the group Avamere […]
Almost all Americans are confident regarding their understanding of cybersecurity as per the latest AT&T study of 2,000 People in America. Nevertheless, bad cyber hygiene and poor password strategies remain a usual thing. OnePoll performed […]
Cybercriminals are increasingly attacking business associates of HIPAA-covered entities because of the ease of accessing the systems of a number of healthcare providers. To help healthcare delivery organizations (HDOs) manage the situation, the Cloud Security […]
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released information to assist healthcare companies to be protected against web application attacks. In recent years, web applications have increased in […]
Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has just confirmed that a data breach at a business associate resulted in the exposure of the protected health information (PHI) of a number of its health […]
In June 2022, 70 healthcare data breaches involving 500 or higher records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR). This number is two less than May and […]
The National Institute of Standards and Technology (NIST) has made updates to its guidance for HIPAA-covered entities on enforcing the HIPAA Security Rule to better secure patients’ personal data and protected health information (PHI). The […]
The Methodist Hospitals Inc decided to resolve a class action lawsuit and allocated a $425,000 fund for claims filed by victims in relation to a data breach in 2019 that impacted about 70,000 patients. The […]
A new Phishing by Industry Benchmarking Report showed that giving security awareness training to the employees considerably lowers risks to phishing attacks. KnowBe4 conducted the study to find out how helpful security awareness training is […]
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has reported that Oklahoma State University – Center for Health Sciences (OSU-CHS) has decided to negotiate a HIPAA investigation arising from the […]
Health Aid of Ohio has decided to resolve a class action lawsuit to handle claims concerning its inability to secure the sensitive personal data of its clients. Health Aid of Ohio based in Parma, OH […]
The HHS’ Office for Civil Rights has lately released guidance to healthcare companies after the overturning of Roe v. Wade subsequent to the SCOTUS Dobbs v. Jackson Women’s Health Organization judgment, which took away the […]
The Federal Bureau of Investigation (FBI), the Department of the Treasury, and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint security advisory to the healthcare and public health industry about the risk of Maui […]
Google has stated that it is going to take steps to improve privacy protections for end users of its services. Google has always recommended an extensive, national privacy law covering consumer data to make sure […]
The Department of the Treasury, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity warning regarding the MedusaLocker ransomware. The MedusaLocker […]
Senators Cory Booker (D-NJ), Ron Wyden (D-OR), and Elizabeth Warren (D-MA) have written to two prominent mental health app companies and sought responses regarding their practices on data collection and sharing. There were several reports […]
The Government Accountability Office (GAO) has advised the Department of Health and Human Services (HHS) to create a feedback system to enhance the efficiency of its data breach reporting procedure. The Health Information Technology for […]
Hearst Health subsidiary, MCG Health based in Seattle, is facing multiple class-action lawsuits due to a data breach that impacted approximately 10 healthcare companies such as Lenoir Health Care, Indiana University Health, Jefferson County Health […]
Acorda Therapeutics Reports Email Account Breach The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments […]
University of Pittsburgh Medical Center has made the decision to negotiate a class action data breach lawsuit. It will set aside $450,000 to pay for claims from persons who have had losses because of the […]
PHI of Approximately 69,000 Persons Compromised in Comstar Hacking Incident Comstar based in Rowley, MA provides ambulance invoicing, collection, ePCR Hosting, and client/patient services. It found out that an unauthorized third-party acquired access to selected […]
Recently, Central Florida Inpatient Medicine (CFIM) based in Lake Mary, FL has found that an unauthorized person has accessed the email account of a staff member. The compromised emails and file attachments may contain the […]
A new bill has been launched by Sen. Elizabeth Warren (D-MA) that wishes to prohibit data brokers from selling the health and location information of Americans. The bill called The following senators co-sponsored the Health […]
Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider. […]
Shields Health Care Group is facing a class-action lawsuit over the 2 million-record data breach it recently announced. This is the largest healthcare data breach ever reported for this year. Shields Health Care Group is […]
Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients. Based […]
The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by […]
Atlassian has announced a patch to correct a critical zero-day vulnerability that impacts all supported versions of Confluence Server and Data Center. The vulnerability, which is tracked as CVE-2022-26134 has a maximum CVSS severity score […]
There is a new zero-day vulnerability discovered that impacts a Windows tool like Follina. Although there’s no information if the vulnerability was exploited in the wild, it is possible to exploit it. The recent attention […]
Five vulnerabilities were discovered in the Illumina Local Run Manager (LRM), which is utilized by Illumina Researcher Use Only (ROU) instruments and Illumina In Vitro Diagnostic (IVD) devices. The impacted instruments are employed for clinical […]
The law firm Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in association with a breach of the personal records of […]
A New York Federal Judge dismissed a class-action lawsuit filed against Alliance HealthCare Services and NorthEast Radiology PC because of a data breach that compromised the protected health information (PHI) of above 1.2 million people […]
BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email […]
A recent study conducted by Source Defense analyzed the risks related to using third- and fourth-party codes on online sites. They found that all modern, active websites had code that can be targeted by attackers […]
Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and […]
Researchers found out that a misconfigured AWS S3 bucket is exposing information. This cloud storage is owned by Breastcancer.org, a breast cancer support charity located in Ardmore, PA. SafetyDetectives learned that the unsecured AWS bucket […]
After four consecutive months of decreasing figures of data breaches, reported data breaches increased by 30.2%. In April 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 56 data breaches […]
Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT […]
Based on the latest security advisory released by the Five Eyes Cybersecurity agencies in the U.K., U.S., Australia, Canada, and New Zealand, the most frequent attack vectors cyber threat actors use for preliminary access to […]
The medical equipment organization NuLife Med LLC based in Manchester, NH, has just announced that it encountered a cyberattack in March 2022. It discovered suspicious network activity on or approximately March 11, 2022, and took […]
The nonprofit health system Christus Health based in Irving, TX operates over 600 healthcare establishments in Arkansas, Texas, New Mexico, and Louisiana. It has been reported recently that it discovered suspicious activity with its computer […]
Unauthorized persons have acquired access to the computer systems of Eye Care Leaders, which is an electronic health records and patient management software solutions provider for eye care clinics. On or around December 4, 2021, […]
The tactics, techniques, and procedures (TTPs) employed by ransomware and other cyber attackers are always changing to elude identification and enable the groups to carry out more successful attacks. The Department of Health and Human […]
A new bill was presented to address the issue of cybersecurity of medical devices that will necessitate makers of medical devices to satisfy particular minimum criteria for cybersecurity with regard to the complete lifecycle of […]
Class action lawsuits were lately filed against Oregon Anesthesiology Group and Partnership Health Plan in Northern California because of ransomware attacks that resulted in the theft of sensitive patient/plan member information. Partnership Health Plan of […]
Healthplex Inc., one of the largest dental insurance providers located in New York state, has announced the compromise of an employee’s email account during a phishing attack on November 24, 2021. Upon discovery of the […]
The National Institute of Standards and Technology (NIST) released an updated version of the cybersecurity supply chain risk management (C-SCRM) guidance to aid businesses in developing an effective plan for identifying, evaluating, and responding to […]
Making and remembering long, complicated passwords is hard for many individuals, and it is made even more difficult because of the need to make passwords to protect several accounts – A study by NordPass advises […]
May 5, 2022 is World Password Day. This event was established in 2013 and is observed every first Thursday of May with the objective of bettering understanding of the value of using complex and unique […]
The Five Eyes security agencies, a group of intelligence agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom have released a joint advisory regarding the 15 vulnerabilities in software programs and […]
Smile Brands located in Irvine, CA offers support services for dental clinics. It just gave a new report on the number of persons affected by a ransomware attack, which was uncovered on April 24, 2021. […]
The five eyes cybersecurity agencies have lately published a joint security advisory regarding the danger of cyberattacks on critical infrastructure carried out by pro-Russia cybercriminal groups and Russian nation-state threat actors. Intelligence collected by the […]
Georgia Pines CSB and Ballard Health recently reported security breaches that affected the protected health information (PHI) of 28,295 people. Ballad Health Finds Breach Involving Employee Email Account Ballard Health, an integrated community health improvement […]
The Federal Bureau of Investigation (FBI) has given a TLP: WHITE flash notification regarding the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also called ALPHAV, which began in November 2021. It was released immediately after the shutdown […]
The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has released a TLP: White alert concerning the Hive ransomware gang – A specifically hostile cybercriminal operation that has substantially attacked the healthcare […]
For the fourth month now, there has been a drop in the number of reported healthcare data breaches. March 2022 had 43 healthcare data breaches involving 500 and up records reported to the U.S. Department […]
Newman Regional Health (NRH), which manages a 25-bed critical access hospital located in Emporia, KS, has lately begun informing 52,224 individuals that unauthorized persons have acquired access to selected employee email accounts containing protected health […]
Legal action was taken versus the in-home respiratory care company, SuperCare Health, because of a cyberattack and information breach report sent to the Department of Health and Human Services as of March 28, 2022. The […]
Resources for Human Development Breach Impacts 46,673 Persons Resources for Human Development (RHD), a national human services non-profit group based in Philadelphia, PA, has recently reported the theft of a hard drive that contains the […]
There were five zero-day vulnerabilities found in Aethon TUG autonomous mobile robots, which hospitals around the world use for transporting products, medicines, and other medical items. Hospital robots are alluring targets for hackers. When access […]
Due to the latest data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) gave an alert regarding the risk of phishing attacks utilizing this email marketing service. […]
The U.S. Food and Drug Administration (FDA) has released new draft guidance to help medical device companies integrate cybersecurity features into their merchandise at the premarket phase, and to make sure safety risks are taken […]
Charleston Area Medical Center Breach Had 54,000 Victims Charleston Area Medical Center (CAMC) located in Charleston, WV, has just announced a phishing attack that allowed unauthorized individuals to get access to the email accounts of […]
SuperCare Health based in Downey, CA, a provider of post-acute, in-home respiratory care in the Western United States, recently began informing 318,379 individuals about the exposure of some of their protected health information (PHI) and […]
Two remote code execution vulnerabilities were discovered in the Spring platform – a well-known application framework utilized by software creators for quickly creating Java apps. Proof-of-concept exploits for the two vulnerabilities can be found in […]
An audit of Health Insurance Exchange of Connecticut, Access Health CT, by the state auditor indicated that Access Health CT experienced 44 data breaches in the period of 3.5 years and did not completely report […]
Partnership Health Plan of California Getting back from Alleged Ransomware Attack The nonprofit managed care health plan based in Fairfield, CA, Partnership Health Plan of California (PHC), experienced a cyberattack that resulted in the shut […]
$7 Billion Lost Every Year Because of Fraud Rep. Ted Archer explained a Congressional Report to the House Ways and Means Committee in March 1996. The report exposed the degree of abuse and fraud in […]
Conti Ransomware Gang Owns Responsibility for CSI Laboratories Cyberattack Cytometry Specialists, Inc. also known as CSI Laboratories in Alpharetta, GA, has lately announced that it encountered a cyberattack that was noticed on February 12, 2022. […]
$50,000 Civil Monetary Penalty Paid by Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), dental practice managing offices in Monroe and Charlotte, NC after a […]
Horizon Actuarial Services and the Clinic of North Texas have just announced breaches of the protected health information (PHI) of patients and plan members. Data Theft and Extortion Incident at Horizon Actuarial Services Horizon Actuarial […]
Two bipartisan senators introduced a new bill that aspires to enhance the cybersecurity of the healthcare and public health (HPH) industry, in consideration of the current White House alert about the growing danger of Russian […]
The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has published its 2021 Internet Crime Report, which shows that critical infrastructure organizations had about 649 ransomware attacks between June 2021 and December 2021. […]
Present Biden has released an alert regarding the growing threat of cyberattacks conducted by Russian state-sponsored hackers due to the economic sanctions enforced on the country as a reply to the attack on Ukraine. President […]
For the 3rd consecutive month, there is a decrease in the number of data breaches submitted to the HHS’ Office for Civil Rights (OCR). February had 46 healthcare data breaches involving 500 and up records […]
A woman was sentenced to 15 months imprisonment for being involved in a plan to defraud patients of a medical clinic based in Metairie, LA. In 2015, three persons were captured in association with the […]
The U.S. Department of Justice (DOJ) has reported the settlement agreed with the healthcare services company, Comprehensive Health Services (CHS) located in Cape Canaveral, FL to resolve alleged False Claims Act violations. This is the […]
South Denver Cardiology Associates (SDCA) has recently stated that it encountered a cyberattack last January 2022 that resulted in the access and potential theft of files comprising patient information by attackers. Unusual network activity was […]
Logan Health and subsidiary, sister, and related entities are facing legal action because of a data breach that happened in 2021 and impacted 213,543 patients of Logan Health Medical Center. Law firm Heenan & Cook […]
Duncan Regional Hospital Duncan Regional Hospital based in Oklahoma has reported that cybercriminals acquired access to its networks and possibly exfiltrated sensitive data of patient and employees. The hospital detected the breach on January 20, […]
Bible Fellowship Church Homes, Inc. doing business as Fellowship Community based in Whitehall, PA, has just announced a cyberattack it discovered on August 6, 2021. Digital forensics specialists investigated the incident and confirmed that unauthorized […]
Monongalia Health System (Mon Health) based in West Virginia has reported a cyberattack that resulted in the exposure of the patient, worker, and contractor information. This is the second big data breach reported by the […]
The healthcare field has been greatly attacked by ransomware gangs and victims frequently consider paying the ransom as the best solution to make certain a speedy recovery, however, the payment won’t always stop the extortion. […]
The HIPAA violation reporting process is different for different organizations because of differences in policies and procedures, and the process for sending violations reports to HHS´ Office for Civil Rights differs based on the nature […]
Jax Spine & Pain Centers Jax Spine and Pain Centers based in Jacksonville, FL has recently reported that it encountered a ransomware attack that happened on January 24, 2022. The attack was performed on an […]
The Houston Health Department has recently announced the exposure of personal information and COVID-19 test results of 10,291 people online due to a technical issue with its website. The problem enabled around 3,500 portal users […]
Two HIPAA-regulated entities have lately begun sending notifications to individuals whose protected health information (PHI) was possibly compromised in cyberattacks that happened more than a year ago. One entity took 18 months to alert affected […]
Logan Health Medical Center located in Kalispell, MT has lately begun sending notifications to some patients that hackers obtained access to a file server that stored patient data in a highly advanced criminal attack. The […]
The National Cybersecurity Center of Excellence (NCCoE) has released the NIST guidance final version on Securing Telehealth Remote Patient Monitoring Ecosystem (SP 1800-30). Healthcare delivery companies have been using more telehealth and remote patient monitoring […]
Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach […]
The U.S. District Court for the Western District of New York has suggested the dismissal of a class action data breach suit against Practicefirst Medical Management Solutions regarding a ransomware attack in 2020. Medical management […]
Healthcare privacy regulations in the United States must be updated to bring them into the current age to make sure individually identifiable health information is secured regardless of how it is gathered and shared. The […]
Morley Companies based in Saignaw, MI has lately reported that it encountered a cyberattack that began on August 1, 2021, resulting in the inability to access data from its data systems. The business services provider […]
CaptureRx has offered to pay $4.75 million to resolve claims associated with a 2021 data breach that impacted roughly 2.4 million patients of its healthcare company customers. CaptureRx is a medical care administrative service company […]
Cross Timbers Health Clinics located in Brownwood, Texas, doing business with the brand AccelHealth, encountered a ransomware attack last December 15, 2021, which kept the Federally Qualified Health Center from obtaining access to a number […]
The Rhode Island Attorney General is conducting an investigation involving the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare because of a cyberattack and security breach that allowed hackers to access RIPTA’s system that held […]
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a report giving information about the Conti ransomware attack on the Health Service Executive (HSE) in Ireland last May 2021, as well as guidance for […]
Suncoast Skin Solutions, a network composed of 22 surgical, medical, and cosmetic dermatological care clinics based in Florida, recently began sending notifications to 57,730 patients regarding a ransomware attack it discovered on July 14, 2021. […]
Ransomware gangs are increasingly taking advantage of unpatched vulnerabilities in software applications and operating systems to acquire access to company networks, and they are adopting zero-day vulnerabilities quickly. Unpatched vulnerabilities are currently the major attack […]
In September 2021, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released a notification warning the health industry concerning a higher threat associated with BlackMatter ransomware attacks. A couple of […]
It is crucial for nursing students to be familiar with the HIPAA guidelines since nursing students perform a role in providing healthcare. When nursing students do not have enough training in HIPAA compliance, the privacy […]
The HIPAA Breach Notification Rule requires the sending of data breach notification to the Secretary of the HHS “without unnecessary delay” and not later than 60 days after the discovery date of a data breach. […]
Advocates Inc based in Massachusetts., a nonprofit provider of support services for persons suffering from life challenges like autism, addiction, brain injury, intellectual disabilities, mental health, and behavioral health, has announced it recently encountered a […]
A wrong configuration of an internal website portal used by a Florida county drug screening laboratory exposed sensitive data on the internet for over four years. St. Lucie County’s drug screening lab (SLC Lab) offers […]
New York Attorney General Letitia James announced the first settlement deal of 2022 over a healthcare data breach. The vision benefits provider based in Ohio, Med Vision Care, is going to pay $600,000 as a […]
A current study by Cynerio, a healthcare IoT security platform provider, has uncovered that 53% of connected medical devices and other healthcare IoT devices have no less than one unaddressed critical vulnerability that can possibly […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to all companies in America to take prompt action to get ready for attempted cyberattacks using a new wiper malware employed in targeted […]
An $18.4 million settlement has been reached to resolve a class-action lawsuit filed against Mass General Brigham in relation to the usage of site analytics tools, cookies, pixels, and related technologies on a number of […]
In December 2021, there were 56 data breaches involving 500 and up healthcare records reported to the HHS’ Office for Civil Rights (OCR), which showed a 17.64% drop compared to the past month. In 2021, […]
Jefferson Surgical Clinic based in Roanoke, VA has started alerting patients concerning the potential compromise of some of their protected health information (PHI) due to a cyberattack that was uncovered on June 5, 2021. Based […]
The tech firm Accellion in Palo Alto, CA made a proposal for an $8.1 million settlement to take care of a class action data breach suit that was filed on behalf of affected individuals of […]
The digital pharmacy and health app developer Ravkoo based in Auburndale, FL has started sending notification letters to a number of patients regarding an unauthorized individual who viewed and potentially stole some of their sensitive […]
The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) have given a joint alert to caution about the danger of Russian cyberattacks on critical infrastructures, […]
In 2019, it was scary to have over 1 healthcare data breach report daily. In 2021, certain months had over two healthcare data breaches per day. With data breaches occurring so often and ransomware attacks […]
Anthem Inc. has notified 2,003 members that an unauthorized individual potentially viewed or obtained some of their protected health information (PHI) after gaining access to the network of one of its business associates. Anthem works […]
A specialty pharmacy based in Florida is dealing with a class-action lawsuit concerning an October 2021 cyberattack that resulted in the stealing of the personally identifiable information (PII) and protected health information (PHI) of around […]
Fertility Centers of Illinois (FCI) has lately advised 79,943 present and past patients concerning unauthorized persons that may have accessed or acquired some of their protected health information (PHI). FCI found suspicious system activity last […]
The Rhode Island Public Transit Authority (RIPTA) has just informed the Department of Health and Human Services’ Office for Civil Rights regarding a data breach that affected the protected health information (PHI) of 5,015 individuals […]
Some of the major healthcare data breaches of 2021 are the worst in history. This post summarizes the major data breaches reported in 2021. The Department of Health and Human Services’ Office for Civil Rights’ […]
Saltzer Health based in Nampa, Idaho has begun informing a number of patients regarding the exposure of their protected health information (PHI) due to an email account breach, which was discovered on June 1, 2021. […]
If a covered entity or business associate fails in complying with HIPAA rules, OCR is authorized to impose fines for HIPAA noncompliance – whether there’s no PHI breach or complaint. Following a great deal of […]
The gastroenterology healthcare provider based in Bradenton, FL called Florida Digestive Health Specialists (FDHS) has lately begun informing over 212,000 patients regarding the exposure of some of their protected health information (PHI) in a cyberattack […]
There is a 15.25% increase (compared to October) in the number of healthcare data breaches reported to the HHS’ Office for Civil Rights. November had 68 data breaches involving 500 and up records reported. For […]
A class-action lawsuit was filed versus San Juan Regional Medical Center in Farmington, New Mexico in relation to a reported data breach last June 2021. According to the breach investigation, there was an unauthorized individual […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued new guidance to discuss how the HIPAA Privacy Rule is applicable to disclosures of protected health information (PHI) to support applications […]
Eduro Healthcare in Salt Lake City, UT has advised 8,059 individuals regarding the potential exposure of their PHI. In March 2021, the healthcare company found suspicious activity in its network and took quick action to […]
Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) recently suffered a cyberattack that was discovered on October 19, 2021. The moment the attack was identified, immediate action was done to avoid further access […]
The number of healthcare organizations affected by the latest ransomware attack on Kronos has been increasing in the past few days. 7 healthcare companies have now reported that they have been impacted by the attack. […]
The accountancy company Bansley and Kiener LLP based in Chicago, IL has announced that it encountered a ransomware attack in December 2020 that resulted in the encryption of certain files within its systems. The attack […]
On July 11, 2021, the Oregon Anesthesiology Group found out that it encountered a ransomware attack that resulted in the encryption of files on its systems and preventing access to its servers and patient data. […]
A maximum-severity vulnerability was discovered in Apache Log4j, which is an open-source logging library based in Java. It is utilized by a lot of organizations in their business programs and by numerous cloud solutions. The […]
A number of Hillrom Welch Allyn Cardio products had been found to have a high severity vulnerability that permits an attacker to access accounts without using a password. The vulnerability involves an authentication bypass problem […]
SonicWall has launched a new software program for its Secure Mobile Access (SMA) 100 series remote access appliances that correct 8 vulnerabilities which include 2 critical and 4 high-severity vulnerabilities. Threat actors are exploiting vulnerabilities […]
Three healthcare providers have lately announced security breaches affecting the email accounts of workers. The incidents potentially led to the compromise and possible theft of the protected health information (PHI) of over 40,000 people. Saltzer […]
The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric strategy to enable safe and quick access to patient information to satisfy the interoperability, […]
The Department of Health and Human Services made an announcement about its new website that provides guidance and resources to assist the medical care and public health industry to offset cybersecurity threats. The website was developed […]
Legal action was filed against Quest Diagnostics and ReproSource Fertility Diagnostics, its subsidiary, in the US District Court for the District of Massachusetts because of a ransomware attack in August 2021 that impacted 350,000 individuals. […]
Mental health clinic NorthCare based in Oklahoma City, OK encountered a ransomware attack in June 2021 that led to the exposure of the protected health information (PHI) of patients. NorthCare learned about the suspicious activity […]
The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance for businesses to help them protect mobile devices and safely access company resources utilizing mobile gadgets. The Enterprise Mobility Management (EMM) system checklist was […]
Upstate Homecare, Consociate Health and Sarasota MRI, and have lately informed regulators and patients concerning security incidents relating to their personal data and protected health information (PHI). Upstate Homecare Informs 5,100 Patients Concerning Ransomware Attack […]
A former staff of Huntington Hospital located in New York is confronted with a criminal HIPAA violation case related to the unauthorized accessing of health records of 13,000 patients. The night shift hospital staff impermissibly […]
The Department of Health and Human Services’ Office for Civil Rights received 59 healthcare data breach reports involving 500 or higher records in October. The number of healthcare breaches in October is 25.5% higher than […]
The health insurance agency True Health New Mexico based in Albuquerque, NM began informing a number of health plan members regarding the exposure and possible theft of protected health information (PHI). True Health New Mexico […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have cautioned companies in the United States regarding the greater risk of cyberattacks during the Thanksgiving period. Cyber threat actors are […]
University Hospital Newark (NY) reported that a former hospital employee acquired the protected health information (PHI) of thousands of patients by accessing the records without authorized consent for a one-year period. That information was later […]
Orthopedic practice Lakeshore Bone & Joint Institute based in Indiana, has encountered a breach that affected its Microsoft Office 365 environment, including emails and file attachments that store the protected health information (PHI) of some […]
The protected health information (PHI) of 1,271,642 people was exposed and possibly stolen in two healthcare hacking incidents that were recently reported to the Department of Health and Human Services’ Office for Civil Rights. PHI […]
The New Jersey Attorney General has allowed a $130,000 settlement with two printing companies to resolve affirmed violations of the New Jersey Consumer Fraud Act (CFA) and Health Insurance Portability and Accountability Act (HIPAA) that […]
Southern Ohio Medical Center (SOMC) in Portsmouth, OH, is recouping from a cyberattack that happened on November 11, 2021. Because of the cyberattack, the hospital had to go on diversion and reroute ambulances to alternative […]
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has released a threat alert for the healthcare sector regarding cyber threat actors using the Cobalt Strike penetration testing tool. Cobalt Strike is a potent red team […]
8,412 Patients’ PHI Potentially Exposed Due to Surecare Specialty Pharmacy Ransomware Attack Surecare Specialty Pharmacy based in El Paso, TX has lately reported that it had suffered a sophisticated ransomware attack last August 16, 2021. […]
Two vulnerabilities with high severity scores were discovered in the Philips Tasy EMR that may result in the extraction of sensitive patient information from the database. An attacker can exploit the vulnerabilities remotely. There’s a […]
Seneca Family of Agencies located in California, a provider of education, juvenile justice, mental health, placement, and permanency services, discovered unauthorized activity in its computer systems on August 27, 2021. The action was promptly undertaken […]
Family of Woodstock (FOW), a New York provider of crisis intervention, information, prevention, and support services, has experienced a cyberattack that resulted in the potential compromise of the protected health information (PHI) of 8,214 people. […]
A federal judge has decided to favor the University of Mississippi Medical Center (UMMC) in a case of unauthorized access and data theft versus three ex-workers. UMMC filed a lawsuit against Dr. Spencer Sullivan as […]
Hallettsville, Texas’ critical access hospital Lavaca Medical Center, has begun informing 48,705 individuals regarding a security breach wherein their protected health information (PHI) was exposed. Lavaca Medical Center stated it detected abnormal activity in its […]
A new study has shown prevalent security problems at healthcare companies, which include bad access controls, few limitations on access to protected health information (PHI), and bad password practices, which put sensitive information in danger. […]
When a federal agency gives healthcare services, there may be situations in which workers must go through both HIPAA and Privacy Act training. Furthermore, as a growing number of states enact their own privacy regulations, […]
Syracuse ASC, doing business as Specialty Surgery Center of Central New York, has begun informing 24,891 patients regarding unauthorized individuals who got access to its computer network and potentially viewed some of their protected health […]
B. Braun has introduced software updates to resolve five vulnerabilities identified in Infusomat Space and Perfusor Space Infusion Pumps. An attacker with low-level skill can exploit the vulnerabilities remotely. In North America, the vulnerabilities have […]
Johnson Memorial Health has submitted a report concerning a ransomware attack that occurred on October 1, 2021, which resulted in files encryption of files that affected its IT systems. Emergency procedures were easily followed and […]
In September, there was a 23.7% more month-over-month reported cases of healthcare data breaches. The Department of Health and Human Services’ Office for Civil Rights received 47 data breach reports involving 500 and up records. […]
University Hospital Newark (NY) has found out that an ex-worker had accessed the protected health information(PHI) of many patients with no permission over the span of one year. That information was then shared with other […]
Professional Dental Alliance, an organization of dental practices associated with the North American Dental Group, informed its patients that an unauthorized person accessed some of their protected health information (PHI) kept in email accounts from […]
Around 27,500 people are being advised regarding the theft of some of their personal data when the American Osteopathic Association (AOA) encountered a cyberattack. AOA is a professional organization based in Chicago that represents approximately […]
Password managers for MSPs are used for securing the credentials of a business or client. Passwords are stored in a secure user vault. Every time a user goes to a website for which he/she has […]
Premier Patient Health Care based in Carrollton, TX has found out that an unauthorized individual had obtained the protected health information (PHI) of 37,636 patients in an insider data breach incident. Premier Patient Health Care […]
ReproSource Fertility Diagnostics based in Malborough, MA has encountered a ransomware attack that allowed hackers to get access to networks holding the protected health information (PHI) of roughly 350,000 patients. ReproSource is a top reproductive […]
A previous patient of Northwestern Memorial HealthCare (NMHC) filed a lawsuit against Elekta Inc. regarding its ransomware attack and security breach last April 2021. Many U.S. healthcare providers are business associates with Elekta, a Swedish […]
Eskenazi Health based in Indianapolis, IN reported a ransomware attack that was discovered on or approximately August 4, 2021. The IT team noticed suspicious activity and promptly de-activated systems to control the attack. Emergency procedures […]
Californian healthcare provider San Diego Health is facing multiple class-action lawsuits over a data breach impacting the protected health information (PHI) of 496,949 patients. San Diego Health discovered suspicious activity in the email accounts of […]
Entities governed by the Health Insurance Portability and Accountability Act (HIPAA) have to give their employees security awareness training, however, a new report indicates that training is missing at a lot of HIPAA-governed entities. KnowBe4, […]
Navistar Inc. based in Lisle, IL has sent more notification letters to persons impacted by a security breach that was discovered on May 20, 2021. The American truck maker straight away enforced its cybersecurity response […]
PHI of Up to 3,634 Individuals Exposed at Vista Radiology Ransomware Attack Vista Radiology located in Knoxville, TN has informed 3,634 patients regarding a ransomware attack encountered on July 11, 2021 which resulted in the […]
The Vice Society ransomware group states to have carried out a ransomware attack on United Health Centers of San Joaquin Valley, a healthcare provider in California. United Health Centers manages over 20 community health centers […]
Eastern Los Angeles Regional Center learned that an unauthorized person had accessed the email account of one of its employees. On July 15, 2021, the center noticed suspicious activity in the email account and performed […]
Family Medical Center of Michigan (FMC) located in Temperance, MI has advised 21,988 patients regarding a July 2020 ransomware attack that resulted in the potential compromise of their protected health information (PHI). FMC stated that […]
August 2021 had 44% less number of reported healthcare data breaches. Healthcare providers, health plans, and their business associates reported 38 healthcare data breaches involving 500 or more records. Including August’s reported data breaches, the […]
The Alaska Department of Health and Social Services (DHSS) is about to begin mailing notification letters to all people in the state to let them know about the potential compromise of their personal and health […]
Austin Cancer Centers is notifying 36,503 patients regarding the compromise of some of their protected health information (PHI) because of a security incident identified on August 4, 2021. Unauthorized people were learned to have acquired […]
California’s Department of State Hospitals – Coalinga (DSH-C) has informed 1,738 patients about the impermissible disclosure of some of their protected health information (PHI) by a DSH-C employee. The United States District Court, Eastern District […]
Creators of health applications and wearable devices like fitness trackers that get health information received a warning from the Federal Trade Commission (FTC) that they must abide by the FTC Health Breach Notification Rule and […]
The protected health information (PHI) of 116,898 patients of HealthReach Community Health Centers based in Waterville, MA was exposed and possibly compromised. HealthReach Community Health Centers manages 11 community health centers located in Western and […]
Two DuPage Medical Group patients are taking legal action against the healthcare provider right after a July 2021 ransomware attack through which patients’ protected health information (PHI) was compromised. DuPage Medical Group experienced the ransomware […]
On June 25, 2021, Mental health service provider Wedge Recovery Centers based in Philadelphia, Pennsylvania, found suspicious activity in its computer network that suggested unauthorized persons had accessed its systems. The provider immediately took steps […]
Denton County in Texas has identified a vulnerability in a third-party provider software utilized in association with the personal health information (PHI) of individuals that was possibly exploited by unauthorized people. The software was utilized […]
The Cybersecurity and Infrastructure Security Agency (CISA) has refreshed its listing of cybersecurity bad practices that should be eliminated. Cyber threat actors frequently carry out highly sophisticated attacks to obtain access to internal systems and […]
New research of breach reports sent to the Department of Health and Human Services’ Office for Civil Rights has shown that outpatient facilities and specialty clinics were attacked by cyber threat actors more often than […]
Atlanta Allergy & Asthma has begun sending notifications to 9,851 patients regarding a January 2021 cyberattack whereby their protected health information (PHI) was exposed and possibly breached. Atlanta Allergy & Asthma stated its investigation into […]
San Andreas Regional Center located in San Jose, CA has begun informing patients regarding the potential compromise of their PHI in a ransomware attack in July 2021. On July 5, its systems and servers were […]
Metro Infectious Disease Consultants is informing 171,740 patients concerning an email security incident uncovered on June 24, 2021. An unauthorized person had acquired access to some employees’ email accounts which included the protected health information […]
HIPAA-covered entities and their business associates are still reporting big numbers of healthcare data breaches. July had 70 reported data breaches involving at least 500 records, which means having 2 or more data breaches reported […]
South Florida Community Care Plan has learned that an ex-employee mailed to a personal email account the internal documents that contain the protected health information (PHI) of plan members. The breach was identified on June […]
St. Joseph’s/Candler (SJ/C) hospital system located in Savannah, GA had been attacked by ransomware on June 17, 2021 at approximately 4 a.m. After becoming aware of the suspicious activity in its system, SJ/C quickly worked […]
At the beginning of August, a hacker contacted Dissent of DataBreaches.net and professed to have acquired access to the systems of an HVAC vendor and the systems of its customers, such as Boston Children’s Hospital. […]
The personal information of 750,000 Hoosiers gathered together with a COVID-19 contact tracing survey performed by the Indiana Department of Health was exposed on the internet and downloaded by an organization not allowed to get […]
CalHIPAA is a registered trademark. © Copyright 2003 to 2024 calHIPAA. All rights reserved.