Articles by Site Editor

The Physicians’ Spine and Rehabilitation Specialists of Georgia (PSRSG) has informed 38,765 patients about the potential compromise of some of their protected health information (PHI) in a cyberattack that happened approximately on July 11, 2022. […]

The Federal Bureau of Investigation (FBI) has released a TLP:WHITE Private Industry Notification notifying about persistent cybercriminal efforts attacking healthcare payment processors that endeavor to direct victim payments to accounts controlled by the attackers. These […]

The Federal Bureau of Investigation (FBI) has given a private industry notification alert concerning the growing number of vulnerabilities in healthcare devices. When medical devices aren’t immediately patched and are operating on obsolete programs, malicious […]

Emerging technologies could transform the healthcare sector. Although there are lots of potential advantages, these technologies could bring risks that can endanger patient privacy and security. When vulnerabilities aren’t appropriately dealt with, threat actors can […]

Rapid 7 researchers found four vulnerabilities in Baxter and Sigma Spectrum infusion pumps. These devices are employed to supply patients with medications and nutrition. These TCP/IP enabled-devices are typically linked to healthcare networks. Vulnerabilities can […]

RabbitSign based in Palo Alto, CA. is now certified by Compliancy Group’s compliance specialists as providing a free-to-use, unlimited e-signing solution that is compliant with the HIPAA Rules. RabbitSign was created at the time of […]

The HHS’ Office of Inspector General (OIG) has required the Health Resources and Services Administration (HRSA) to enhance supervision of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OPTN is a nationwide […]

Five vulnerabilities were found in CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor of Contec Health. A threat actor could exploit the vulnerabilities to carry out a denial-of-service attack, gain access to a root shell, […]

CorrectHealth Notifies 54,000 Patients About the Email System Breach in November 2021 CorrectHealth based in Alpharetta, GA is sending notifications to patients regarding a breach of its email accounts. The security breach was identified on […]

The Health Sector Cybersecurity Coordination Center (HC3) is alerting the healthcare and public health sector (HPH) regarding one of the ablest and hostile cybercrime syndicates presently active – Evil Corp. The group works from Russia […]

EmergeOrtho, an orthopedic practice in North Carolina, has just informed 75,200 patients that unauthorized individuals accessed some of their protected health information (PHI). As per the substitute breach notice posted by EmergeOrtho, the practice detected […]

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released an alert to the Healthcare and Public Health Sector (HPH) regarding a fairly new ransom threat group named Karakurt, which […]

Onyx Technologies based in Largo, MD, a company offering Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), recently informed 96,814 health plan members about the potential compromise of some […]

July 2022 had 66 healthcare data breaches affecting 500 and up records reported to the Department of Health and Human Services Office for Civil Rights. This figure is 5.71% less than the 70 data breach […]

Practice Resources based in Syracuse, NY provides billing and other professional services. It encountered a data breach that affected the data of 942,138 persons. The breach notification provided to the California Attorney General indicated that […]

The health plan provider Priority Health based in Michigan has reported that it was affected by a data breach that occurred at a business associate, the law agency Warner Norcross & Judd (WNJ). Steps were […]

The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a joint security advisory concerning the extensive attack on organizations in the healthcare and medical sectors by the […]

The American Data Privacy and Protection Act (ADPPA) presented in June was considerably revised in just a few days. Then, last month there was a new draft of ADPPA law presented having more changes. The […]

Zenith American Solutions, the Sound Health and Wellness Trust’s third-party manager, recently advised people regarding a mailing error that compromised their Social Security numbers of the people. Based on the breach notification, the company sent […]

Additional information was recently published regarding two cyberattacks on healthcare companies: Behavioral Health Group and Goodman Campbell Brain and Spine. Behavioral Health Group Reports Potential Compromise of Patient Data in December 2021 Cyberattack Behavioral Health […]

Fast Track Urgent Care, an urgent healthcare clinic network in Florida, has announced that the protected health information (PHI) of 258,411 persons was exposed and possibly stolen due to a ransomware attack on PracticeMax, a […]

Meta is dealing with one more class action lawsuit because of the illegal collection and disclosure of health information with no content. The Northern District of California received the filed lawsuit on behalf of the […]

A big data breach was reported that has impacted many healthcare, senior living and rehabilitation centers in Arizona, Oregon, Nevada, Colorado, Utah, and Washington, which are managed by organizations that belong to the group Avamere […]

Almost all Americans are confident regarding their understanding of cybersecurity as per the latest AT&T study of 2,000 People in America. Nevertheless, bad cyber hygiene and poor password strategies remain a usual thing. OnePoll performed […]

Cybercriminals are increasingly attacking business associates of HIPAA-covered entities because of the ease of accessing the systems of a number of healthcare providers. To help healthcare delivery organizations (HDOs) manage the situation, the Cloud Security […]

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released information to assist healthcare companies to be protected against web application attacks. In recent years, web applications have increased in […]

Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has just confirmed that a data breach at a business associate resulted in the exposure of the protected health information (PHI) of a number of its health […]

In June 2022, 70 healthcare data breaches involving 500 or higher records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR). This number is two less than May and […]

The National Institute of Standards and Technology (NIST) has made updates to its guidance for HIPAA-covered entities on enforcing the HIPAA Security Rule to better secure patients’ personal data and protected health information (PHI). The […]

A new Phishing by Industry Benchmarking Report showed that giving security awareness training to the employees considerably lowers risks to phishing attacks. KnowBe4 conducted the study to find out how helpful security awareness training is […]

Eric G Piasick D.M.D. has utilized the exclusive HIPAA methodology of Compliancy Group and was certified to be in compliance with the HIPAA Guidelines and the HITECH Act. Under the Health Insurance Portability and Accountability […]

All Trans Software Inc based in Ramsey, MN, which provides transportation vendors with Non-Emergency Medical Transportation (NEMT) software solutions, is certified to have put in place an efficient HIPAA compliance program according to the Compliancy […]

The HHS’ Office for Civil Rights has lately released guidance to healthcare companies after the overturning of Roe v. Wade subsequent to the SCOTUS Dobbs v. Jackson Women’s Health Organization judgment, which took away the […]

The Federal Bureau of Investigation (FBI), the Department of the Treasury, and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint security advisory to the healthcare and public health industry about the risk of Maui […]

Google has stated that it is going to take steps to improve privacy protections for end users of its services. Google has always recommended an extensive, national privacy law covering consumer data to make sure […]

The Department of the Treasury, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity warning regarding the MedusaLocker ransomware. The MedusaLocker […]

Senators Cory Booker (D-NJ), Ron Wyden (D-OR), and Elizabeth Warren (D-MA) have written to two prominent mental health app companies and sought responses regarding their practices on data collection and sharing. There were several reports […]

The Government Accountability Office (GAO) has advised the Department of Health and Human Services (HHS) to create a feedback system to enhance the efficiency of its data breach reporting procedure. The Health Information Technology for […]

The software-as-a-Service company Podium based in Lehi, UT offering business text messaging services for local companies has been certified as HIPAA compliant by Compliancy Group. Podium is redefining how patients connect with their local healthcare […]

Acorda Therapeutics Reports Email Account Breach The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments […]

PHI of Approximately 69,000 Persons Compromised in Comstar Hacking Incident Comstar based in Rowley, MA provides ambulance invoicing, collection, ePCR Hosting, and client/patient services. It found out that an unauthorized third-party acquired access to selected […]

Recently, Central Florida Inpatient Medicine (CFIM) based in Lake Mary, FL has found that an unauthorized person has accessed the email account of a staff member. The compromised emails and file attachments may contain the […]

A new bill has been launched by Sen. Elizabeth Warren (D-MA) that wishes to prohibit data brokers from selling the health and location information of Americans. The bill called The following senators co-sponsored the Health […]

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider. […]

Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients. Based […]

ScribeMedics LLC is a service provider of real-time, remote, medical transcription, EHR charting, virtual back office, and medical record review. Compliancy Group recently certified ScribeMedics LLC that it has fully complied with the regulatory requirements […]

The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by […]

Atlassian has announced a patch to correct a critical zero-day vulnerability that impacts all supported versions of Confluence Server and Data Center. The vulnerability, which is tracked as CVE-2022-26134 has a maximum CVSS severity score […]

There is a new zero-day vulnerability discovered that impacts a Windows tool like Follina. Although there’s no information if the vulnerability was exploited in the wild, it is possible to exploit it. The recent attention […]

Five vulnerabilities were discovered in the Illumina Local Run Manager (LRM), which is utilized by Illumina Researcher Use Only (ROU) instruments and Illumina In Vitro Diagnostic (IVD) devices. The impacted instruments are employed for clinical […]

BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email […]

A recent study conducted by Source Defense analyzed the risks related to using third- and fourth-party codes on online sites. They found that all modern, active websites had code that can be targeted by attackers […]

Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and […]

Researchers found out that a misconfigured AWS S3 bucket is exposing information. This cloud storage is owned by Breastcancer.org, a breast cancer support charity located in Ardmore, PA. SafetyDetectives learned that the unsecured AWS bucket […]

After four consecutive months of decreasing figures of data breaches, reported data breaches increased by 30.2%. In April 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 56 data breaches […]

Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT […]

The medical equipment organization NuLife Med LLC based in Manchester, NH, has just announced that it encountered a cyberattack in March 2022. It discovered suspicious network activity on or approximately March 11, 2022, and took […]

The nonprofit health system Christus Health based in Irving, TX operates over 600 healthcare establishments in Arkansas, Texas, New Mexico, and Louisiana. It has been reported recently that it discovered suspicious activity with its computer […]

Unauthorized persons have acquired access to the computer systems of Eye Care Leaders, which is an electronic health records and patient management software solutions provider for eye care clinics. On or around December 4, 2021, […]

The tactics, techniques, and procedures (TTPs) employed by ransomware and other cyber attackers are always changing to elude identification and enable the groups to carry out more successful attacks. The Department of Health and Human […]

A new bill was presented to address the issue of cybersecurity of medical devices that will necessitate makers of medical devices to satisfy particular minimum criteria for cybersecurity with regard to the complete lifecycle of […]

Healthplex Inc., one of the largest dental insurance providers located in New York state, has announced the compromise of an employee’s email account during a phishing attack on November 24, 2021. Upon discovery of the […]

The National Institute of Standards and Technology (NIST) released an updated version of the cybersecurity supply chain risk management (C-SCRM) guidance to aid businesses in developing an effective plan for identifying, evaluating, and responding to […]

Making and remembering long, complicated passwords is hard for many individuals, and it is made even more difficult because of the need to make passwords to protect several accounts – A study by NordPass advises […]

May 5, 2022 is World Password Day. This event was established in 2013 and is observed every first Thursday of May with the objective of bettering understanding of the value of using complex and unique […]

The Five Eyes security agencies, a group of intelligence agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom have released a joint advisory regarding the 15 vulnerabilities in software programs and […]

American Addiction Centers (AAC), a group of treatment centers for people battling drug dependency, alcohol dependency, and co-occurring behavioral/mental health problems, was lately affirmed as having reached compliance with all of the required criteria of […]

Smile Brands located in Irvine, CA offers support services for dental clinics. It just gave a new report on the number of persons affected by a ransomware attack, which was uncovered on April 24, 2021. […]

HIPAATizer.com offers web developers its all-in-one WordPress plugin and form builder to create HIPAA-compliant websites. It has received its certification of compliance with all criteria of the HIPAA Regulations that are applicable to business associates […]

The five eyes cybersecurity agencies have lately published a joint security advisory regarding the danger of cyberattacks on critical infrastructure carried out by pro-Russia cybercriminal groups and Russian nation-state threat actors. Intelligence collected by the […]

Georgia Pines CSB and Ballard Health recently reported security breaches that affected the protected health information (PHI) of 28,295 people. Ballad Health Finds Breach Involving Employee Email Account Ballard Health, an integrated community health improvement […]

The Federal Bureau of Investigation (FBI) has given a TLP: WHITE flash notification regarding the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also called ALPHAV, which began in November 2021. It was released immediately after the shutdown […]

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has released a TLP: White alert concerning the Hive ransomware gang – A specifically hostile cybercriminal operation that has substantially attacked the healthcare […]

For the fourth month now, there has been a drop in the number of reported healthcare data breaches. March 2022 had 43 healthcare data breaches involving 500 and up records reported to the U.S. Department […]

Newman Regional Health (NRH), which manages a 25-bed critical access hospital located in Emporia, KS, has lately begun informing 52,224 individuals that unauthorized persons have acquired access to selected employee email accounts containing protected health […]

Resources for Human Development Breach Impacts 46,673 Persons Resources for Human Development (RHD), a national human services non-profit group based in Philadelphia, PA, has recently reported the theft of a hard drive that contains the […]

There were five zero-day vulnerabilities found in Aethon TUG autonomous mobile robots, which hospitals around the world use for transporting products, medicines, and other medical items. Hospital robots are alluring targets for hackers. When access […]

Due to the latest data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) gave an alert regarding the risk of phishing attacks utilizing this email marketing service. […]

The U.S. Food and Drug Administration (FDA) has released new draft guidance to help medical device companies integrate cybersecurity features into their merchandise at the premarket phase, and to make sure safety risks are taken […]

Charleston Area Medical Center Breach Had 54,000 Victims Charleston Area Medical Center (CAMC) located in Charleston, WV, has just announced a phishing attack that allowed unauthorized individuals to get access to the email accounts of […]