A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security […]
American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around […]
A new analysis report by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) highlights a number of the prevalent risks and vulnerabilities related to switching from on-premise to cloud-based mail services like Microsoft Office 365. […]
The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack […]
A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City […]
The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and […]
Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was […]
The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach […]
After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to […]
Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties […]
A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact […]
The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & […]
The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will […]
A notification of enforcement discretion issued by the Department of Health and Human Services about the civil monetary penalties applied whenever there are HIPAA Rules violations discovered will reduce the maximum financial penalty in three […]
The Washington legislature made a unanimous decision to pass HB 1071 / SB 5064, a new data breach notification law. The only the bill needs is the signature of Washington Governor Jay Inslee. The law […]
The King County Superior Court lately agreed to a $4.7 million settlement to pay back the people whose personal data were stolen in a breach at Washington State University in April 2017. Portable hard drives […]
Three breaches involving patients’ protected health information (PHI) due to email hacking were reported. The three hacking incidents affected a total of 8,635 patients. The first breach happened in the Center for Sight and Hearing […]
The HHS’ Office of the National Coordinator for Health IT (ONC) has published a second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) and is accepting comments on the revised material. The objective […]
The highly sensitive data of patients who had received treatment at addiction rehabilitation centers were discovered to be publicly accessible online because of an unsecured database. There were around 4.91 million records in the database, […]
Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual. A breach investigation which started on February 20, 2019 revealed that a variety […]
993 beneficiaries of Medicaid or have obtained services from the Ohio Department of Job and Family Services (ODJFS) living in Ohio received notification that unauthorized persons potentially viewed some of their protected health information (PHI) […]
A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons. The counseling center discovered the […]
The website of Blue Cross of Idaho was hacked resulting to the access of its member portal by an unauthorized person who viewed the protected health information (PHI) of some members. Blue Cross of Idaho […]
The consultancy company CynergisTek conducted a study recently and found that healthcare organizations aren’t in conformity to the HIPAA Privacy and Security Rules and the NIST Cybersecurity Framework (CSF) controls. CynergisTek studied the NIST CSF […]
The Minnesota Department of Human Services (DHS) received another report of a phishing attack that resulted to the compromise of an employee’s email account. This security breach transpired on or before March 26, 2018. This […]
Massachusetts Baystate Health had a phishing attack which impacted the protected health information (PHI) of 12,000 patients. A few employees had their email accounts compromised between February 7 to March 7, 2019. When Baystate Health […]
A phishing attack on Palmetto Health, which is now called Prisma Health, allowed unauthorized persons to access several email accounts. Palmetto Health employees received email messages that have a malicious hyperlink. When the employees clicked […]
Can Docusign be used with electronic protected health information (ePHI) by healthcare organizations without violating HIPAA Rules? Is DocuSign compliant with HIPAA? DocuSign is a provider that offers electronic signature and transaction management services. DocuSign […]
Amazon announced a new service that allows healthcare professionals to de-identify medical images by automatically removing any identifying protected health information (PHI) presented in the images. Pictures taken in medical settings often contain personally identifiable […]
A group of 81 female patients of Sharp HealthCare and Sharp Grossmont Hospital have filed a lawsuit against the facility for severe breaches in patient privacy. The lawsuit alleges that the hospital secretly recorded video […]
The number of health and fitness apps and devices has exploded in recent years. These technologies offer the user assistance in achieving a healthier lifestyle by offering personalised guidance or helping the user track any […]
A patient who found her discovered that her private medical information was available on social media platforms is suing the Northwestern Medicine Regional Medical Group for PHI exposure. Earlier this month, Gina Graziano discovered that […]
UCLA Health has settled a class action lawsuit filed by victims of a 2014 data breach for $7.5 million. The UCLA Health breach was one of the largest data breaches in history. Hackers accessed the […]
Beazley Breach Response Services have released a new report indicating that 71% of ransomware attacks target small and medium businesses (SMBs). Ransomware is malware variant which denies the user access to their device, or individual […]
Security researchers have identified two vulnerabilities in the Conexus telemetry protocol used by Medtronic MyCarelink monitors, CareLink monitors, CareLink 2090 programmers, and 17 implanted cardiac devices. One vulnerability is rated as ‘critical’, and the other […]
The University of Washington is alerting nearly a million patients of a data breach that resulted in unauthorised individuals being able to access their protected health information (PHI) through search engines online. The error was […]
Senator Gary Farmer (D-FL) and Representative Bobby DuBose (D-FL) have proposed new bills concerning consumers’ data privacy rights over their biometric data. The Florida Biometric Information Privacy Act aims to “establish requirements and restrictions on […]
Sharecare Health Data Services has reported that an unauthorised individual gained access to sensitive information stored in their systems. Sharecare Health Data Services (SHDS), based in San Diego, provides secure electronic exchange and medical records […]
Phishing attacks against large organisations have become increasingly common in recent years. Sectors that deal with sensitive information, such as the healthcare sector and financial industries, are particularly at risk of attack. Credit card numbers […]
The 2019 edition of the Verizon Mobile Security Index has been released, showing the significant risk that mobile device breaches pose to the healthcare industry. The report surveyed eight industry sectors to assess the data […]
Columbia Surgical Specialists have announced a ransomware attack on their facility has potentially compromised the PHI of up to 400,000 patients. Columbia Surgical Specialists (CSS), based in Spokane, Washington, discovered the attack on January 9, […]
Marketo is Marketing Automation software focused on account-based marketings. In April 2018, Adobe purchased Marketo for $4.75 billion. The software has received widespread praise, such as featuring on the Wall Street Journal’s “Next Big Thing” […]
Senator Catherine Cortex Masto (D-NV) has introduced a new bill which aims to tackle concerns consumers face about the collection and use of their data. Senator Catherine Cortex Masto’s “Data Privacy Act” calls for organisations […]
Kentucky Counselling Center has announced that a data breach has resulted in the exposure of 16,440 patient data files. On January 4, 2019, a former employee notified Kentucky Counselling Center (KCC) that they had received […]
Rutland Medical Center has announced it has experienced a data breach after an unauthorised individual gained access to the email accounts of several employees. An employee of Rutland Medical Center noticed the breach after realising […]
UConn Health has announced that a recent phishing attack has compromised approximately 326,000 patient files. UConn Health is the branch of the University of Connecticut that oversees clinical care, advanced biomedical research, and academic education […]
Drupal has released an update which corrects a critical vulnerability in the Drupal CMS. Drupal is a free and open-source content management framework and provides the back-end framework for approximately 2.3% of websites worldwide. The […]
Deep Instinct has announced that it has identified a new phishing campaign is spreading Separ malware. Researchers at Deep Instinct identified the last campaign in January 2019. The threat actors behind this version of […]
The National Cybersecurity Center of Excellence (NCCoE) has released a guide to mobile device security. The guide entitled NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds provides practical advice for organisations looking to […]
Akamai has announced the discovery of a new phishing attack that spoofs a Google webpage. Larry Cashdollar, working at Akamai, a cloud service provider, discovered the fraud campaign. Like many other phishing campaigns, this attack […]
Researchers at Carbon Black have identified a new Shlayer malware variant that targets Mac computers running MacOS versions 10.10.5 to 10.14.3. The researchers first identified the OrA new Shlayer malware variant a year ago. Mac […]
The Oregon Health Information Property Act proposes that individuals may give permission to their healthcare providers to sell their health data and receive financial compensation from the transaction. Democrat Senator Floyd Prozanski proposed Senate […]
A new Business Email Compromise (BEC) attack targeting high-level executives has been identified. BEC campaigns are a form of phishing attack in which the cybercriminal impersonates a high-ranking member of an organisation, such as CEO […]
Dropbox is a popular file hosting service used by over 500 million people worldwide. It is becoming increasingly popular with businesses and organisations as a way of storing files, as it reduces costs by reducing […]
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an alert about vulnerabilities found in the IDenticard PremiSys access control system. ICS-CERT, a governmental organisation that works to reduce the risk of cybercrime […]
Aetna has agreed to pay the California Attorney General $935,000 for a 2017 breach which resulted in the exposure of the HIV status of 1,991 Californian residents. In July 2017, Aetna, a health insurer based […]
The Supreme Court of Illinois has issued a new ruling which allows individuals whose privacy has been violated through a breach of the Illinois Biometric Information Privacy Act to take legal action against a private […]
Radware has released a report that reveals the cost of a cyber attack to businesses has increased by 52% in the past year. Radware researchers surveyed 790 professionals across the globe in a variety of […]
HIPAA Rules requires organizations in the healthcare industry place adequate safeguards on sensitive data they hold to ensure that the integrity and security of protected healthcare information (PHI) is maintained. Many of these stipulations are […]
The Governor of Massachusetts has signed in a new law that updates the state’s existing data breach laws. Massachusetts Governor Charlie Baker signed the law, named “An Act relative to consumer protection from security breaches” […]
A Georgia-based paediatric cardiologist was sentenced to 6 months’ probation after pleading guilty to violating HIPAA legislation by disclosing patient PHI to an unauthorised organisation. Dr Eduardo Montana, 55, plead guilty at the Department of […]
An alert has been issued to IT service providers and their customers about an increase in Chinese malicious cyber activity. The warning was issued by Department of Homeland Security (DHS) United States Computer Emergency Readiness […]
The results of an investigation into a data breach at SingHealth, Singapore’s largest health network, highlight the importance of even the most basic cybersecurity practices for organisations across the globe. The data breach at SingHealth […]
The National Counterintelligence and Security Centre (NCSC) has launched a public awareness campaign with the aim of improving the response of businesses to cybersecurity threats. NCSC, part of the Office of the Director of National […]
A study has been published which investigated how data breaches affect hospital advertising expenditure decisions. The study, entitled “Understanding the Relationship Between Data Breaches and Hospital Advertising Expenditures” was published by Sung J. Choi, PhD […]
A cybersecurity blog has reported that a new vishing scam in which the scammer pretends to be an employee of Apple Inc. has been uncovered. Vishing is a less common form of phishing attack. The […]
Microsoft has issued patches for 51 vulnerabilities this January 2019 Patch Tuesday. Of the vulnerabilities, 7 were rated critical. Unlike the four preceding months, none vulnerabilities were identified as being actively exploited in the wild. […]
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a critically important piece of legislation created to introduce minimum security and privacy standards in the healthcare industry. HIPAA is a federal law, organisations […]
The San Diego Unified School District has announced that a phishing attack on its network has affected more than half a million of its staff and current and former students. The San Diego Unified School […]
The Clearwater CyberIntelligence Institute (CCI) has announce that it has identified the three most critical cybersecurity risks facing the organisations in the healthcare industry. CCI, part of Clearwater Compliance, a leading healthcare cyber risk management […]
A flaw has been identified in Orange Livebox ADSL modems that causes the modems to “leak” WiFi credentials. Orange Livebox is an ADSL wireless router used to deliver broadband services to customers of Orange S.A., […]
The final version of the Risk Management Framework (RMF 2.0) has been released by the National Institute of Standards and Technology (NIST). NIST is a non-regulatory agency of the United States Department of Commerce. The […]
Patients affected by a data security incident at LifeBridge Health in March 2018 have filed a lawsuit against the facility. LifeBridge Health, a nonprofit healthcare corporation in Baltimore, Maryland, discovered that malware had infected one […]
The United States Senate has introduced a bill that would introduce new protections for the personal information of individuals online. The bill, entitled the Data Care Act, was proposed by Sen. Brian Schatz (D-HI) on […]
The University of Vermont Health Network has revealed that a data security incident at the facility has affected approximately 32,000 patients. The breach was discovered on October 18, 2018. An unauthorised third-party had gained access […]
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory about a vulnerability that has been identified in certain Medtronic CareLink and Encore Programmers. ICS-CERT, an organisation created to identify and tackle problems […]
IntSights, a security threat intelligence services reviewer, has released a recent study entitled “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry”. The report highlights how easily accessible huge amounts of healthcare data […]
The University of Maryland Medical System has recently announced that it has been the victim of a malware attack on its network. The University of Maryland Medical System is a private, not-for-profit corporation that operates […]
In late November, the Department of Justice indicted two Iranian threat actors over the use of SamSam ransomware. However, Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) are urging organisations that the threat […]
The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for officials to reform the Health Insurance Portability and Accountability Act (HIPAA). The calls for reform were made on […]
The Attorney Generals of a dozen states have filed a lawsuit against Medical Informatics Engineering, a healthcare software and systems developer and NoMoreClipboard, an electronic platform for personal health records. The lawsuit is over the […]
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of its Easy EHR Issues Reporting Challenge. ONC is a federal entity that coordinates […]
The Department of Health and Human Services’ Office of Inspector General (OIG) has issued a report questioning the integrity of security systems at two managed care organizations (MCOs) in Arizona following security audits of the […]
Allergy Associates of Hartford, P.C. (Allergy Associates) has agreed to pay a fine of $125,000 to the Office of Health and Human Services’ Office for Civil Rights to settle alleged violations of the Health Insurance Portability […]
The U.S. Department of Justice has released an update on the investigation of the threat actors behind the SamSam ransomware attacks. SamSam ransomware is a custom infection used in targeted attacks against the healthcare industry […]
The American Medical Informatics Association (AMIA), a non-profit organisation dedicated to developing biomedical and health informatics to improve patient care, recently called on the Trump administration to reform data privacy rules in order to better […]
Researchers at Michigan State University and John Hopkins University have released a report containing their analysis of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) between October […]
The National Cybersecurity Center of Excellence (NCCoE) is a US government organisation that builds and shares solutions to potential cybersecurity threats faced by US businesses. The NCCoE is a part of the National Institute of […]
The Department of Health and Human Services (HHS) has drafted a Request for Information (RFI) to assess HIPAA Rules may be hindering patient information sharing. The move is in repose to complaints that healthcare providers […]
The Cybersecurity and Infrastructure Security Agency Act has been passed by unanimously by Congress on November 13, 2018. The new legislation will allow the U.S. Department of Homeland Security will be forming a new agency […]
This week, the Centers for Medicare and Medicaid (CMS) has announced an update on the recent HealthCare.gov website breach. Last month, hackers gained access to a health insurance system that interacts with the HealthCare.gov website. […]
Inova Health System, a non-profit health organisation based in Falls Church, Virginia, has announced that it has experienced a data breach. The protected health information (PHI) of over 12,000 of its patients may have been […]
The HHS’ Office of Inspector General (OIG) has published the findings of an audit of the FDA’s policies and procedures for addressing medical device cybersecurity in the postmarket phase. The US Food and Drug Administration […]
Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of […]
HIPAA’s email rules may be complicated at first glance, but ultimately can be broken down into a number of comprehensible stipulations and requirements. It is vital that any organisation has a good grasp of HIPAA’s […]
A North Carolina medical center has announced that a phishing attack on its systems has resulted in the protected health information (PHI) of up to 20,000 being compromised. Catawba Valley Medical Center (CVMC), based in […]
The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is […]
September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of […]
The use of electronic or “e-signatures” is becoming widespread as more and more people have access to portable electronic devices. As with any new development in technology, there was some concern over the compatibility of […]
The Centers for Medicaid & Medicare Services (CMS) has announced that it was recently the victim of a cyberattack that has resulted in approximately 75,000 consumer records being accessed by unauthorised individuals. On October 13 […]
© Copyright 2018 Calculated HIPAA