The U.S. Department of Justice reported that a federal court in the Eastern District of Texas has sentenced a Texas lady to serve 30 months in federal prison for committing a conspiracy to acquire protected […]
Based on the newest report from ransomware incident response firm Coveware, there is a 38% decline in the average ransom payment made by victims of ransomware attacks between Q1 and Q2, 2021. Q2’s average ransom […]
2020 was notably bad for the healthcare sector considering the record numbers of reported data breaches. Ransomware was a big threat. Emsisoft identified 560 ransomware attacks on healthcare companies last 2020. According to Comparitech, the […]
The Cancer Center at Greenwood Leflore Hospital (CCGLH) in Mississippi informed its patients about the Elekta ransomware attack as a preventative measure to avert identity theft and fraud. Elekta notified CCGLH on May 17 regarding […]
The Nebraska Department of Health and Human Services has made an announcement about a security incident that involved the protected health information (PHI) of clients of Aging Partners, a department of the City of Lincoln. […]
Oklahoma Heart Hospital has begun informing a number of patients regarding a privacy incident wherein paperwork that contains some patient data was unintentionally contributed to charity. A former worker had written notes by hand that […]
For three successive months, there has been an increase in the number of reported healthcare data breaches involving at least 500 records. June had 70 data breaches involving at least 500 records reported to the […]
University Medical Center of Southern Nevada (UMC) has encountered a ransomware attack and had patient data stolen. The medical center said it identified suspicious activity within the hospital system in mid-June and had taken fast […]
Another three healthcare providers made an announcement that they were affected by the recent ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery solution provider. Elekta has a cloud-based mobile app known as […]
Sierra Nevada Primary Care Physicians based in California is notifying 1,717 patients regarding an incident that resulted in the stealing of selected protected health information (PHI), which includes names and credit card details. The District […]
The protected health information (PHI) of around 30,063 Florida Blue (Blue Shield of Florida and Blue Cross) members might have been seen or acquired during a brute force attack on the online member portal of […]
Like California and Virginia, Colorado has passed a comprehensive data privacy law to protect state locals. There were several amendments made before the Colorado Privacy Act went over the line. The state Senate finally passed […]
The pharmacy and supermarket company Kroger has offered to pay $5 million to settle lawsuits which the victims of a data breach filed because their personal data and protected health information (PHI) were exposed. Kroger […]
Coastal Family Health Center (CFHC), the fourth biggest community health center based in Mississippi, has begun informing patients regarding a May 13, 2021 cyberattack that compromised some of their protected health information (PHI). CFHC stated […]
According to a new NBC4 Investigates Report, a breach of the Ohio State University’s (OSU) pilot program that assists veterans to recuperate from Post Traumatic Stress Disorder (PTSD) and other psychological health problems led ot […]
Two former patients filed a class-action lawsuit against BJC HealthCare in relation to an email data breach in March 2020, but the lawsuit has made it through two motions to dismiss. Bradley Dean Taylor and […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that organizations can use to evaluate how effectively they are prepared to protect against and recuperate from a ransomware attack. The threat […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has released a new information that details cybersecurity bad practices, which are extremely harmful and considerably increase threat to critical infrastructure. There are a lot of publicized […]
Five Rivers Health Centers located in Ohio has advised 155,748 patients regarding the unauthorized access to some of their protected health information (PHI) contained in email accounts as a consequence of a phishing attack. There […]
The Government Accountability Office has released a report right after an evaluation of the organizational strategy to the U.S. Department of Health and Human Services (HHS)cybersecurity. The study was done because both the HHS and […]
An ex-employee of Aultman Health Foundation viewed 7,300 patient information with no permission for nearly 12 years prior to the discovery of the HIPAA violation. The employee was given access to patient information to carry […]
Scripps Health in San Diego is looking at several class-action lawsuits due to a ransomware attack on April 29, 2021 that affected 147,267 people. As a result of the attack, the 5-hospital healthcare system needed […]
In October 2020, Mayo Clinic reported that a former employee was found to have committed impermissible access to the health records of roughly 1,600 patients. Based on a statement released by the Mayo Clinic, the […]
The National Institute of Standards and Technology (NIST) has published a draft Cybersecurity Framework Profile for Ransomware Risk Management to be able to guide organizations avoid, respond and recuperate from ransomware attacks. The Ransomware Profile […]
A bipartisan group of senators has brought in a federal data breach notification bill- the Cyber Incident Notification Act of 2021 – that calls for all federal organizations, contractors, and firms that have supervision over […]
May was 2021’s worst month thus far in terms of healthcare data breaches. The Department of Health and Human Services’ Office for Civil Rights recorded 63 breaches involving 500 or more records in May. For […]
South Texas Health System has informed 6,761 regarding some of their protected health information (PHI) that had been accidentally disclosed. South Texas Health System offers discharge directions following patients are given medical care in its […]
The Connecticut legislature has improved its data breach notification rule, extending the definition of personal information and reducing the maximum period of time for providing breach notices. The new legislation brings the data breach notification […]
A cyberattack on Service Employees International Union 775 (SEIU 775) Benefits Group, which is a benefits manager for home healthcare and nursing home employees, resulted in the removal of sensitive information. IT employees discovered issues […]
The Chief Operating Officer of an IT security agency is facing a lawsuit due to a financially driven cyberattack on Gwinnett Medical Center based in Lawrenceville, GA last September 2018. Vikas Singla, aged 45, of […]
The Cybersecurity and Infrastructure Security Agency (CISA) has released a security alert concerning 6 vulnerabilities identified in the ZOLL Defibrillator Dashboard, which include a remote code execution vulnerability with critical 9.9 severity. An anonymous person […]
The health insurance and healthcare provider Humana in Louisville, KY and its business associate Cotiviti are confronted with legal action due to a data breach identified in late December 2020. On May 26, 2021, a […]
In September 2020, Nebraska Medicine and the University of Nebraska Medical Center found out that their systems were hacked and downloaded with malware allowing the hackers access to the protected health information (PHI) of approximately […]
The National Institute of Standards and Technology (NIST) has posted its latest report about the usage of biometric authentication on cellular devices to permit first responders to obtain quick access to sensitive information, at the […]
Attleboro, MA-based Sturdy Memorial Hospital is notifying 57,379 patients regarding a computer security incident that happened on February 9, 2021 whereby patient data was compromised. In accordance with the breach notice issued by the hospital, […]
The HHS’ Office for Civil Rights has reached a settlement with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) to resolve a potential violation of the HIPAA Right of Access. This is OCR’s 8th financial […]
The Federal Bureau of Investigation (FBI) has given a Flash Notification cautioning Fortinet Fortigate appliances end users that Advanced Persistent Threat (APT) groups are planning to target devices that haven’t been patched for three vulnerabilities: […]
Microsoft has found a huge spear-phishing campaign executed by the Russian Advanced Persistent Threat (APT) group, which is responsible for the SolarWinds Orion supply chain attack. Since January 2021, Microsoft has tracked the APT group […]
RMcKinley Christian Health Care Services (RMCHCS) in Gallup, NM submitted a report regarding a ransomware attack in February 2021 that resulted in patient data exfiltration. The attack in February conducted by the Conti ransomware gang […]
CareSouth Carolina based in Hartsville, SC has informed 76,035 patients regarding the likely exposure of some of their protected health information (PHI) because of a ransomware attack on Netgain Technologies, its IT service provider. Netgain […]
ZocDoc based in New York, which provides a platform that allows potential patients to schedule meetings with doctors and dentists, has found an issue in its software program that permitted patient information to be seen […]
There has been a great deal of uncertainty regarding the case of inquiring somebody if they have gotten a COVID-19 vaccine. Does it constitute a HIPAA violation, particularly with regards to employers asking their staff […]
Health Plan of San Joaquin (HPSJ), which is a non-profit provider of Medi-Cal managed care located in French Camp, CA, found out that an unauthorized person has acquired access to its email system and possibly […]
A number of healthcare organizations have shown concern concerning the HIPAA Privacy Rule modifications recommended by the Department of Health and Human Services (HHS) last December 2020 and publicized in the Federal Register last January. […]
New England Dermatology has begun informing 58,106 patients regarding the compromise of some of their protected health information (PHI). In a breach notice last April 30, 2021, New England Dermatology stated that its in-house pathology […]
April was notably an awful month for healthcare data breaches as 62 breaches involving at least 500 records were reported. March 2021 had the same number of healthcare data breaches. April had more than 2 […]
Universal Health Services (UHS) is facing a lawsuit associated with a 2020 data breach; but, the lawsuit proceeded only for one of the patients identified on the lawsuit. UHS manages approximately 400 hospitals and care […]
2020 was definitely not a usual year. The pandemic put big challenges on IT security teams and companies were compelled to quickly speed up their digital transformation strategies and greatly expand their remote working capacities. […]
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have given an advisory regarding DarkSide ransomware after the attack on the fuel pipeline firm Colonial Pipeline. The cyberattack triggered significant disruption […]
Compliancy Group has certified that Macadamian Technologies has an efficient HIPAA compliance program in place and granted the company its HIPAA Seal of Compliance award. Macadamian Technologies is a software design and development company based […]
The Pennsylvania Department of Health and also its COVID-19 contact tracing provider are getting sued because of a breach of the personal and medical information of 72,000 Pennsylvanians. Insight Global and the Department of Health […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory regarding a new ransomware variant that is employed in attacks on a number of industry sectors, such as medical care. To date, the […]
Full-service home medical equipment firm, Health Aid of Ohio in Parma, OH, has learned that unauthorized people obtained access to its networks and stolen a number of files. The data breach was identified on February […]
CaptureRx, a 340B administrative services provider to healthcare organizations in San Antonio, TX, has experienced a ransomware attack that resulted in the theft of files that contain the protected health information (PHI) of its customers’ […]
Elekta, a Swedish provider of oncology and radiology system, is recovering from a cyberattack that shoved it to take offline its first-generation web-based storage platform on April 20, 2021. Even though the firm has reported […]
The healthcare provider Scripps Health located in San Diego experienced a ransomware attack on May 1, 2021 which compelled it to shut down its information technology systems. Scripps Health manages four hospitals throughout the San […]
Doctors Medical Center of Modesto (DCM) in California has found out that a service provider employed by a former vendor inadvertently exposed patient information over the web. DCM had hired the SaaS platform company Medifies […]
Einstein Healthcare Network, a health system based in Philadelphia, is dealing with a class-action lawsuit associated with an August 2020 phishing attack that enabled an unauthorized person to access several employee email accounts. Einstein Healthcare […]
The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 people were accidentally exposed on the internet because of a mistake made by a member of its employees. […]
An email security breach at HME Specialists LLC, doing business as Home Medical Equipment Holdco, resulted in the potential compromise of the protected health information (PHI) of 153,013 people. HME Specialists found suspicious activity within […]
Due to the escalating danger from ransomware attacks, the U.S Department of Justice has started a brand new Ransomware and Digital Extortion Task Force that is going to focus on the whole ransomware ecosystem. The […]
The healthcare data breaches reported in March increased by 38.8%. There were 62 breaches involving at least 500 records reported to the HHS’ Office for Civil Rights, the majority of which were hacking incidents. The […]
A cyberattack on CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) resulted in the theft of CHPDC members’ protected health information (PHI). CHPDC, formerly called Trusted Health Plans, found out that its computer […]
Pressure between Russia and the U.S. is increasing because of the nonstop cyberattacks on private and public sector establishments as well as the U.S. government by Russian government hackers. The National Security Agency (NSA), DHS’ […]
Health-ISAC, together with the American Hospital Association (AHA), has shared guidance for healthcare data security teams to assist them to develop resilience in the event of supply chain cyberattacks like the latest SolarWinds Orion occurrence. […]
Compliancy Group has certified that SageData, the business intelligence platform provider from Bulgarian, has effectively enforced a HIPAA compliance program and is keeping the regulatory requirements of the HIPAA Security Rule, Privacy Rule, Omnibus Rule, […]
The U.S. National Security Agency (NSA) has reported four zero-day vulnerabilities identified in Microsoft Exchange Server versions 2013, 2016, and 2019 which are employed for on-premises Microsoft Exchange Servers. Quick patching is necessary as threat […]
The Ventura County District Attorney directed Adventist Health Physicians Network located in Simi Valley, California to pay civil momentary penalties worth $40,000 for a civil privacy settlement resolving a patient privacy breach that impacted 3,797 […]
The business and technology consulting company Fresh Gravity has been verified by Compliancy Group as having undertaken all required actions to show compliance with the HIPAA Security Rule, Privacy Rule, Omnibus Rule, Breach Notification Rule, […]
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has introduced a brand new tool to go with the open-source Sparrow detection tool based on PowerShell that was launched in December 2020 to support network defenders […]
Roper St Francis Healthcare is confronted with a class action lawsuit associated with an October 2020 data breach wherein patient information was purportedly stolen. The lawsuit alleges negligence for not protecting patients’ private information. From […]
Advanced persistent threat (APT) actors are exploiting vulnerabilities in the Fortinet FortiOS operating system to gain access to servers to get into networks as pre-positioning for follow-on data exfiltration and information encryption attacks. In the […]
Med-Data Inc., a revenue cycle management services vendor based in Spring, TX, has given confirmation that the protected health information (PHI) of patients of some of its clients were loaded to GitHub, an open-source software […]
Compliancy Group has reported that Kleva Health Inc. has an appropriate HIPAA compliance program in place and is satisfying the prerequisites of the HIPAA Rules. Kleva Health as a digital health technology firm offers a […]
Wake Forest Baptist Health made an announcement that an unauthorized individual acquired access to the systems of Healthgrades Operating Co. Inc, its technology vendor between October 16 and October 28, 2020 and possibly viewed or […]
Security company Proofpoint has associated the Advanced Persistent Threat (APT) group called Charming Kitten with a spear-phishing campaign carried out at the end of 2020 aimed towards senior pros at medical research institutions in the […]
At the beginning of 2020, phishers began taking advantage of the pandemic and changed from their typical lures to many pandemic-associated themes for their campaigns. After one year since the COVID pandemic began, researchers at […]
The Compliancy Group has certified WellnessLiving, a top-rated business management software provider for health and wellness companies, as HIPAA compliant. Any software company that offers products that are likely to access PHI is categorized as […]
The HHS’ Office for Civil Rights has reported reaching a settlement with Village Plastic Surgery based in Ridgewood, NJ to resolve potential HIPAA Right of Access violations. Based on the conditions of the settlement, Village […]
Cancer Treatment Centers of America is notifying 104,808 of its Midwestern Regional Medical Center patients regarding the potential access by an unauthorized person to some of their protected health information (PHI) that is included in […]
In February 2021, reported data breaches involving 500 or more healthcare records increased by 40.63%. There were 45 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, almost all […]
Compliancy Group certifies Canary Global Inc. as having a good HIPAA compliance program setup. Canary Global Inc. is a medical technology firm that has created a selection of revolutionary medical devices, software programs, and services, […]
MyWoundDoctor Inc. has been certified by Compliancy Group as having a good HIPAA compliance plan and is dedicated to making sure that all electronic protected health information (ePHI) recorded and sent by its telehealth mobile […]
On January 12, 2021, Colorado Retina Associates in Denver found out that an unauthorized person accessed the email account of one employee and utilized it to send out phishing emails to contacts listed in the […]
Health plan management and back-office services provider PeakTPA based in St. Louis, MO-based provider reported a cyberattack with protected health information (PHI) theft that occurred on or approximately December 28, 2020. PeakTPA detected the security […]
Premier Diagnostics, a COVID-19 testing service based in Utah, has accidentally compromised the protected health information (PHI) of thousands of people. Bob Diachenko of Comparitech discovered two exposed Amazon S3 buckets on February 22, 2021. […]
About 207,000 people were confirmed to have been impacted by a ransomware attack on St. Cloud-based Netgain Technology LLC and that number may still go up. A number of entities in the healthcare sector, such […]
Making changes to the HIPAA Rules is not frequent, therefore whenever there is a proposition for updates, a range of new specifications and updates to existing terms is commonly included. Before undertaking any updates, a […]
The Arizona Supreme Court revived a HIPAA violation legal case that a man from Phoenix filed because of a privacy violation by a pharmacy worker associated with an erectile dysfunction medicine prescription. Greg Shepherd, aged […]
On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Mikie Sherrill (D-New Jersey) and Bonnie Watson Coleman (D-New Jersey)wrote a letter advocating the Federal Trade Commission (FTC) to begin imposing the Health Breach […]
Governor Ralph Northam has signed into law the Virginia Consumer Data Protection Act (CDPA). CDPA mandates persons doing business in the Commonwealth of Virginia to follow new data privacy and security standards. The CDPA will […]
Cochise Eye and Laser, an ophthalmology and optometry company located in Sierra Vista, AZ, had a ransomware attack on January 13, 2021 and saw the encryption of its patient booking and billing application. Due to […]
The IBM X-Force published a new report that shows healthcare cyberattacks had a 100% increase in 2020 and 28% of attacks were ransomware attacks. The substantial increase in healthcare sector cyberattacks put the sector on […]
The National Security Agency (NSA) has lately published new guidance to assist companies to implement a Zero Trust approach to cybersecurity and have better protection against very advanced cyber threats. Zero Trust is a security […]
2020 was a notably awful year for the healthcare industry in terms of ransomware attacks. Fortune 500 healthcare system Universal Health Services (UHS) based in King of Prussia, PA suffered one of the worst ransomware […]
The performance analytics and end-user experience solution provider Accedian based in Montreal, Canada has been certified as HIPAA compliant by Compliancy Group. Accedian’s solutions help its clients with their digital infrastructure, at the same time, […]
Covenant Healthcare based in Saginaw, MI has found out that an unauthorized individual acquired access to two email accounts of employees. The account held the protected health information (PHI) of roughly 45,000 patients. The healthcare […]
The last day for reporting healthcare data breaches involving less than 500 records that were identified in 2020 is on March 1, 2021. Until then, HIPAA-covered entities and business associates can submit their breach reports […]
Kroger made an announcement that it has encountered a data security incident, which exploited the SQL injection vulnerabilities found in its Accellion File Transfer Appliance (FTA). The Accellion FTA is an old appliance that was […]
The number of healthcare data breaches involving 500 or more records in January 2021 decreased by 48% month-over-month. There were 32 data breaches reported in January compared to December’s 62. Although this is below the […]
© Copyright 2003 to 2021 Calculated HIPAA