The Federal Policy for the Protection of Human Subjects was supposed to take effect on January 19, 2018. But its implementation was delayed by 6 months. Compliance date was changed to July 19, 2018. The […]
PhishMe is the top provider of human phishing defense solutions that started its operations in 2007. It recently announced its change in branding beginning February 26, 2018 as it was acquired by a private equity […]
St. Peter’s Surgery & Endoscopy Center in New York was attacked by malware that resulted to giving hackers access to the healthcare data of about 135,000 patients. This is the second largest healthcare data breach […]
Tufts Health Plan had a data breach that exposed the health plan member ID numbers of 70,320 members. The mailing vendor of Tufts Health Plan sent Preferred ID cards to Tufts Medicare Advantage members from […]
The Protenus Healthcare Breach Barometer report recently published that about 473,807 patient medical records were exposed or stolen in January 2018. That figure is not yet final as 11 of the 37 breaches have yet […]
Health Net California, a benefit-provider for federal employees, has been tagged as unwilling to submit to a recent security audit according to the Flash Audit Alert issued by the U.S. Office of Personnel Management (OPM) […]
An online attack on the medical records of White and Bright Family Dental patients was uncovered on January 30, 2018. Hackers were able to access one of the servers of the dental practice which is […]
The legal firm Salem and Green, a business associate of Sutter Health, had a phishing attack resulting in exposure of the protected health information of certain patients. A staff of Salem and Green received a […]
Healthcare organizations must be prepared for the unexpected times when cyber criminals attack their data networks with the intention of extortion. It is expected that HIPAA-compliant entities are already somewhat prepared against cyber attacks because […]
The Department of Health and Human Services’ Office for Civil Rights published in its January 2018 Cybersecurity Newsletter the increased extortion attempts on healthcare organizations in the past two years. Ransomware attacks encrypt electronic health […]
When patients complain of privacy violation, healthcare providers need to know how to deal with it. For an efficient response, the organization must have policies that cover complaints procedure. The staff should know how to […]
A privacy breach occurred in the Puerto Rico Health Plan Triple-S Advantage, which affected 36,000 plan members. The cause of the breach was a mailing error that disclosed the plan members’ sensitive information to incorrect […]
The banking Trojan Ursnif was typically used for attacking financial institutions. But the malware is now used to attack different organizations including those in the healthcare industry. The researchers at the security firm Barkly detected […]
According to Healthcare Information and Management Systems Society (HIMSS), there are five current cybersecurity threats that healthcare organizations need to watch out for to prevent unauthorized access to their networks and protected health information. The […]
A Florida Veterans Affairs Medical Center set up a Wi-Fi network without coordinating with the VA’s Office of Information & Technology (OI&T). The result of such action was the introduction of vulnerabilities that could lead […]
The Massachusetts Attorney General’s office presented a new tool for reporting online data breach. The objective of this tool is to assist breached entities in quickly submitting breach notices. As demanded by the Massachusetts data […]
Ron’s Pharmacy Services in San Diego, CA discovered that an email account containing limited protected health information of 6,781 patients was compromised. The pharmacy noticed on October 3, 2017 the suspicious activity on an employee’s […]
Sophos, an online security company, released a report saying that victims of ransomware attacks are likely to have more attacks within a year. It pointed out that healthcare companies will continue to be the target […]
The states of South Dakota and Alabama currently do not have breach notification laws. However, the scenario will be different for South Dakota soon if their State Legislature approves proposed bill SB 62 passed by […]
Partners HealthCare System recently notified 2,600 patients that their protected health information was compromised. The breach incident was discovered in May 2017. Under HIPAA Rules, Partners HealthCare should have notified OCR and the victims up […]
Press America, Inc is a mail service used by CVS Pharmacy. Because of an accidental disclosure of 41 individual’s protected health information, CVS Pharmacy sued Press America, Inc. CVS Pharmacy works as a business associate […]
AllScripts was attacked by ransomware last week resulting in the unavailability of their services. Thousands of healthcare providers cannot access patient data or the e-prescription service. AllScripts now faces a class action lawsuit filed by […]
North Carolina Attorney General Josh Stein and state Representative Jason Saine introduced the Act to Strengthen Identity Theft Protections on January 8, 2018. The introduction of this new data breach notification bill was a response […]
660 patients of Eastern Maine Medical Center were notified of a potential exposure of their protected health information. The portable hard drive that contained the sensitive information disappeared from its State Street facility in Bangor, […]
The Kansas Attorney General fined Pearlie Mae’s Compassion and Care LLC in Topeka, Kansas together with its owners for its failure to protect patient and employee records. The civil monetary penalty amounted to $8,750. According […]
Aetna recently settled a class action lawsuit paying $17.2 million for a data breach last July. The breach involved sending letters to members when details of HIV medications became visible through the plastic windows of […]
Hacking or IT incidents is the major cause of healthcare data breaches of 2017. 17 out of the top 20 were of this cause. In comparison to the previous years, hacking/IT incidents only accounted for […]
This article compares the largest healthcare data breaches from 2015 to 2017. The past two years were record-breaking with respect to healthcare data breaches. What about 2017? The healthcare industry had a bad year on […]
CIOX Health is a medical record retrieval company that is suing the Department of Health and Human Services. The lawsuit concerns the restriction placed by HIPAA laws on the amount that providers can charge patients […]
A ransomware attack on Allscripts happened on January 18, 2018, which is the reason why a number of the firm’s applications, such as the cloud EHR and the electronic prescriptions platform, went offline. The attack […]
Aetna agreed to pay $17,161,200 to settle a class action lawsuit filed by complainants of a mailing error that disclosed sensitive information. The envelopes used had clear plastic windows through which the details of HIV […]
Hancock Health in Indiana, Greenfield had a ransomware attack that forced hospital staff to use pen and paper to manually record patient health information. The hospital’s IT department tried to block the ransomware attack and […]
The Coplin Health Systems based in West Virginia had a potential PHI breach impacting 43,000 patients. The cause of the breach is an unencrypted laptop computer stolen from an employee’s vehicle. Coplin Health knew about […]
The Department of Health and Human Services has updated the rule on Confidentiality of Substance Use Disorder Patients Records. In relation to this, the regulation on Substance Abuse and Mental Health Services Administration (SAMHSA) also […]
The computer network of Oklahoma State University Center for Health Sciences (OSUCHS) was accessed by an unauthorized individual resulting in the potential exposure of the billing information of Medicaid patients. OSUCHS discovered the security breach […]
Longs Peak Family Practice (LPFP) in Longmont, Colorado was attacked by ransomware. The hacker gained access to the systems of this family and sports medicine practice and encrypted some parts of its network. LPFP identified […]
The Department of Health and Human Services’ Office of Inspector General (OIG) found data security inadequacies upon auditing the North Carolina State Medicaid agency. According to the report, the State agency did not implement enough […]
NewSky Security researchers discovered a misconfiguration in over a thousand Lexmark printers that are accessible over the Internet. These are printers used by universities, businesses and the U.S. government. The misconfiguration is allowing unauthorized individuals […]
A guide published by the American Health Management Association (AHIMA) aims to help healthcare organizations create a comprehensive cybersecurity plan. It is necessary for healthcare organizations to develop and maintain an organization-wide framework that manages […]
Anti-malware firm Malwarebytes released a new report covering ransomware attacks up to the end of November 2017. Ransomware attacks increased by 62%, because criminal gangs and cybercriminals use them to make money quickly. Since September […]
A scrub nurse was fired for violating the HIPAA Rules. Allegedly, a scrub nurse photographed the genitals of an employee–patient undergoing incision hernia surgery at Washington Hospital. She used her mobile phone to take photos […]
About 98% of healthcare providers are still not yet implementing the DMARC (Domain-based Message Authentication, Reporting & Conformance) email authentication standard. This information is based on a survey conducted by the National Health Information Sharing […]
Wager Evans Dental in Reno, NV had to deal with a ransomware attack that kept them from accessing dental records and images for five days. The ransomware attack happened on October 30, 2017. A report […]
Protenus just released the November healthcare data breach report and it revealed a decrease in the number of reported healthcare data breaches and the number of patient records exposed for this month. November only had […]
Austin Manual Therapy (AMT) notified 1,750 of its patients of a potential breach of their protected health information. Allegedly, a criminal attacker accessed AMT’s computer system and may have stolen their PHI. A leading national […]
Two HIPAA-covered entities announced the exposure of patients’ protected health information. The first is Washington Health System Greene in Waynesburg, PA. The other one is Midland Memorial Hospital in Midland, TX. The protected health information […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general continued to aggressively pursue financial settlements for HIPAA Rules violations in 2017. For the 9 HIPAA settlements and one […]
21st Century Oncology agreed to pay the Department of Health and Human Services’ Office for Civil Rights (OCR) a settlement fee to resolve its HIPAA violations which was discovered when a 2015 PHI breach involving […]
The American Medical Association (AMA) and Accenture surveyed 1,300 physicians in the United States to know what physicians think about cybersecurity. Based on the responses, it seems sure that cyberattacks will happen. What’s uncertain is […]
Thieves stole a computer used by UNC Dermatology & Skin Cancer Center in Chapel Hill, NC on October 8, 2017. The stolen computer’s database contained the protected health information of about 24,000 patients who visited […]
The Oklahoma Department of Human Services had a data breach in April 2016. After discovering the breach, Oklahoma DHS notified the people impacted by the breach and the DHS’ Office of Inspector General, but not […]
A ransomware attack encrypted the protected health information of patients in the New Jersey-based Hackensack Sleep and Pulmonary Center. This incident took place on September 24, 2017 but it was only discovered the next day. […]
There’s a proposed bill called the Data Security and Breach Notification Act that the Senate will vote on. The purpose of the bill is to standardize the requirements of breach notification across all states. Right […]
Healthcare organizations are expected to follow the rules introduced by the Health Insurance Portability and Accountability Act (HIPAA). The question is which federal departments are enforcing HIPAA rules? How can consumers make sure that covered […]
A clinic worker gets 5-year jail term for stealing the protected health information of Kirkbride Center’s mentally ill patients and selling them to identity thieves. Jean Baptiste Alvarez, age 43, a resident of Aldan, Philadelphia […]
A PHI breach occurred at the Henry Ford Health System based in Detroit which impacted about 18,500 patients. The organization became aware of the breach on October 3, 2017. According to the report, the email […]
A patient cannot sue a healthcare provider for a HIPAA violation and seek damages even when harm resulted. But it is still possible to take legal action against the covered entity and demand damages for […]
Lincare Holdings Inc., one company supplying home respiratory therapy products, had a breach of employee personal data in February 2017. According to the report, an HR department employee emailed the W2 forms of thousands of […]
Mount Sinai St. Luke’s Hospital settled a case with the Department of Health and Human Services’ Office for Civil Rights earlier this year. The 2014 case involved alleged HIPAA violations over an impermissible disclosure of […]
Hackers attacked the CareFirst BlueCross BlueShield database in 2014 and accessed the protected health information of 1.1 million members. The information exposed included names, birth dates, email addresses and subscriber ID numbers. Following the breach, […]
The law firm Bryan Cave, LLP reported an increase in class-action data breach lawsuits faced by the healthcare industry last 2016. This doesn’t mean, however, that the litigation following a breach also increased. Bryan Cave […]
Patients of Otolaryngology Associates of Central Jersey have been notified of a breach involving their protected health information. Burglars broke in an off-site storage facility of the organization and stole 13 boxes of paper medical […]
A ransomware attack on the Ottawa-based East Central Kansas Area Agency on Aging (ECKAAA) resulted in the file encryption of 8,750 patient’s protected health information (PHI). ECKAAA discovered the attack that happened on September 5, […]
A phishing attack on the Medical College of Wisconsin resulted in the potential exposure of protected health information of 9,500 patients. The attack enabled unauthorized access to several employees’ email accounts, which stored sensitive information […]
The Department of Health and Human Services is seeking volunteers for a pilot project on HIPAA Administrative Simplification Optimization. The purpose of this project is to make HIPAA compliance reviews for health plans and healthcare […]
Two independent care providers inappropriately accessed the healthcare data of 683 patients of TJ Samson Community Hospital in Glasgow, KY and TJ Health Columbia Clinic. The unauthorized access to patient PHI was discovered on August […]
The number of healthcare data breach incidents was particularly high in September. In the November 2017 healthcare Breach Barometer Report by Protenus, the number was more typical with 37 breach incidents in October. The data […]
The Catholic Charities of the Diocese of Albany (CCDA) was upgrading its computer security software last August when the technician discovered a malware installed in one of its computer servers. Glen Falls office uses the […]
Just because a firm does not provide healthcare services and does not operate in the field of healthcare, it doesn’t mean that it is not a HIPAA-covered entity. Briggs Stratton Corporation is a manufacturer of […]
The U.S. Food and Drug Administration (FDA) gave an update of the guidelines that medical device manufacturers should follow when it comes to sharing information requested by patients. The medical devices that patients use can […]
There has been confusion regarding HIPAA Rules on sharing patient information to others in case of opioid overdose. The U.S. Department of Health and Human Services’ Office for Civil Rights wanted to clarify the issues […]
Brevard Physician Associates had a recent incident of burglary which resulted in the potential exposure of limited protected health information of about 8,000 patients. On the morning of September 4, 2017, thieves broke into the […]
On September 21, 2017, Texas Children’s Health Plan discovered an incident of PHI theft via email involving the healthcare data of 932 members. Allegedly the PHI was emailed to a former employee’s personal email account […]
One of the major threats in keeping the confidentiality of healthcare data is phishing. If you have noticed, a number of news updates in the past weeks involved healthcare organizations announcing cases of unauthorized access […]
FirstHealth of the Carolinas is a not for profit health network based in Pinehurst, SC that a new Wannacry ransomware variant attacked on October 17, 2017. In May this year, over 230,000 computers around the […]
RiverMend Health is a specialty behavioral health services provider that helps people who have problems with alcohol and drug addiction. The RiverMend Health branch located in Augusta, GA discovered unauthorized access to the email account […]
Phishing is probably the biggest data security threat that healthcare organizations have to face today. In the past few weeks, several phishing attacks on healthcare organizations had been reported. One of which was really serious […]
According to the Breach Barometer report issued by Protenus, healthcare data breaches significantly increased in September 2017. Included in the report were cases of healthcare data breaches received by the Department of Health and Human […]
Last July 31, 2017, Advanced Spine & Pain Center (ASPC) became aware of a potential breach and unauthorized use of patients’ protected health information. About 8,362 patients who might be affected by what happened got […]
There are certain times when the Secretary of the U.S. Department of Health and Human Services exercises his authority to issue a limited waiver of HIPAA sanctions and penalties. In most cases, the announcement is […]
Health organizations, covered entities and their business associates need to be familiar with the HIPAA Breach Notification Rule and must strictly comply. This rule covers the issuance of notifications to patients, plan members and the […]
A tenant named Barbara Jarvis-Neavins filed a report against Illinois-based psychiatrist Dr. Riaz Baber for mishandling the medical records of more than 10,000 patients. Apparently, the psychiatrist rented out his property to Jarvis-Neavins who eventually […]
Recently, there was an incident that a HIPAA-covered entity used an unsecured Amazon S3 bucket to store patients’ medical data. It was the researchers from Kromtech Security who discovered the cloud storage security problem. There were […]
Network Health, a health insurance provider based in Wisconsin, recently informed its 51, 232 plan holders about the unauthorized access of their protected health information (PHI). According to the report, the security breach began in August […]
The HHS wanted to simplify the administrative process for getting certification of compliance for all controlling health plans (CHPs) and promote consistent testing processes for CHPs. However, their proposal for a new rule has been […]
Representatives Dave Trott (D-MI) and Susan Brooks (R-IN) introduced the Internet of Medical Things Resilience Partnership Act in the U.S. House of Representatives recently. With the increase in the number of medical devices and systems […]
© Copyright 2018 Calculated HIPAA