calHIPAA

Promoting HIPAA Compliance For Over 20 Years

  • HIPAA Enforcement News
  • HIPAA Compliance Advice
  • HIPAA Staff Training
  • HIPAA Training Advice
  • About calHIPAA
HomeHIPAA Enforcement News

HIPAA Enforcement News

The HIPAA Enforcement News category delivers timely and authoritative updates on the latest developments in HIPAA regulations and enforcement. This section is dedicated to providing healthcare professionals, compliance officers, and business associates with critical information on recent regulatory changes, legal rulings, and enforcement actions related to the protection of protected health information (PHI).

Our news coverage focuses on significant events and trends within the healthcare industry that impact HIPAA compliance. By staying informed on these developments, you can better anticipate regulatory shifts and ensure that your organization remains compliant with evolving privacy and security requirements under HIPAA.

Hackers Demand a Ransom Paymet of $1 Million from Grays Harbor Community Hospital

August 15, 2019 Christine Garcia

The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock […]

MU Health Faces Lawsuit Over Phishing Attack in May 2019

August 14, 2019 Christine Garcia

Because of a phishing attack on April 2019, the University of Missouri Health Care (MU Health) is charged with a lawsuit. MU Health found out on May 1, 2019 the one week unauthorized access of […]

$145 Million Settlement Proposal of Allscripts to Resolve Its HIPAA and HITECH Act Violations

August 13, 2019 Christine Garcia

Allscripts Healthcare Solutions proposed a preliminary settlement to resolve the violations of HIPAA, the Anti-Kickback Statute and the electronic health record (EHR) incentive program of the HITECH Act by the electronic health record (EHR) firm […]

Over 522,000 Patients Impacted by Ransomware Attacks on Puerto Rico Healthcare Providers

August 12, 2019 Christine Garcia

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico. A press release on July 19, 2019 explained the discovery by […]

PHI of Over 522,000 Puerto Rico Patients Impacted by Ransomware Attack

August 9, 2019 Christine Garcia

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico. A press release on July 19, 2019 mentioned the […]

Using the Emergency Text Notification System and HIPAA Compliance

August 8, 2019 Christine Garcia

Businesses governed by HIPAA regulations need to be mindful whenever using emergency text notification systems and ensure not to disclose Protected Health Information (PHI) without authorization. It can be quite difficult to adhere to HIPAA […]

VA OIG Report Reveals Security Violations Associated With Medical Device Workarounds

August 6, 2019 Christine Garcia

The Department of Veteran Affairs Office of Inspector General (VA OIG) inspected a California VA medical center recently and found security vulnerabilities linked to medical device workarounds as well as non-compliance with Veterans Health Administration […]

31.6 Million Healthcare Records Breached in First Half of 2019

August 5, 2019 Christine Garcia

The healthcare industry has had a particularly bad first six months. The many reports of data breaches and the volume of healthcare records exposed every day are very concerning. The trend this 2019 is over […]

Northwood Inc Phishing Attack Compromised the PHI of 15,000 Patients

August 2, 2019 Christine Garcia

A HIPAA business associate from Madison Heights, MI, Northwood Inc., reported hacking of one of its employee’s email account and potential viewing or acquisition of sensitive patient information. Northwood Inc knew about the breach on […]

Netherlands Haga Hospital Penalized €460,000 for GDPR Data Breach

August 1, 2019 Christine Garcia

The first GDPR data breach fine has been issued by Authoriteit Persoonsgegevens, the GDPR data protection authority in the Netherlands, to Haga Hospital in the Hague. The hospital is to pay a GDPR fine of […]

Wise Health System Phishing Attack Exposed 35,899 Patients’ PHI

July 29, 2019 Christine Garcia

Patients of Wise Health System in Decatur, TX received notification regarding the potential exposure of their protected health information (PHI) because of a phishing attack. About 35,899 patients were affected by the breach. The phishing […]

2019 Data Breach Cost Study Shows Skyrocketing U.S. Healthcare Data Breach Costs

July 26, 2019 Christine Garcia

The 2019 Cost of a Data Breach Report of Ponemon Institute/IBM Security has been published. It is a detailed study of the reported data breaches in 2018. It revealed the continuous increase of data breach […]

AMCA Breach Also Affected Penobscot Community Health Center Patients

July 25, 2019 Christine Garcia

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its […]

Equifax Settlement of Data Breach Case Costs up to $700 Million

July 24, 2019 Christine Garcia

Equifax has decided to resolve its federal data breach case by paying at least $575 million. The settlement could possibly go up to $700 million plus the need to make significant improvements to its security […]

Data Breaches at Edgepark Medical Supplies and Cancer Treatment Centers of America

July 23, 2019 Christine Garcia

Edgepark Medical Supplies (EMS) discovered on May 13, 2019 that an unauthorized person access the account of some of its customers accounts and altered their addresses causing a redirection of their orders to different delivery […]

New Idaho Patient Rights Rules Being Implemented in Idaho Hospitals

July 22, 2019 Christine Garcia

Idaho is giving patients new rights as hospitals implement the new rules. The Idaho Department of Health and Welfare (IDHW) is implementing the rules which began July 1, 2019. IDHW stated that patient advocacy groups […]

ICO’s Proposed $123 Million Penalty to Marriott for its GDPR Violation

July 19, 2019 Christine Garcia

Just a few days after expressing the intention to issue a penalty to British Airways the amount of £183 million ($230 M) for its 383-million records breach, the United Kingdom’s Information Commissioner’s Office (ICO) is […]

Email Account Hack on Adirondack Health Impacts PHI of 25,000 Patients

July 18, 2019 Christine Garcia

Adirondack Health Vermont notified about 25,000 patients regarding the potential exposure of their protected health information (PHI) due to hacking. The potentially compromised information include the patients’ names, birth dates, healthcare insurance member numbers or […]

HHS Announces Partial Waiver of HIPAA Sanctions and Penalties in Louisiana

July 17, 2019 Christine Garcia

The U.S. Department of Health and Human Services (HHS) Secretary has declared a partial waiver of HIPAA sanctions and penalties in Louisiana because of the damage that Tropical Storm Barry likely caused when it hit […]

ICO Issued Notice of Intent to Fine British Airways’ £183 Million GDPR Penalty

July 16, 2019 Christine Garcia

UK Information Commissioners Office (ICO), which is the GDPR supervisory authority, issued the biggest GDPR penalty to British Airways amounting to £183.39 million or $228 million for failure to employ security controls that led to […]

Premera Blue Cross to Pay $10 Million to Settle Multi-State Action Lawsuit

July 15, 2019 Christine Garcia

Premera Blue Cross agreed to pay $10 million to settle a multi-state data breach lawsuit that involved 30 state attorneys general. The alleged violations of state and federal laws resulted to a breach of 10.4 […]

Nemadji Research Corporation Breach Impacts Over 1,000 Patients of Essential Health

July 12, 2019 Christine Garcia

Essentia Health is an integrated health system providing services in the states of Minnesota, North Dakota, Wisconsin and Idaho. Notifications sent to over 1,000 Essentia Health patients stated that some of their protected health information […]

Phishing Attack on California Business Associate Compromised PHI of 14,591 DHS Patients

July 11, 2019 Christine Garcia

Nemadji Research Corporation, doing business under the name of California Reimbursement Enterprises, released information regarding the unauthorized person who accessed the email account of an employee. There is potential exposure of the protected health information […]

Vulnerability in GE Aestiva and Aespire Anesthesia Machines Identified

July 10, 2019 Christine Garcia

GE Aestiva and Aespire Anesthesia devices were found to have an improper authentication vulnerability. These devices are typically used in hospitals all over America. The CVE-2019-10966 vulnerability can allow an attacker to remotely change the […]

Survey Results on Consumers Attitude About Medical Device Security

July 9, 2019 Christine Garcia

A recent nCipher Security survey explored the value consumers put on their health information privacy and security. The survey had 1,300 U.S. consumers as participants and looked into their attitudes toward online personal privacy, sharing […]

2017 Microsoft Outlook Vulnerability Targeted by Threat Group APT33

July 8, 2019 Christine Garcia

Hackers exploited a two-year-old vulnerability in Microsoft Outlook targeting U.S. government networks. A warning issued by U.S. Cyber Command talked about the active exploitation of vulnerability CVE-2017-1174 and installation of remote access Trojans and other […]

Medical Student Sues Hospital and University for Unauthorized Use of PHI in Teaching

July 5, 2019 Christine Garcia

A medical student is filing a lawsuit against Marshall University and Cabell Huntington Hospital because some of his protected health information (PHI) was impermissibly disclosed to a class of students. The medical student, which the […]

Recall of Medtronic Insulin Pumps Because of Cybersecurity Vulnerabilities

July 4, 2019 Christine Garcia

Alerts regarding the cybersecurity vulnerabilities discovered in several Medtronic insulin pumps were released by the United States Computer Emergency Readiness Team (US-CERT) and the Food and Drug Administration (FDA). The vulnerable insulin pumps connect to […]

Small Healthcare Providers Struggle to Adopt Healthcare Cybersecurity Best Practices

July 3, 2019 Christine Garcia

According to a recent study, larger healthcare providers are more inclined to have fully developed, sophisticated cybersecurity defenses, whereas smaller healthcare providers struggle to implement cybersecurity best practices. KLAS and CHIME conducted the study and […]

Franciscan Health Employee Unauthorized Access and Abandoned Boxes of Medical Records in Chatham, Chicago Exposed PHI

July 2, 2019 Christine Garcia

Franciscan Health located in Mishawaka, IN found out that a former staff committed unauthorized access of the protected health information (PHI) of around 2,200 patients. In a routine privacy review, Franciscan Health learned about the […]

UChicago Charged With Illegal Disclosure of Patient Information to Google

July 2, 2019 Christine Garcia

A former UChicago Medicine patient filed a lawsuit claiming that his medical information along with those of hundred other patients were shared with Google with no prior authorization. The lawsuit accuses UChicago Medical Center, UChicago […]

9-Year PHI Breach Reported by Dominion National

June 28, 2019 Christine Garcia

Virginia-based Dominion National, which is an insurance company, health plan manager, and administrator of dental and vision benefits, learned that a data breach affected the personal information of individuals connected to the services it provides. […]

Estes Park Health Paid Ransom Two Times to Get All File Decryption Keys

June 27, 2019 Christine Garcia

Estes Park Health (EPH) located in Colorado was attacked by ransomware, which extensively encrypted files all across its network. EPH discovered the ransomware attack on June 2, 2019 when employees noticed and reported the computers’ […]

Patient Care Coordinator Sentenced to 1 Year Imprisonment for HIPAA Violation

June 26, 2019 Christine Garcia

A patient care coordinator previously employed at the University of Pittsburgh Medical Center (UPMC) received a one-year imprisonment term for accessing patient healthcare records and utilizing that data for malicious damages. Sue Kalina, 62, living […]

Risk of Wiper Malware Attacks by Iranian Threat Actors Increasing

June 25, 2019 Christine Garcia

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning after a surge in ‘Iranian regime actors’ cyberattacks. Christopher C. Krebs gave the warning as tensions build up […]

CCI Study Reveals More Healthcare Data Breaches Involve Server Vulnerabilities

June 24, 2019 Christine Garcia

Cybercriminals that locate and exploit vulnerabilities to access healthcare networks and patient information are increasing their activities. The last two months were the worst and second worst months in terms of number of healthcare data […]

About 60 Assisted Living Facilities and 78,000 Patients’ Prescription Data Affected by Breaches

June 22, 2019 Christine Garcia

A ransomware attack on Tenx Systems, a company providing software for assisted living communities, impacted over 60 facilities that utilize the software program. Also known as ResiDex Software, Tenx Systems stated the attack happened on […]

645,000 People Impacted by Oregon Department of Human Services Phishing Breach

June 20, 2019 Christine Garcia

A phishing attack on the Oregon Department of Human Services (ODHS) resulted to the potential compromise of the personal information of 645,000 clients. The phishing attack began on January 9, 2019, which got 9 ODHS […]

21,000 Patients Impacted By Ransomware Attack on Shingle Springs Health and Wellness Center

June 19, 2019 Christine Garcia

A recent ransomware attack on Shingle Springs Health and Wellness Center (SSHWC) located in Placerville, CA resulted to the potential compromise of the protected health information (PHI) of 21,513 patients. SSHWC found out on April […]

Mental Health Awareness Webinar Hosted by Rave Mobile Safety on June 18, 2019

June 18, 2019 Christine Garcia

Rave Mobile Safety is hosting a webinar on June 18, 2019 that seeks to give better understanding of mental health problems, the difficulties community members encounter in relation to mental health conditions, and how to […]

Urology Practice Pays Ransom Worth $75,000 to Restore Computer Systems Access

June 17, 2019 Christine Garcia

An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient […]

Phishing Attack on Union Labor Life Insurance Exposed 87,400 Patients’ PHI

June 14, 2019 Christine Garcia

A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing […]

Breaches at Takai, Hoover & Hsu and Navicent Health Ended Up With a Fired Nurse and 10,970 Patient PHI Exposed

June 13, 2019 Christine Garcia

An ex-employee of a healthcare provider based in Germantown, MD is alleged to have accessed the protected health information (PHI) of approximately 16,542 patients. The information was allegedly given to a third party to be […]

Lawsuits and Investigations Related to the AMCA Data Breach

June 12, 2019 Christine Garcia

Ever since reports regarding the massive data breach at American Medical Collection Agency (AMCA) became known, over 12 lawsuits had been submitted by breach victims. Quest Diagnostics formally reported the breach on June 3, 2019 […]

LabCorp Patients Also Impacted by AMCA Breach

June 11, 2019 Christine Garcia

News reports spoke of the American Medical Collection Agency (AMCA) data breach that brought about the compromise of 11.9 million Quest Diagnostics patient records. Current news cite another healthcre company affected by the AMCA breach. […]

SSNs of Delta Health Systems Plan Members Exposed Over the Internet

June 10, 2019 Christine Garcia

Turlock Irrigation District in California is notifying its employees who are members of their employer-sponsored health plan regarding the exposure of some of their protected health information (PHI) online due to a business associate error. […]

Misconfiguration Exposed Over 1.68 Million Records at University of Chicago Medicine

June 9, 2019 Christine Garcia

The huge data breaches lately which included the breach at Quest Diagnostics affecting 11.9 million records and the breach at LabCorp affecting 7.7 million records. Now, University of Chicago Medicine announced a data breach with […]

Patient Allowed to Sue Hospital and Employee for Privacy Violation by Vermont Supreme Court

June 6, 2019 Christine Garcia

The Vermont Supreme Court issued a ruling permitting a patient to take legal action against a hospital and nurse for privacy violation, irrespective of Vermont law and the HIPAA law that do not allow private […]

Microsoft Issues Fresh BlueKeep Alert: Public Exploits Exist and the Pending Attacks

June 5, 2019 Christine Garcia

Microsoft issued another warning regarding the BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) after publishing online proof-of-concept exploits for the vulnerability. Microsoft issued fixes for the vulnerability on May 14, 2019. Patches were also made […]

$74 Million Settlement Proposed to Premera Blue Cross Proposed to Settle Class Action Lawsuit for $74 Million

June 4, 2019 Christine Garcia

In March 2015, health insurer Premera Blue Cross in Seattle reported a major data breach that affected close to 10.6 million plan members. The breach happened in 2014 and a wide range of information was […]

Phishing Attack on People Inc. and OS Inc. Impact Patient PHI

June 3, 2019 Christine Garcia

People Inc. is a non-profit health and human services firm located in Western New York providing services to elderly people and people with developmental disabilities. A phishing attack on the organization affected roughly 1,000 persons. […]

PHI Exposed at Medical Oncology Hematology Consultants and Health Net of California Breaches

June 1, 2019 Christine Garcia

Medical Oncology Hematology Consultants (MOHC), a Newark,DE based cancer treatment center, suffered an email security breach that lead to the compromise of the protected health information (PHI) of some patients. MOHC published a substitute breach […]

HELP Committee’s Call For the Consideration of Good Faith Efforts to Strengthen Cybersecurity in HHS’ HIPAA Enforcement Activities

May 30, 2019 Christine Garcia

Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable […]

Medical Informatics Engineering To Resolve Multi-State Lawsuit With Payment of $900,000 Financial Penalty

May 29, 2019 Christine Garcia

A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. […]

Microsoft Released Patches to Fix Vulnerabilities That Could Cause Malware Attacks Similar to the WannaCry Attacks

May 28, 2019 Christine Garcia

Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The […]

What are the HIPAA Fines That Can be Issued to Business Associates?

May 27, 2019 Christine Garcia

Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, […]

Medical Informatics Engineering Settles its HIPAA Breach Case for $100,000

May 25, 2019 Christine Garcia

Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data […]

Boxes of Today’s Vision Patients and Employees Records Abandoned in Texas Dumpster

May 23, 2019 Christine Garcia

Thousands of health records were found left behind in a public dumpster located in Texas. The boxes comprise of patient and employee records from Today’s Vision and include documents that contain highly sensitive data. Today’s […]

Cancer Treatment Centers of America’s Sufferss Second Phishing Attack

May 22, 2019 Christine Garcia

Cancer Treatment Centers of America (CTCA) suffered another breach involving the e-mail account of one personnel working at its Southeastern Regional Medical Center. The breach on March 10, 2019 happened after a phishing attack. The […]

Third Party App Security Framework for the CMS Interoperability Plan

May 21, 2019 Christine Garcia

The American Academy of Neurology (AAN) spoke about their concerns on the interoperability plans of the HHS’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). […]

April 2019 Healthcare Data Breach Report

May 20, 2019 Christine Garcia

April was really bad for healthcare data breaches. The number of reported data breaches this month is higher than any other month since October 2009 when the Department of Health and Human Services’ Office for […]

Forescout Report Reveals Serious Problems in Healthcare Cybersecurity

May 17, 2019 Christine Garcia

A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security […]

Ransomware Attack on American Baptist Homes of the Midwest Potentially Exposed PHI

May 16, 2019 Christine Garcia

American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around […]

32,000 People Impacted by Independent Health and Southeastern Council on Alcoholism and Drug Dependence Breaches

May 14, 2019 Christine Garcia

The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack […]

Medical Data of a Woman’s Sexual Assault Disclosed by Hospital Employee to Her Attacker

May 13, 2019 Christine Garcia

A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City […]

Major Discoveries of the 2019 Verizon Data Breach Investigations Report

May 10, 2019 Christine Garcia

The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and […]

Phishing Attack on Verity Health’s St. Vincent Medical Center Potentially Exposed PHI

May 9, 2019 Christine Garcia

Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was […]

PHI of 3,193 Employees and Dependents Potentially Exposed Due to Bodybuilding.com Data Breach

May 8, 2019 Christine Garcia

The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach […]

Mailing Error Affected the Sending of Inmediata Breach Notification Letters

May 7, 2019 Christine Garcia

After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to […]

Facebook Changes to Protect Health Support Group Users’ Privacy

May 6, 2019 Christine Garcia

Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties […]

Philips Tasy EMR Found to Have Vulnerability

May 3, 2019 Christine Garcia

A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact […]

HHS Information Security Program is “Not Effective” According to OIG

May 2, 2019 Christine Garcia

The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & […]

Exploitation of DICOM Image Format Could Allow Fusion of Malware with PHI

May 1, 2019 Christine Garcia

The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will […]

Changes in the HITECH Act Penalty Amounts for HIPAA Violations

April 30, 2019 Christine Garcia

A notification of enforcement discretion issued by the Department of Health and Human Services about the civil monetary penalties applied whenever there are HIPAA Rules violations discovered will reduce the maximum financial penalty in three […]

New Washington Breach Notification Law Passed After Unanimous Decision

April 29, 2019 Christine Garcia

The Washington legislature made a unanimous decision to pass HB 1071 / SB 5064, a new data breach notification law. The only the bill needs is the signature of Washington Governor Jay Inslee. The law […]

Washington State University Agreed to $4.7 Million Settlement of Class Action Data Breach Lawsuit

April 26, 2019 Christine Garcia

The King County Superior Court lately agreed to a $4.7 million settlement to pay back the people whose personal data were stolen in a breach at Washington State University in April 2017. Portable hard drives […]

Potential Exposure of 8,600 Patients’ PHI Due to Three Email Hacking Incidents

April 25, 2019 Christine Garcia

Three breaches involving patients’ protected health information (PHI) due to email hacking were reported. The three hacking incidents affected a total of 8,635 patients. The first breach happened in the Center for Sight and Hearing […]

HHS’ ONC Welcomes Feedback on the Second Draft of Trusted Exchange Framework and Common Agreement

April 24, 2019 Christine Garcia

The HHS’ Office of the National Coordinator for Health IT (ONC) has published a second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) and is accepting comments on the revised material. The objective […]

Database of Addiction Service Provider with 145,000 Patient Records Accessible Online

April 23, 2019 Christine Garcia

The highly sensitive data of patients who had received treatment at addiction rehabilitation centers were discovered to be publicly accessible online because of an unsecured database. There were around 4.91 million records in the database, […]

Patients Impacted by Breaches at Clearway Pain Solutions Institute and Questcare Medical Services

April 22, 2019 Christine Garcia

Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual. A breach investigation which started on February 20, 2019 revealed that a variety […]

Impermissible Disclosures of PHI Affected 1,600 Ohio Patients

April 19, 2019 Christine Garcia

993 beneficiaries of Medicaid or have obtained services from the Ohio Department of Job and Family Services (ODJFS) living in Ohio received notification that unauthorized persons potentially viewed some of their protected health information (PHI) […]

Riverplace Counseling Center Malware Attack Impacts 11,639 Patients’ PHI

April 18, 2019 Christine Garcia

A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons. The counseling center discovered the […]

Hacker of Blue Cross of Idaho Website Attempts to Reroute Payments

April 17, 2019 Christine Garcia

The website of Blue Cross of Idaho was hacked resulting to the access of its member portal by an unauthorized person who viewed the protected health information (PHI) of some members. Blue Cross of Idaho […]

CynergisTek Study Reveals the Non-Conformance of Healthcare Organizations with NIST CSF and HIPAA Rules

April 16, 2019 Christine Garcia

The consultancy company CynergisTek conducted a study recently and found that healthcare organizations aren’t in conformity to the HIPAA Privacy and Security Rules and the NIST Cybersecurity Framework (CSF) controls. CynergisTek studied the NIST CSF […]

Minnesota DHS Phishing Attacks and State Senate Investigation of Increasing Phishing Attacks

April 15, 2019 Christine Garcia

The Minnesota Department of Human Services (DHS) received another report of a phishing attack that resulted to the compromise of an employee’s email account. This security breach transpired on or before March 26, 2018. This […]

Baystate Health Phishing Attack Impacts 12,000 Patients

April 14, 2019 Christine Garcia

Massachusetts Baystate Health had a phishing attack which impacted the protected health information (PHI) of 12,000 patients. A few employees had their email accounts compromised between February 7 to March 7, 2019. When Baystate Health […]

PHI of Palmetto Health and Weslaco Regional Rehabilitation Hospital Patients Exposed in Phishing Attack

April 13, 2019 Christine Garcia

A phishing attack on Palmetto Health, which is now called Prisma Health, allowed unauthorized persons to access several email accounts. Palmetto Health employees received email messages that have a malicious hyperlink. When the employees clicked […]

Amazon Launched Medical Image De-Identification Service

April 3, 2019 Christine Garcia

Amazon announced a new service that allows healthcare professionals to de-identify medical images by automatically removing any identifying protected health information (PHI) presented in the images. Pictures taken in medical settings often contain personally identifiable […]

Sharp Healthcare Faces Lawsuit for Secretly Recording Female Patients During Surgery

April 3, 2019 Christine Garcia

A group of 81 female patients of Sharp HealthCare and Sharp Grossmont Hospital have filed a lawsuit against the facility for severe breaches in patient privacy. The lawsuit alleges that the hospital secretly recorded video […]

BMJ Report Highlights Lack of Transparency with Fitness Apps and User Data

April 3, 2019 Christine Garcia

The number of health and fitness apps and devices has exploded in recent years. These technologies offer the user assistance in achieving a healthier lifestyle by offering personalised guidance or helping the user track any […]

Northwestern Medical Patient has PHI Exposed on Social Media

March 25, 2019 Christine Garcia

A patient who found her discovered that her private medical information was available on social media platforms is suing the Northwestern Medicine Regional Medical Group for PHI exposure. Earlier this month, Gina Graziano discovered that […]

UCLA Health Settles Class Action Lawsuit for $7.5 Million

March 25, 2019 Christine Garcia

UCLA Health has settled a class action lawsuit filed by victims of a 2014 data breach for $7.5 million. The UCLA Health breach was one of the largest data breaches in history. Hackers accessed the […]

Beazley’s BRS Report Shows SMBs at Risk from Ransomware Attacks

March 24, 2019 Christine Garcia

Beazley Breach Response Services have released a new report indicating that 71% of ransomware attacks target small and medium businesses (SMBs). Ransomware is malware variant which denies the user access to their device, or individual […]

Software Vulnerabilities Found in Multiple CareLink Devices

March 22, 2019 Christine Garcia

Security researchers have identified two vulnerabilities in the Conexus telemetry protocol used by Medtronic MyCarelink monitors, CareLink monitors, CareLink 2090 programmers, and 17 implanted cardiac devices. One vulnerability is rated as ‘critical’, and the other […]

UW Medicine IT Error Exposes Records of 1 Million Patients

March 20, 2019 Christine Garcia

The University of Washington is alerting nearly a million patients of a data breach that resulted in unauthorised individuals being able to access their protected health information (PHI) through search engines online. The error was […]

State Legislature Proposes Florida Biometric Information Privacy Act

March 18, 2019 Christine Garcia

Senator Gary Farmer (D-FL) and Representative Bobby DuBose (D-FL) have proposed new bills concerning consumers’ data privacy rights over their biometric data. The Florida Biometric Information Privacy Act aims to “establish requirements and restrictions on […]

Unauthorised Individual Accesses Sharecare Health Data Services’ Systems

March 16, 2019 Christine Garcia

Sharecare Health Data Services has reported that an unauthorised individual gained access to sensitive information stored in their systems. Sharecare Health Data Services (SHDS), based in San Diego, provides secure electronic exchange and medical records […]

Verizon Mobile Security Index 2019 Released

March 13, 2019 Christine Garcia

The 2019 edition of the Verizon Mobile Security Index has been released, showing the significant risk that mobile device breaches pose to the healthcare industry. The report surveyed eight industry sectors to assess the data […]

Columbia Surgical Specialists Experience Ransomware Attack

March 8, 2019 Christine Garcia

Columbia Surgical Specialists have announced a ransomware attack on their facility has potentially compromised the PHI of up to 400,000 patients. Columbia Surgical Specialists (CSS), based in Spokane, Washington, discovered the attack on January 9, […]

New Data Privacy Act Proposed by Nevada Senator

March 5, 2019 Christine Garcia

Senator Catherine Cortex Masto (D-NV) has introduced a new bill which aims to tackle concerns consumers face about the collection and use of their data. Senator Catherine Cortex Masto’s “Data Privacy Act” calls for organisations […]

Posts pagination

« 1 … 9 10 11 … 13 »
  • Site Map
  • About calHIPAA
  • Privacy Policy
  • Editorial Policy
  • Terms & Conditions
  • Cookie Policy
  • Diversity & Inclusion Policy
  • Jobs at calHIPAA

CalHIPAA is a registered trademark. © Copyright 2003 to 2024 calHIPAA. All rights reserved.