HIPAA Updates

A recent Forescout study highlighted the poor condition of healthcare cybersecurity. The study showed the over reliance of the healthcare industry on legacy software, the extensive use of vulnerable protocols, and the lack of security […]

American Baptist Homes of the Midwest (ABHM), which provides assisted living and assisted care facilities throughout the U.S Midwest, announced a ransomware attack on its systems causing a security breach. The attack was launched around […]

The Southeastern Council on Alcoholism and Drug Dependence (SCADD) located in Lebanon, CT had a ransomware attack that caused considerable file encryption. SCADD experienced network problems that led to the discovery of the ransomware attack […]

A sexual assault victim filed a lawsuit against Atchison Hospital in Kansas because allegedly a hospital x-ray technician shared sensitive data to her attacker regarding her treatment at the hospital. As per the Kansas City […]

The 2019 Verizon Data Breach Investigations Report has been released. It gives a detailed summary of data breaches that public and private entities reported all over the world. The extensive report gives exhaustive insights and […]

Verity Health System’s St. Vincent Medical Center discovered the compromise of a web email account because of a phishing attack. The breach took place on March 15, 2019 where a hospital pathologist’s email account was […]

The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons. Under HIPAA, this kind of breach […]

After the Inmediata breach that caused the exposure of PHI, the company sent by mail notification letters to the people affected by the breach. However many people reported that they got notification letters addressed to […]

Facebook is applying some changes to Facebook Groups that talk about health conditions. This move was prompted because of the criticism on Facebook Groups that despite its being offered as private and confidential, third parties […]

A vulnerability was found in the Philips Tasy EMR system. An attacker can take advantage of the vulnerability and transmit unexpected data to the system that could execute an arbitrary code, alter data flow, impact […]

The U.S Department of Health and Human Services’ Office of Inspector General (OIG) released its yearly evaluation of the HHS to ascertain compliance with the Federal Information Security Management Act of 2014 (FISMA). Ernst & […]

The DICOM image format has been available for about 30 years. It has a design ‘flaw’ that hackers could exploit to add malware in image files. If that happens, the protected health information (PHI) will […]

A notification of enforcement discretion issued by the Department of Health and Human Services about the civil monetary penalties applied whenever there are HIPAA Rules violations discovered will reduce the maximum financial penalty in three […]

The Washington legislature made a unanimous decision to pass HB 1071 / SB 5064, a new data breach notification law. The only the bill needs is the signature of Washington Governor Jay Inslee. The law […]

The King County Superior Court lately agreed to a $4.7 million settlement to pay back the people whose personal data were stolen in a breach at Washington State University in April 2017. Portable hard drives […]

Three breaches involving patients’ protected health information (PHI) due to email hacking were reported. The three hacking incidents affected a total of 8,635 patients. The first breach happened in the Center for Sight and Hearing […]

The HHS’ Office of the National Coordinator for Health IT (ONC) has published a second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) and is accepting comments on the revised material. The objective […]

The highly sensitive data of patients who had received treatment at addiction rehabilitation centers were discovered to be publicly accessible online because of an unsecured database. There were around 4.91 million records in the database, […]

Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual. A breach investigation which started on February 20, 2019 revealed that a variety […]

993 beneficiaries of Medicaid or have obtained services from the Ohio Department of Job and Family Services (ODJFS) living in Ohio received notification that unauthorized persons potentially viewed some of their protected health information (PHI) […]

A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons. The counseling center discovered the […]

The website of Blue Cross of Idaho was hacked resulting to the access of its member portal by an unauthorized person who viewed the protected health information (PHI) of some members. Blue Cross of Idaho […]

The consultancy company CynergisTek conducted a study recently and found that healthcare organizations aren’t in conformity to the HIPAA Privacy and Security Rules and the NIST Cybersecurity Framework (CSF) controls. CynergisTek studied the NIST CSF […]

The Minnesota Department of Human Services (DHS) received another report of a phishing attack that resulted to the compromise of an employee’s email account. This security breach transpired on or before March 26, 2018. This […]

Massachusetts Baystate Health had a phishing attack which impacted the protected health information (PHI) of 12,000 patients. A few employees had their email accounts compromised between February 7 to March 7, 2019. When Baystate Health […]

A phishing attack on Palmetto Health, which is now called Prisma Health, allowed unauthorized persons to access several email accounts. Palmetto Health employees received email messages that have a malicious hyperlink. When the employees clicked […]

The number of health and fitness apps and devices has exploded in recent years. These technologies offer the user assistance in achieving a healthier lifestyle by offering personalised guidance or helping the user track any […]

UCLA Health has settled a class action lawsuit filed by victims of a 2014 data breach for $7.5 million. The UCLA Health breach was one of the largest data breaches in history. Hackers accessed the […]

Senator Gary Farmer (D-FL) and Representative Bobby DuBose (D-FL) have proposed new bills concerning consumers’ data privacy rights over their biometric data. The Florida Biometric Information Privacy Act aims to “establish requirements and restrictions on […]

The 2019 edition of the Verizon Mobile Security Index has been released, showing the significant risk that mobile device breaches pose to the healthcare industry. The report surveyed eight industry sectors to assess the data […]

Senator Catherine Cortex Masto (D-NV) has introduced a new bill which aims to tackle concerns consumers face about the collection and use of their data. Senator Catherine Cortex Masto’s “Data Privacy Act” calls for organisations […]

Rutland Medical Center has announced it has experienced a data breach after an unauthorised individual gained access to the email accounts of several employees. An employee of Rutland Medical Center noticed the breach after realising […]

The National Cybersecurity Center of Excellence (NCCoE) has released a guide to mobile device security. The guide entitled NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds provides practical advice for organisations looking to […]

The Oregon Health Information Property Act proposes that individuals may give permission to their healthcare providers to sell their health data and receive financial compensation from the transaction.   Democrat Senator Floyd Prozanski proposed Senate […]

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an alert about vulnerabilities found in the IDenticard PremiSys access control system. ICS-CERT, a governmental organisation that works to reduce the risk of cybercrime […]

The Supreme Court of Illinois has issued a new ruling which allows individuals whose privacy has been violated through a breach of the Illinois Biometric Information Privacy Act to take legal action against a private […]

The Governor of Massachusetts has signed in a new law that updates the state’s existing data breach laws. Massachusetts Governor Charlie Baker signed the law, named “An Act relative to consumer protection from security breaches” […]

An alert has been issued to IT service providers and their customers about an increase in Chinese malicious cyber activity. The warning was issued by Department of Homeland Security (DHS) United States Computer Emergency Readiness […]

Microsoft has issued patches for 51 vulnerabilities this January 2019 Patch Tuesday. Of the vulnerabilities, 7 were rated critical. Unlike the four preceding months, none vulnerabilities were identified as being actively exploited in the wild. […]

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a critically important piece of legislation created to introduce minimum security and privacy standards in the healthcare industry. HIPAA is a federal law, organisations […]

The Clearwater CyberIntelligence Institute (CCI) has announce that it has identified the three most critical cybersecurity risks facing the organisations in the healthcare industry. CCI, part of Clearwater Compliance, a leading healthcare cyber risk management […]

The United States Senate has introduced a bill that would introduce new protections for the personal information of individuals online. The bill, entitled the Data Care Act, was proposed by Sen. Brian Schatz (D-HI) on […]

IntSights, a security threat intelligence services reviewer, has released a recent study entitled “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry”. The report highlights how easily accessible huge amounts of healthcare data […]

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of its Easy EHR Issues Reporting Challenge. ONC is a federal entity that coordinates […]

The U.S. Department of Justice has released an update on the investigation of the threat actors behind the SamSam ransomware attacks. SamSam ransomware is a custom infection used in targeted attacks against the healthcare industry […]

The American Medical Informatics Association (AMIA), a non-profit organisation dedicated to developing biomedical and health informatics to improve patient care, recently called on the Trump administration to reform data privacy rules in order to better […]

The Cybersecurity and Infrastructure Security Agency Act has been passed by unanimously by Congress on November 13, 2018.  The new legislation will allow the U.S. Department of Homeland Security will be forming a new agency […]

Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of […]

The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is […]

September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of […]

The U.S. Food and Drug Administration (FDA) released an advise about the vulnerabilities of a number of Medtronic implantable cardiac device programmers that hackers can potentially exploit enabling them to alter the programmer’s functionality when […]

Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker […]

Michigan Medicine is sending notification letters to 3,600 patients regarding the impermissible disclosure of some of their protected health information (PHI). The Michigan Medicine Development Office conducted a fundraising project and mailed letters to a […]

Lambda Legal filed a legal case for a data breach victim who, together with 92 lower-income HIV positive individuals, had their highly sensitive protected health information (PHI) stolen by unauthorized people from the California AIDS […]

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its […]

A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the […]

Gold Coast Health Plan located in Camarillo, CA told its 37,000 plan members that cyber attackers potentially accessed some of their protected health information (PHI) because one of its employees’ email account was compromised. The […]

The ECRI Institute is a non-profit company that studies new techniques to enhance patient care. It has recently published an annual list that includes the top 10 Health Technology Hazards for 2019. The goal of […]

Phishing is one of the leading causes of healthcare data breaches. Phishers are able to access healthcare data from email accounts. In many incidents, those email accounts contain considerable volumes of highly sensitive protected health […]

AggregateIQ is an analytics company based in Canada that acted for the Vote Leave campaign. The Information Commissioner’s Office (ICO) issued the first UK GDPR notice to AggregateIQ in connection with business executed in that […]

Ohio Living, which is a firm providing life plan communities and home health services, discovered that an unauthorized individual accessed some of its employees’ email accounts. On July 10, 2018, Ohio Living noticed the suspicious […]

In June 2018, the California Consumer Privacy Act (CCPA) has been passed by the California legislature and thus important changes on how the state law safeguards consumer privacy are expected. The new consumer privacy protections […]

The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report that is saying the Food and Drug Administration (FDA) must study medical equipment cybersecurity controls more carefully and more […]

On September 12, 2018, President Trump approved the declaration of a federal emergency in the state of Virginia. FEMA resources were also made available to the state. Secretary Alex Azar of the U.S. Department of […]

The National Institute of Standards and Technology (NIST) published a Cybersecurity Framework in 2014 to help private companies in assessing their security policies and improving their ability to stop, identify, and respond to cyberattacks. Figures […]

From October 3, 2018, Apple App Store is going to enforce a new privacy policy regulation that app developers are required to tell users what they do with the collected personal data; how they protect […]

NTT Security’s new report showed that 66% of UK’s senior officers confirmed that their organizations are not ready to cover adequately the fiscal effect of data loss in the event of a data breach. This […]

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a statement concerning nine vulnerabilities identified in Philips healthcare products upon the Amsterdam-based technology firm statement of the matter to the […]

There is a code weakness found in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS) that allows an attacker to get administrator privileges and remotely make changes to the code. The Qualcomm Life Capsule’s DTS is […]

Missouri Care made an error in a sending letters to a number of plan members reminding them to schedule well-child visits. Because of the error, the personal data of around 20,000 children was inadvertently exposed […]

Authentic Recovery Center is a drug and alcohol treatment center located in West Los Angeles that had lately encountered a phishing attack causing the possible access of personally identifiable information (PII) and protected health information […]

Central Colorado Dermatology (CCD) advised around 4,000 patients that hackers possibly viewed some of their protected health information (PHI) due to a ransomware attack on its information system. An unauthorized person obtained access to CCD’s […]

The Gordon Schanzlin New Vision Institute found in La Jolla, CA, notified thousands of patients about the stealing of their healthcare information after records that contains protected health information (PHI) were found to be in […]

In spite of many communication strategies available, healthcare providers still frequently use faxes for communicating. Some estimates propose as much as 75% of all communications take place by means of fax in the healthcare sector. […]

The Anti-Phishing Working Group issued its Phishing Activity Trends Report for Q1 2018 that indicates there was a significant rise in unique phishing webpages found in the first couple of months of 2018 in comparison […]

The healthcare records of over 17,000 patients were compromised in two healthcare data breaches in Massachusetts and Oregon. Lane County Health and Human Services located in Oregon has informed over 700 patients about the loss […]

In the last year, the quantity of email data breach reports progressively went up. The Beazley Breach Insights Report July edition said that 23% of all data breaches documented by BBR (Beazley Breach Response) in […]

On July 22, Alex Azar, The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), stated during an address that the HHS is preparing for various changes to the health privacy regulations […]

There is a new bill filed in the state of Massachusetts looking to boost protections for people affected by data breaches. The bill entails complimentary credit monitoring services to be provided to people whose private […]

Ruben U. Carvajal, MD, a physician in New York began notifying his patients that unauthorized persons potentially accessed their protected health information (PHI). Dr Carvajal knew about the possible privacy breach on January 3, 2018 […]

8,400 patients’ protected health information (PHI) included in the email account of a personnel of Billings Clinic in Billings, MT was exposed. The cybersecurity systems of the clinic spotted a number of strange activities that […]

Cass Regional Medical Center in Harrisonville, MO encountered a ransomware attack on July 9, 2018. The ransomware attack impacted its communication network so employees cannot access its electronic medical record (EHR) system. Thankfully, the medical […]

Humana is letting members know that in certain states that an advanced spoofing attack possibly compromised their protected health information (PHI). A spoofing attack is an effort by a bot or threat actor to access […]

Outdated pager systems are already replaced by secure messaging systems in lots of healthcare companies. Any healthcare provider that may be still utilizing the pager system should be aware of the security breach that recently […]

Washington Health System resolved to suspend some employees after finding out about their supposed inappropriate access of patient health information. Even though there’s no confirmation regarding the number of employees that were suspended from their […]

Black Book Research surveyed how much hospitals and physicians use mobile technology. The results revealed that 90% of the hospitals and 94% of physician that participated in the survey have utilized mobile technology and feel […]

A personnel in Terros Health in Phoenix was victimized by a phishing scam and by mistake exposed his login information. The attacker gained access to the victim’s email account who likely viewed the protected health […]

The former employees of Hair Free Forever and Muir Medical Group stole the protected health information (PHI) of patients and gave it to other employers. The patients were informed by the covered organizations concerning the […]

Dignity Health submitted multiple data breach reports and HIPAA violations to the Department of Health and Human Services’ Office for Civil Rights (OCR). The reports included an unauthorized access to the PHI of patients, access […]

In the latest Government Accountability Office (GAO) audit as mandated by the 21st Century Cures Act, the data revealed that patients find it hard to obtain copies of their medical information mainly because of high […]

In April, Purdue University’s security group identified two security breaches which likely granted unauthorized people access to the protected health information (PHI) of patients. A data file on Purdue Univesity Pharmacy’s computers suggests that an […]

April was a terrible month as the healthcare sector suffered from an increased number of data breaches and the persons impacted compared to March. The Department of Health and Human Services acquired 41 submissions of […]

A segment of Allied Physicians Group of Michiana’s network system was down due to a ransomware attack. This episode occurred on May 17, 2018. The attacker encrypted a number of data files stored on the […]

The General Data Protection Regulation (GDPR) in general is applicable to European Union residents in the EU. However how does the GDPR affect EU citizen when he leaves his country and reside in the US […]

There are numerous benefits to utilizing the cloud. A growing number of healthcare companies are using the cloud for their IT needs like migrating programs, infrastructure and datacenter functions. Even so, a big concern is […]

People ask a lot of questions about the General Data Protection Regulation (GDPR), which is going to be enforced on May 25, 2018. Employees ask how the GDPR apply to their personal data. The GDPR […]

Many people talk about the General Data Protection Regulation (GDPR) nowadays with its pending enforcement on May 25, 2018. Since the GDPR is an EU law, does it only impact organizations located within the EU? […]

MEDantex, a transcription service provider, accidentally left patient medical records unsecured and freely accessible to anyone without the need of a password.  The error in restricting access to a physician’s portal resulted in the exposure […]

For the first quarter of 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 77 reports of healthcare data breaches. Over one million patients and health plan members were affected […]

According to Symantec, there’s a recently identified threat group called Orangeworm, which is launching targeted attacks on big healthcare companies in the United States. Orangeworm was first discovered in January 2015. It has been doing […]