Best Medical Transcription, a transcriptionist vendor, has been fined by the New Jersey Attorney General Gurbir S. Grewal for breaching HIPAA in 2016. The violation occurred while it was working as a business associate of […]
The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3). Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is […]
September 2018 Healthcare Data Breach Report The number of healthcare data breaches reported to the Department of Health and Human Service’s Office for Civil Rights (OCR) for September 2018 is down to 25-a decrease of […]
The U.S. Food and Drug Administration (FDA) released an advise about the vulnerabilities of a number of Medtronic implantable cardiac device programmers that hackers can potentially exploit enabling them to alter the programmer’s functionality when […]
Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker […]
Michigan Medicine is sending notification letters to 3,600 patients regarding the impermissible disclosure of some of their protected health information (PHI). The Michigan Medicine Development Office conducted a fundraising project and mailed letters to a […]
Lambda Legal filed a legal case for a data breach victim who, together with 92 lower-income HIV positive individuals, had their highly sensitive protected health information (PHI) stolen by unauthorized people from the California AIDS […]
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its […]
A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the […]
Gold Coast Health Plan located in Camarillo, CA told its 37,000 plan members that cyber attackers potentially accessed some of their protected health information (PHI) because one of its employees’ email account was compromised. The […]
The ECRI Institute is a non-profit company that studies new techniques to enhance patient care. It has recently published an annual list that includes the top 10 Health Technology Hazards for 2019. The goal of […]
Phishing is one of the leading causes of healthcare data breaches. Phishers are able to access healthcare data from email accounts. In many incidents, those email accounts contain considerable volumes of highly sensitive protected health […]
AggregateIQ is an analytics company based in Canada that acted for the Vote Leave campaign. The Information Commissioner’s Office (ICO) issued the first UK GDPR notice to AggregateIQ in connection with business executed in that […]
Ohio Living, which is a firm providing life plan communities and home health services, discovered that an unauthorized individual accessed some of its employees’ email accounts. On July 10, 2018, Ohio Living noticed the suspicious […]
In June 2018, the California Consumer Privacy Act (CCPA) has been passed by the California legislature and thus important changes on how the state law safeguards consumer privacy are expected. The new consumer privacy protections […]
The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report that is saying the Food and Drug Administration (FDA) must study medical equipment cybersecurity controls more carefully and more […]
On September 12, 2018, President Trump approved the declaration of a federal emergency in the state of Virginia. FEMA resources were also made available to the state. Secretary Alex Azar of the U.S. Department of […]
The National Institute of Standards and Technology (NIST) published a Cybersecurity Framework in 2014 to help private companies in assessing their security policies and improving their ability to stop, identify, and respond to cyberattacks. Figures […]
From October 3, 2018, Apple App Store is going to enforce a new privacy policy regulation that app developers are required to tell users what they do with the collected personal data; how they protect […]
NTT Security’s new report showed that 66% of UK’s senior officers confirmed that their organizations are not ready to cover adequately the fiscal effect of data loss in the event of a data breach. This […]
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a statement concerning nine vulnerabilities identified in Philips healthcare products upon the Amsterdam-based technology firm statement of the matter to the […]
There is a code weakness found in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS) that allows an attacker to get administrator privileges and remotely make changes to the code. The Qualcomm Life Capsule’s DTS is […]
Missouri Care made an error in a sending letters to a number of plan members reminding them to schedule well-child visits. Because of the error, the personal data of around 20,000 children was inadvertently exposed […]
Authentic Recovery Center is a drug and alcohol treatment center located in West Los Angeles that had lately encountered a phishing attack causing the possible access of personally identifiable information (PII) and protected health information […]
Central Colorado Dermatology (CCD) advised around 4,000 patients that hackers possibly viewed some of their protected health information (PHI) due to a ransomware attack on its information system. An unauthorized person obtained access to CCD’s […]
The Gordon Schanzlin New Vision Institute found in La Jolla, CA, notified thousands of patients about the stealing of their healthcare information after records that contains protected health information (PHI) were found to be in […]
In spite of many communication strategies available, healthcare providers still frequently use faxes for communicating. Some estimates propose as much as 75% of all communications take place by means of fax in the healthcare sector. […]
The Anti-Phishing Working Group issued its Phishing Activity Trends Report for Q1 2018 that indicates there was a significant rise in unique phishing webpages found in the first couple of months of 2018 in comparison […]
The healthcare records of over 17,000 patients were compromised in two healthcare data breaches in Massachusetts and Oregon. Lane County Health and Human Services located in Oregon has informed over 700 patients about the loss […]
In the last year, the quantity of email data breach reports progressively went up. The Beazley Breach Insights Report July edition said that 23% of all data breaches documented by BBR (Beazley Breach Response) in […]
On July 22, Alex Azar, The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), stated during an address that the HHS is preparing for various changes to the health privacy regulations […]
There is a new bill filed in the state of Massachusetts looking to boost protections for people affected by data breaches. The bill entails complimentary credit monitoring services to be provided to people whose private […]
Ruben U. Carvajal, MD, a physician in New York began notifying his patients that unauthorized persons potentially accessed their protected health information (PHI). Dr Carvajal knew about the possible privacy breach on January 3, 2018 […]
8,400 patients’ protected health information (PHI) included in the email account of a personnel of Billings Clinic in Billings, MT was exposed. The cybersecurity systems of the clinic spotted a number of strange activities that […]
Cass Regional Medical Center in Harrisonville, MO encountered a ransomware attack on July 9, 2018. The ransomware attack impacted its communication network so employees cannot access its electronic medical record (EHR) system. Thankfully, the medical […]
Humana is letting members know that in certain states that an advanced spoofing attack possibly compromised their protected health information (PHI). A spoofing attack is an effort by a bot or threat actor to access […]
Outdated pager systems are already replaced by secure messaging systems in lots of healthcare companies. Any healthcare provider that may be still utilizing the pager system should be aware of the security breach that recently […]
Washington Health System resolved to suspend some employees after finding out about their supposed inappropriate access of patient health information. Even though there’s no confirmation regarding the number of employees that were suspended from their […]
Black Book Research surveyed how much hospitals and physicians use mobile technology. The results revealed that 90% of the hospitals and 94% of physician that participated in the survey have utilized mobile technology and feel […]
A personnel in Terros Health in Phoenix was victimized by a phishing scam and by mistake exposed his login information. The attacker gained access to the victim’s email account who likely viewed the protected health […]
The former employees of Hair Free Forever and Muir Medical Group stole the protected health information (PHI) of patients and gave it to other employers. The patients were informed by the covered organizations concerning the […]
Dignity Health submitted multiple data breach reports and HIPAA violations to the Department of Health and Human Services’ Office for Civil Rights (OCR). The reports included an unauthorized access to the PHI of patients, access […]
In the latest Government Accountability Office (GAO) audit as mandated by the 21st Century Cures Act, the data revealed that patients find it hard to obtain copies of their medical information mainly because of high […]
In April, Purdue University’s security group identified two security breaches which likely granted unauthorized people access to the protected health information (PHI) of patients. A data file on Purdue Univesity Pharmacy’s computers suggests that an […]
April was a terrible month as the healthcare sector suffered from an increased number of data breaches and the persons impacted compared to March. The Department of Health and Human Services acquired 41 submissions of […]
A segment of Allied Physicians Group of Michiana’s network system was down due to a ransomware attack. This episode occurred on May 17, 2018. The attacker encrypted a number of data files stored on the […]
The General Data Protection Regulation (GDPR) in general is applicable to European Union residents in the EU. However how does the GDPR affect EU citizen when he leaves his country and reside in the US […]
There are numerous benefits to utilizing the cloud. A growing number of healthcare companies are using the cloud for their IT needs like migrating programs, infrastructure and datacenter functions. Even so, a big concern is […]
People ask a lot of questions about the General Data Protection Regulation (GDPR), which is going to be enforced on May 25, 2018. Employees ask how the GDPR apply to their personal data. The GDPR […]
Many people talk about the General Data Protection Regulation (GDPR) nowadays with its pending enforcement on May 25, 2018. Since the GDPR is an EU law, does it only impact organizations located within the EU? […]
MEDantex, a transcription service provider, accidentally left patient medical records unsecured and freely accessible to anyone without the need of a password. The error in restricting access to a physician’s portal resulted in the exposure […]
For the first quarter of 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 77 reports of healthcare data breaches. Over one million patients and health plan members were affected […]
According to Symantec, there’s a recently identified threat group called Orangeworm, which is launching targeted attacks on big healthcare companies in the United States. Orangeworm was first discovered in January 2015. It has been doing […]
The protected health information of 1,071 patients who received medical services at the Des Moines Crisis Observation Center was “accidentally and unknowingly disseminated” for a period of three and a half years. The Crisis Observation […]
The updated version of the Cybersecurity Framework was made available by the National Institute of Standards and Technology this April 16, 2018. This framework for improving critical infrastructure cybersecurity was issued initially on February 2014. […]
The number of healthcare data breaches increased month-over-month. In March 2018, HIPAA covered entities reported 29 security breaches. February 2018 had 25 breach incidents. Though the number of reported data breaches increased in March, there […]
UnityPoint Health discovered that unauthorized individuals accessed the email accounts of several employees. It was found that the email accounts were accessed for a period of three months starting from November 1, 2017 up to […]
Inogen is a company that manufactures portable oxygen concentrators. An unauthorized person got the login credentials of one Inogen employee and accessed his email account. The personal information of about 30,000 persons that Inogen provided […]
Baptist Health’s West Kendall Baptist Hospital in Miami, FL discovered that a former employee stole the credit card information of patients then used the details for fraudulent purchases. Baptist Health found out about the misuse […]
The protected health information (PHI) of tens of thousands of Middletown Medical patients was exposed due to a misconfiguration in the security setting of a radiology interface. Middletown Medical, a multi-specialty physician’s group that is […]
Ponemon Institute conducted a survey on behalf of ServiceNow to learn about the issues on patching that healthcare and pharmaceutical industries are struggling with. The study revealed that organizations are not patching vulnerabilities promptly hence […]
Finally, Alabama has a law requiring companies to issue notifications to residents whose personal information has been exposed or compromised because of a data breach. On March 28, 2018, Governor Kay Ivey signed the data […]
Law enforcement discovered that the protected health information (PHI) of some Cambridge Health Alliance (CHA) patients fell into the hands of an unauthorized person. Everett Massachusetts Police Department notified CHA on January 31, 2018 about […]
Almost all states in the U.S. have their own data breach notification legislation. Now, there are new federal regulations being proposed that could render state level laws obsolete. The Data Acquisition and Technology Accountability and […]
All 48 U.S. states are already implementing a Breach Notification Law that requires individuals and companies storing personal information to send a notification letter to individuals when a data breach occurs. South Dakota is one […]
Owen Graduate School of Management researcher Dr. Sung Choi conducted a study on the effects of data breaches in hospitals. The results indicated a rise in mortality rates at breached hospitals due to a drop […]
Based on the Post and Courier report, 13 Medical University of South Carolina (MUSC) employees were terminated last year because of snooping on patient records, which is a violation of HIPAA Rules. MUSC had a […]
TitanHQ released SpamTitan v7.00, which is the new version of its cloud-based anti spam service. SpamTitan v7.00 has updated features that can protect users more effectively from malicious emails and known threats. It also includes […]
The protected health information of over 35,000 patients at ATI Physical Therapy was potentially accessed by unauthorized persons due to a phishing attack on some employees’ email accounts. ATI discovered the security breach on January […]
RoxSan Pharmacy based in Beverly Hills, CA mailed breach notification letters last month to 1,049 patients. The patients’ protected health information was disclosed to a business associate through unencrypted email on January 20, 2015. The […]
The Department of Health and Human Services’ Office of Inspector General released its review findings on HHS’ compliance with the Federal Information Security Modernization Act (FISMA) of 2014. OIG noted the improvements HHS made to […]
Malicious persons accessed the email accounts of four employees working in Primary Health Care Inc., which is a non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA. The unauthorized persons may […]
Department of Health and Human Services’ (HSS) Office for Civil Rights (OCR) Director Roger Severino gave some hints on the likely changes affecting the HIPAA in 2018. Because the Trump administration lobbied for a decrease […]
The Alabama Senate unanimously passed the Alabama Data Breach Notification Act (Senate Bill 318) last February 2017, so now the bill is in the hands of the House of Representatives. Alabama and South Dakota are […]
Two separate incidents of email-related data breaches were recently reported to OCR. The covered entities involved were Flexible Benefit Service Corportation (Flex) and Kansas Department for Aging and Disability Services (KDADS). The protected health information […]
The IBM X-Force Threat Intelligence Report mentioned that 71% of healthcare data breaches are because of employee actions. There are two types of employee-related data breaches. Malicious insiders comprise 25% of healthcare data breaches and […]
The Federal Policy for the Protection of Human Subjects was supposed to take effect on January 19, 2018. But its implementation was delayed by 6 months. Compliance date was changed to July 19, 2018. The […]
PhishMe is the top provider of human phishing defense solutions that started its operations in 2007. It recently announced its change in branding beginning February 26, 2018 as it was acquired by a private equity […]
St. Peter’s Surgery & Endoscopy Center in New York was attacked by malware that resulted to giving hackers access to the healthcare data of about 135,000 patients. This is the second largest healthcare data breach […]
Tufts Health Plan had a data breach that exposed the health plan member ID numbers of 70,320 members. The mailing vendor of Tufts Health Plan sent Preferred ID cards to Tufts Medicare Advantage members from […]
The Protenus Healthcare Breach Barometer report recently published that about 473,807 patient medical records were exposed or stolen in January 2018. That figure is not yet final as 11 of the 37 breaches have yet […]
Health Net California, a benefit-provider for federal employees, has been tagged as unwilling to submit to a recent security audit according to the Flash Audit Alert issued by the U.S. Office of Personnel Management (OPM) […]
An online attack on the medical records of White and Bright Family Dental patients was uncovered on January 30, 2018. Hackers were able to access one of the servers of the dental practice which is […]
The Department of Health and Human Services’ Office for Civil Rights published in its January 2018 Cybersecurity Newsletter the increased extortion attempts on healthcare organizations in the past two years. Ransomware attacks encrypt electronic health […]
The banking Trojan Ursnif was typically used for attacking financial institutions. But the malware is now used to attack different organizations including those in the healthcare industry. The researchers at the security firm Barkly detected […]
A Florida Veterans Affairs Medical Center set up a Wi-Fi network without coordinating with the VA’s Office of Information & Technology (OI&T). The result of such action was the introduction of vulnerabilities that could lead […]
The Massachusetts Attorney General’s office presented a new tool for reporting online data breach. The objective of this tool is to assist breached entities in quickly submitting breach notices. As demanded by the Massachusetts data […]
Ron’s Pharmacy Services in San Diego, CA discovered that an email account containing limited protected health information of 6,781 patients was compromised. The pharmacy noticed on October 3, 2017 the suspicious activity on an employee’s […]
The states of South Dakota and Alabama currently do not have breach notification laws. However, the scenario will be different for South Dakota soon if their State Legislature approves proposed bill SB 62 passed by […]
Partners HealthCare System recently notified 2,600 patients that their protected health information was compromised. The breach incident was discovered in May 2017. Under HIPAA Rules, Partners HealthCare should have notified OCR and the victims up […]
North Carolina Attorney General Josh Stein and state Representative Jason Saine introduced the Act to Strengthen Identity Theft Protections on January 8, 2018. The introduction of this new data breach notification bill was a response […]
660 patients of Eastern Maine Medical Center were notified of a potential exposure of their protected health information. The portable hard drive that contained the sensitive information disappeared from its State Street facility in Bangor, […]
Aetna recently settled a class action lawsuit paying $17.2 million for a data breach last July. The breach involved sending letters to members when details of HIV medications became visible through the plastic windows of […]
This article compares the largest healthcare data breaches from 2015 to 2017. The past two years were record-breaking with respect to healthcare data breaches. What about 2017? The healthcare industry had a bad year on […]
CIOX Health is a medical record retrieval company that is suing the Department of Health and Human Services. The lawsuit concerns the restriction placed by HIPAA laws on the amount that providers can charge patients […]
Hancock Health in Indiana, Greenfield had a ransomware attack that forced hospital staff to use pen and paper to manually record patient health information. The hospital’s IT department tried to block the ransomware attack and […]
The Coplin Health Systems based in West Virginia had a potential PHI breach impacting 43,000 patients. The cause of the breach is an unencrypted laptop computer stolen from an employee’s vehicle. Coplin Health knew about […]
The computer network of Oklahoma State University Center for Health Sciences (OSUCHS) was accessed by an unauthorized individual resulting in the potential exposure of the billing information of Medicaid patients. OSUCHS discovered the security breach […]
Longs Peak Family Practice (LPFP) in Longmont, Colorado was attacked by ransomware. The hacker gained access to the systems of this family and sports medicine practice and encrypted some parts of its network. LPFP identified […]
NewSky Security researchers discovered a misconfiguration in over a thousand Lexmark printers that are accessible over the Internet. These are printers used by universities, businesses and the U.S. government. The misconfiguration is allowing unauthorized individuals […]
© Copyright 2018 Calculated HIPAA