HIPAA News

Rapid 7 researchers found four vulnerabilities in Baxter and Sigma Spectrum infusion pumps. These devices are employed to supply patients with medications and nutrition. These TCP/IP enabled-devices are typically linked to healthcare networks. Vulnerabilities can […]

The healthcare provider based in Morristown, VT, Lamoille Health Partners, is dealing with a class action lawsuit because of a ransomware attack in June 2022 that impacted approximately 60,000 patients. Lamoille Health Partners discovered the […]

The HHS’ Office of Inspector General (OIG) has required the Health Resources and Services Administration (HRSA) to enhance supervision of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN). The OPTN is a nationwide […]

Five vulnerabilities were found in CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor of Contec Health. A threat actor could exploit the vulnerabilities to carry out a denial-of-service attack, gain access to a root shell, […]

CorrectHealth Notifies 54,000 Patients About the Email System Breach in November 2021 CorrectHealth based in Alpharetta, GA is sending notifications to patients regarding a breach of its email accounts. The security breach was identified on […]

The Health Sector Cybersecurity Coordination Center (HC3) is alerting the healthcare and public health sector (HPH) regarding one of the ablest and hostile cybercrime syndicates presently active – Evil Corp. The group works from Russia […]

Avamere Holdings based in Wilsonville, OR, a provider of home health care services and operator of a nursing home, is dealing with a class action lawsuit due to a serious data breach that impacted 96 […]

EmergeOrtho, an orthopedic practice in North Carolina, has just informed 75,200 patients that unauthorized individuals accessed some of their protected health information (PHI). As per the substitute breach notice posted by EmergeOrtho, the practice detected […]

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released an alert to the Healthcare and Public Health Sector (HPH) regarding a fairly new ransom threat group named Karakurt, which […]

Humana & Cotiviti have decided to resolve a class action lawsuit and the claims from people impacted by a data breach in 2020 that compromised the protected health information (PHI) of 64,654 people. Humana had […]

Onyx Technologies based in Largo, MD, a company offering Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), recently informed 96,814 health plan members about the potential compromise of some […]

July 2022 had 66 healthcare data breaches affecting 500 and up records reported to the Department of Health and Human Services Office for Civil Rights. This figure is 5.71% less than the 70 data breach […]

A digital marketing and analytics company based in Idaho filed a lawsuit against the Federal Trade Commission for allegedly violating the Federal Trade Commission (FTC) Act with its data practices. Kochava’s principal business unit offers […]

Practice Resources based in Syracuse, NY provides billing and other professional services. It encountered a data breach that affected the data of 942,138 persons. The breach notification provided to the California Attorney General indicated that […]

The health plan provider Priority Health based in Michigan has reported that it was affected by a data breach that occurred at a business associate, the law agency Warner Norcross & Judd (WNJ). Steps were […]

The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a joint security advisory concerning the extensive attack on organizations in the healthcare and medical sectors by the […]

The American Data Privacy and Protection Act (ADPPA) presented in June was considerably revised in just a few days. Then, last month there was a new draft of ADPPA law presented having more changes. The […]

Zenith American Solutions, the Sound Health and Wellness Trust’s third-party manager, recently advised people regarding a mailing error that compromised their Social Security numbers of the people. Based on the breach notification, the company sent […]

Salinas Valley Memorial Healthcare System based in California has decided to negotiate a class action lawsuit by paying $340,000 to settle claims from patients impacted by the email security breach in 2020. From April 30, […]

Additional information was recently published regarding two cyberattacks on healthcare companies: Behavioral Health Group and Goodman Campbell Brain and Spine. Behavioral Health Group Reports Potential Compromise of Patient Data in December 2021 Cyberattack Behavioral Health […]

Dental Care Alliance decided to resolve a class action lawsuit filed due to a data breach that affected approximately 1.7 million people. A $3 million fund was reserved to cover claims from persons impacted by […]

Fast Track Urgent Care, an urgent healthcare clinic network in Florida, has announced that the protected health information (PHI) of 258,411 persons was exposed and possibly stolen due to a ransomware attack on PracticeMax, a […]

Meta is dealing with one more class action lawsuit because of the illegal collection and disclosure of health information with no content. The Northern District of California received the filed lawsuit on behalf of the […]

A big data breach was reported that has impacted many healthcare, senior living and rehabilitation centers in Arizona, Oregon, Nevada, Colorado, Utah, and Washington, which are managed by organizations that belong to the group Avamere […]

Almost all Americans are confident regarding their understanding of cybersecurity as per the latest AT&T study of 2,000 People in America. Nevertheless, bad cyber hygiene and poor password strategies remain a usual thing. OnePoll performed […]

Cybercriminals are increasingly attacking business associates of HIPAA-covered entities because of the ease of accessing the systems of a number of healthcare providers. To help healthcare delivery organizations (HDOs) manage the situation, the Cloud Security […]

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released information to assist healthcare companies to be protected against web application attacks. In recent years, web applications have increased in […]

Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has just confirmed that a data breach at a business associate resulted in the exposure of the protected health information (PHI) of a number of its health […]

In June 2022, 70 healthcare data breaches involving 500 or higher records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR). This number is two less than May and […]

The National Institute of Standards and Technology (NIST) has made updates to its guidance for HIPAA-covered entities on enforcing the HIPAA Security Rule to better secure patients’ personal data and protected health information (PHI). The […]

The Methodist Hospitals Inc decided to resolve a class action lawsuit and allocated a $425,000 fund for claims filed by victims in relation to a data breach in 2019 that impacted about 70,000 patients. The […]

A new Phishing by Industry Benchmarking Report showed that giving security awareness training to the employees considerably lowers risks to phishing attacks. KnowBe4 conducted the study to find out how helpful security awareness training is […]

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has reported that Oklahoma State University – Center for Health Sciences (OSU-CHS) has decided to negotiate a HIPAA investigation arising from the […]

Health Aid of Ohio has decided to resolve a class action lawsuit to handle claims concerning its inability to secure the sensitive personal data of its clients. Health Aid of Ohio based in Parma, OH […]

The HHS’ Office for Civil Rights has lately released guidance to healthcare companies after the overturning of Roe v. Wade subsequent to the SCOTUS Dobbs v. Jackson Women’s Health Organization judgment, which took away the […]

The Federal Bureau of Investigation (FBI), the Department of the Treasury, and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint security advisory to the healthcare and public health industry about the risk of Maui […]

Google has stated that it is going to take steps to improve privacy protections for end users of its services. Google has always recommended an extensive, national privacy law covering consumer data to make sure […]

The Department of the Treasury, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity warning regarding the MedusaLocker ransomware. The MedusaLocker […]

Senators Cory Booker (D-NJ), Ron Wyden (D-OR), and Elizabeth Warren (D-MA) have written to two prominent mental health app companies and sought responses regarding their practices on data collection and sharing. There were several reports […]

The Government Accountability Office (GAO) has advised the Department of Health and Human Services (HHS) to create a feedback system to enhance the efficiency of its data breach reporting procedure. The Health Information Technology for […]

Hearst Health subsidiary, MCG Health based in Seattle, is facing multiple class-action lawsuits due to a data breach that impacted approximately 10 healthcare companies such as Lenoir Health Care, Indiana University Health, Jefferson County Health […]

Acorda Therapeutics Reports Email Account Breach The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments […]

University of Pittsburgh Medical Center has made the decision to negotiate a class action data breach lawsuit. It will set aside $450,000 to pay for claims from persons who have had losses because of the […]

PHI of Approximately 69,000 Persons Compromised in Comstar Hacking Incident Comstar based in Rowley, MA provides ambulance invoicing, collection, ePCR Hosting, and client/patient services. It found out that an unauthorized third-party acquired access to selected […]

Recently, Central Florida Inpatient Medicine (CFIM) based in Lake Mary, FL has found that an unauthorized person has accessed the email account of a staff member. The compromised emails and file attachments may contain the […]

A new bill has been launched by Sen. Elizabeth Warren (D-MA) that wishes to prohibit data brokers from selling the health and location information of Americans. The bill called The following senators co-sponsored the Health […]

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients due to a data breach that occurred at Eye Care Leaders, its electronic medical record provider. […]

Shields Health Care Group is facing a class-action lawsuit over the 2 million-record data breach it recently announced. This is the largest healthcare data breach ever reported for this year. Shields Health Care Group is […]

Yuma Regional Medical Center (YRMC) based in Arizona has stated that it suffered a ransomware attack in April. The threat actors obtained the protected health information (PHI) of around 700,000 current and past patients. Based […]

The 2022 State of Ransomware Report published by cybersecurity firm Sophos revealed that ransomware attacks on healthcare providers increased by 94% year over year. The report based its information on a worldwide survey participated by […]

Atlassian has announced a patch to correct a critical zero-day vulnerability that impacts all supported versions of Confluence Server and Data Center. The vulnerability, which is tracked as CVE-2022-26134 has a maximum CVSS severity score […]

There is a new zero-day vulnerability discovered that impacts a Windows tool like Follina. Although there’s no information if the vulnerability was exploited in the wild, it is possible to exploit it. The recent attention […]

Five vulnerabilities were discovered in the Illumina Local Run Manager (LRM), which is utilized by Illumina Researcher Use Only (ROU) instruments and Illumina In Vitro Diagnostic (IVD) devices. The impacted instruments are employed for clinical […]

The law firm Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in association with a breach of the personal records of […]

A New York Federal Judge dismissed a class-action lawsuit filed against Alliance HealthCare Services and NorthEast Radiology PC because of a data breach that compromised the protected health information (PHI) of above 1.2 million people […]

BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email […]

A recent study conducted by Source Defense analyzed the risks related to using third- and fourth-party codes on online sites. They found that all modern, active websites had code that can be targeted by attackers […]

Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and […]

Researchers found out that a misconfigured AWS S3 bucket is exposing information. This cloud storage is owned by Breastcancer.org, a breast cancer support charity located in Ardmore, PA. SafetyDetectives learned that the unsecured AWS bucket […]

After four consecutive months of decreasing figures of data breaches, reported data breaches increased by 30.2%. In April 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 56 data breaches […]

Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT […]

Based on the latest security advisory released by the Five Eyes Cybersecurity agencies in the U.K., U.S., Australia, Canada, and New Zealand, the most frequent attack vectors cyber threat actors use for preliminary access to […]

The medical equipment organization NuLife Med LLC based in Manchester, NH, has just announced that it encountered a cyberattack in March 2022. It discovered suspicious network activity on or approximately March 11, 2022, and took […]

The nonprofit health system Christus Health based in Irving, TX operates over 600 healthcare establishments in Arkansas, Texas, New Mexico, and Louisiana. It has been reported recently that it discovered suspicious activity with its computer […]

Unauthorized persons have acquired access to the computer systems of Eye Care Leaders, which is an electronic health records and patient management software solutions provider for eye care clinics. On or around December 4, 2021, […]

The tactics, techniques, and procedures (TTPs) employed by ransomware and other cyber attackers are always changing to elude identification and enable the groups to carry out more successful attacks. The Department of Health and Human […]

A new bill was presented to address the issue of cybersecurity of medical devices that will necessitate makers of medical devices to satisfy particular minimum criteria for cybersecurity with regard to the complete lifecycle of […]

Class action lawsuits were lately filed against Oregon Anesthesiology Group and Partnership Health Plan in Northern California because of ransomware attacks that resulted in the theft of sensitive patient/plan member information. Partnership Health Plan of […]

Healthplex Inc., one of the largest dental insurance providers located in New York state, has announced the compromise of an employee’s email account during a phishing attack on November 24, 2021. Upon discovery of the […]

The National Institute of Standards and Technology (NIST) released an updated version of the cybersecurity supply chain risk management (C-SCRM) guidance to aid businesses in developing an effective plan for identifying, evaluating, and responding to […]

Making and remembering long, complicated passwords is hard for many individuals, and it is made even more difficult because of the need to make passwords to protect several accounts – A study by NordPass advises […]

May 5, 2022 is World Password Day. This event was established in 2013 and is observed every first Thursday of May with the objective of bettering understanding of the value of using complex and unique […]

The Five Eyes security agencies, a group of intelligence agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom have released a joint advisory regarding the 15 vulnerabilities in software programs and […]

Smile Brands located in Irvine, CA offers support services for dental clinics. It just gave a new report on the number of persons affected by a ransomware attack, which was uncovered on April 24, 2021. […]

The five eyes cybersecurity agencies have lately published a joint security advisory regarding the danger of cyberattacks on critical infrastructure carried out by pro-Russia cybercriminal groups and Russian nation-state threat actors. Intelligence collected by the […]

Georgia Pines CSB and Ballard Health recently reported security breaches that affected the protected health information (PHI) of 28,295 people. Ballad Health Finds Breach Involving Employee Email Account Ballard Health, an integrated community health improvement […]

The Federal Bureau of Investigation (FBI) has given a TLP: WHITE flash notification regarding the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also called ALPHAV, which began in November 2021. It was released immediately after the shutdown […]

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has released a TLP: White alert concerning the Hive ransomware gang – A specifically hostile cybercriminal operation that has substantially attacked the healthcare […]

For the fourth month now, there has been a drop in the number of reported healthcare data breaches. March 2022 had 43 healthcare data breaches involving 500 and up records reported to the U.S. Department […]

Newman Regional Health (NRH), which manages a 25-bed critical access hospital located in Emporia, KS, has lately begun informing 52,224 individuals that unauthorized persons have acquired access to selected employee email accounts containing protected health […]

Legal action was taken versus the in-home respiratory care company, SuperCare Health, because of a cyberattack and information breach report sent to the Department of Health and Human Services as of March 28, 2022. The […]

Resources for Human Development Breach Impacts 46,673 Persons Resources for Human Development (RHD), a national human services non-profit group based in Philadelphia, PA, has recently reported the theft of a hard drive that contains the […]

There were five zero-day vulnerabilities found in Aethon TUG autonomous mobile robots, which hospitals around the world use for transporting products, medicines, and other medical items. Hospital robots are alluring targets for hackers. When access […]

Due to the latest data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) gave an alert regarding the risk of phishing attacks utilizing this email marketing service. […]

The U.S. Food and Drug Administration (FDA) has released new draft guidance to help medical device companies integrate cybersecurity features into their merchandise at the premarket phase, and to make sure safety risks are taken […]

Charleston Area Medical Center Breach Had 54,000 Victims Charleston Area Medical Center (CAMC) located in Charleston, WV, has just announced a phishing attack that allowed unauthorized individuals to get access to the email accounts of […]

SuperCare Health based in Downey, CA, a provider of post-acute, in-home respiratory care in the Western United States, recently began informing 318,379 individuals about the exposure of some of their protected health information (PHI) and […]

Two remote code execution vulnerabilities were discovered in the Spring platform – a well-known application framework utilized by software creators for quickly creating Java apps. Proof-of-concept exploits for the two vulnerabilities can be found in […]

An audit of Health Insurance Exchange of Connecticut, Access Health CT, by the state auditor indicated that Access Health CT experienced 44 data breaches in the period of 3.5 years and did not completely report […]

Partnership Health Plan of California Getting back from Alleged Ransomware Attack The nonprofit managed care health plan based in Fairfield, CA, Partnership Health Plan of California (PHC), experienced a cyberattack that resulted in the shut […]

$7 Billion Lost Every Year Because of Fraud Rep. Ted Archer explained a Congressional Report to the House Ways and Means Committee in March 1996. The report exposed the degree of abuse and fraud in […]

Conti Ransomware Gang Owns Responsibility for CSI Laboratories Cyberattack Cytometry Specialists, Inc. also known as CSI Laboratories in Alpharetta, GA, has lately announced that it encountered a cyberattack that was noticed on February 12, 2022. […]

$50,000 Civil Monetary Penalty Paid by Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), dental practice managing offices in Monroe and Charlotte, NC after a […]

Horizon Actuarial Services and the Clinic of North Texas have just announced breaches of the protected health information (PHI) of patients and plan members. Data Theft and Extortion Incident at Horizon Actuarial Services Horizon Actuarial […]

Two bipartisan senators introduced a new bill that aspires to enhance the cybersecurity of the healthcare and public health (HPH) industry, in consideration of the current White House alert about the growing danger of Russian […]

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has published its 2021 Internet Crime Report, which shows that critical infrastructure organizations had about 649 ransomware attacks between June 2021 and December 2021. […]

Present Biden has released an alert regarding the growing threat of cyberattacks conducted by Russian state-sponsored hackers due to the economic sanctions enforced on the country as a reply to the attack on Ukraine. President […]

For the 3rd consecutive month, there is a decrease in the number of data breaches submitted to the HHS’ Office for Civil Rights (OCR). February had 46 healthcare data breaches involving 500 and up records […]

A woman was sentenced to 15 months imprisonment for being involved in a plan to defraud patients of a medical clinic based in Metairie, LA. In 2015, three persons were captured in association with the […]

The U.S. Department of Justice (DOJ) has reported the settlement agreed with the healthcare services company, Comprehensive Health Services (CHS) located in Cape Canaveral, FL to resolve alleged False Claims Act violations. This is the […]