HIPAA News

The HHS’ Office for Civil Rights received 37 reports of healthcare data breaches involving 500 or more records in August 2020. The number of breaches continued to be rather constant month-over-month, however, breached records in […]

There are 5 vulnerabilities with low- to medium-severity discovered in the Philips Clinical Collaboration Platform (Vue PACS). An attacker could exploit the vulnerability and influence an authorized user to perform unauthorized activities or disclose data […]

A recent joint cybersecurity alert published by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that a hacking group connected to the Iranian government was detected exploiting […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the newly released version of its tool for Security Risk Assessment (SRA). The Office of the National Coordinator for Health Information Technology […]

HealthAlliance Hospital and its health record management vendor, Ciox Health, are facing a lawsuit for refusing to give a widow the medical records of her deceased husband. In October 2020, the husband of Sherry Russell, […]

Inova Health System in Falls Church, VA is one of the healthcare companies that lately confirmed the impact of the Blackbaud ransomware attack on its company. The information contained in a backup donor database included […]

A Federal judge dismissed a potential class-action lawsuit that was filed in June 2019 against UChicago Medicine, the University of Chicago, and Google. The lawsuit was a response to an alleged breach of HIPAA Rules […]

The Baton Rouge Clinic located in Louisiana suffered a cyberattack at the beginning of July that made its email and phone system inaccessible and constrained its laboratory and radiology services. The ransomware attack caused systems […]

The National Insider Threat Awareness Month (NITAM) is being observed this September 2020 for the second time. The whole month, resources are being made accessible to point out the value of discovering, blocking, and reporting […]

Recently, the Center for Democracy and Technology (CDT) and the eHealth Initiative & Foundation (eHI) issued a draft of a consumer privacy framework for health data to deal with the loopholes in legal protections for […]

There is a growing number of healthcare providers that are confirmed to have experienced a data breach as a result of the Blackbaud ransomware attack. Four more healthcare providers sent breach notification reports in the […]

Northwestern Memorial HealthCare has reported the potential exposure of the personal data of persons who donated to Northwestern Memorial HealthCare in the past due to a Blackbaud ransomware attack fairly recently. An unauthorized man or […]

Konica Minolta Healthcare Americas Inc. is going to pay $500,000 as a financial penalty to bring to an end a case against Viztek LLC, its ex-subsidiary, to take care of False Claims Act violations in […]

The Society for Imaging Informatics in Medicine, the American College of Radiology, and the Radiological Society of North America published an advisory with regards to online medical presentations and the possibility of inadvertent exposure of […]

The Secretary Alex Azar of the HHS has a public health emergency declared in the states of Texas and Louisiana because of Hurricane Laura, and in California because of the continuing wildfires. HIPAA Rules continue […]

In 2019, Heritage Valley Health System in Beaver, PA filed a case against Nuance Communications in relation to the 2017 NotPetya malware attack. The case was dismissed by a federal judge in the US District […]

A cyberattack on Dynasplint Systems in Severna Park, MD resulted in the potential access or theft of personal and protected health information (PHI). The company  manufactures proprietary stretching gadgets for enhancing joint motion. The security […]

In June 2020, the web servers of Netsential based in Houston, TX was hacked resulting in the theft of roughly 270 gigabytes of information. The hacking group Distributed Denial of Secrets (DDoSecrets) published the stolen […]

A group of researchers from Harvard University investigated the technologies being used in COVID-19 home monitoring. A variety of technologies were created to cut down the possibility of being exposed to SARS-CoV-2 and diagnose signs […]

There were two critical vulnerabilities discovered in XenMobile Server / Citrix Endpoint Management (CEM). An unauthenticated attacker may exploit the vulnerabilities tracked as CVE-2020-8208 and CVE-2020-8209 to get access to the credentials of a domain […]

Technology and security consultant Jeremiah Fowler announced that the personal and health information of about 2.5 million patients were exposed on the internet. On July 7, 2020, two folders that contain the information were found […]

July had a big decrease in the amount of data breach reports involving at least 500 healthcare records. July had 36 data breach reports, which was 30.8% month-over-month less than June’s 52 breach reports. But […]

A database that contains the personal data of over 3.1 million patients was exposed on the internet and was eventually wiped out by the Meow bot. A security researcher named Volodymyr ‘Bob’ Diachenko found the […]

Behavioral Health Network (BHN), the biggest provider of behavioral health service in Western Massachusetts, has reported a malware attack on its computer systems which made its files inaccessible. BHN discovered the security breach on May […]

A phishing attack on the University of Maryland Faculty Physicians, Inc. (FPI) potentially resulted in the access of the protected health information (PHI) of the University of Maryland Medical Center (UMMC) patients by unauthorized people. […]

A ransomware attack on Owens Ear Center based in Fort Worth, Texas happened on May 28, 2020 that caused encryption of patient information. The encrypted device comprised patients’ healthcare records that enclosed data like names, […]

The healthcare system FHN based in Freeport, IL is sending notifications to some patients that an unauthorized individual has potentially accessed several employees’ email accounts from February 12 to February 13, 2020 resulting in the […]

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a high priority advisory to warn businesses of the threat of cyberattacks that use the Taidoor malware, which is a remote access Trojan […]

One more pharmacy chain made an announcement that looters stole the protected health information (PHI) of some of its customers in late May during a time of civil unrest. Between May 27 to May 30, […]

The clear decline in healthcare data breaches observed in May turned out to be temporary, with June having a big increase in data breaches. June had 52 breach reports submitted by HIPAA covered entities as […]

There was a vulnerability discovered in the Philips DreamMapper software program, which is a mobile application used to keep track of and take care of sleep apnea. The application is not for providing treatment to […]

A significant amount of proof shows that nation-state hacking groups are concentrating on attacking institutions engaged in COVID-19 study and vaccine development to steal data for the research programs in their own countries. In the […]

This week, the Federal Bureau of Investigation (FBI) released a (TLP:WHITE) FLASH advisory subsequent to a rise in attacks that involve the NetWalker ransomware. NetWalker is a fairly new ransomware risk that was identified in […]

CVS Pharmacy is notifying some patients about the loss of some of their private data and protected health information (PHI) after a number of incidents took place at its pharmacies from May 27, 2020 to […]

The U.S. Department of Justice (DOJ) indicted two Chinese nationals for hacking US firms and government institutions to steal sensitive data, which include COVID-19 research information. Allegedly, the hackers were operating under the command of […]

Cybercriminals are exploiting the latest integrated network procedures to do increased damaging DDoS attacks on US systems. Three network procedures were created to be used in devices like mobile phones, IoT devices nd Macs, which […]

The Federal judge dismissed the lawsuit filed versus Sarrell Regional Dental Center for Public Health Inc. because of a ransomware attack in July 2019 as a result of insufficient standing. Sarrell had recovered from the […]

The cybersecurity company Emsisoft based in New Zealand has published its ransomware statistics for 2020 that show there were at least 41 successful ransomware attacks on hospitals and other healthcare providers in the first half […]

The CVSS v3 base rating of vulnerability CVE-2019-5024 is 7.6 out of 10. This vulnerability was observed in Capsule Technologies SmartLinx Neuron 2 medical data collection devices using software program version 6.9.1. SmartLinx Neuron 2 […]

Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020. Third-party cybersecurity specialists assisted with the investigation to ascertain whether […]

The radiology practice Quantum Imaging and Therapeutic Associates in Pennsylvania announced that there were reports received regarding the non-physician personnel who allegedly shared with a Facebook group an x-ray photo of a male patient’s genitalia. […]

The Central California Alliance for Health found out that an unauthorized individual acquired access to several employees’ email accounts and possibly viewed or duplicated information in emails and file attachments. The healthcare provider detected the […]

A growing number of healthcare companies are confronted with legal action mainly because a ransomware attack had led to patient data theft. The Florida Orthopedic Institute in Florida, which is a big orthopedic provider, recently […]

Benefit Recovery Specialists, Inc., a billing and collection firm located in Houston, TX, reported finding malware on its networks, and unauthorized persons may have accessed some protected health information (PHI). BRSI as a business associate […]

The FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) issued a joint advisory recently regarding cybercriminals using The Onion Router (Tor) in their attacks. The U.S. Navy developed the Tor as a free, open-source […]

Several vulnerabilities were identified in the Apache Guacamole remote access system. Lots of companies employed Apache Guacamole to let administrators and employees access Windows and Linux devices remotely. The system became well-known during the COVID-19 […]

The U.S. National Security Agency (NSA) has released guidance to assist companies in securing IP Security (IPsec) Virtual Private Networks (VPNs) that are employed to permit employees to securely link to corporate networks to do […]

Healthcare Fiscal Management Inc. (HFMI) based in Wilmington, NC provides hospitals, physician groups and clinics with self-pay conversion and insurance eligibility services. HFMI encountered a ransomware attack that resulted in the exposure of the personal […]

OpenClinic GA has 12 vulnerabilities identified in its open-source integrated hospital information management system. Numerous hospitals and clinics use OpenClinic GA for managing financial, administrative, clinical, laboratory and pharmacy workflows. It is also used for medical […]

On July 1, 2020, implementation of the California Consumer Privacy Act (CCPA) of 2018 started. The CCPA was already effective starting on January 1, 2020, however, all businesses covered by the Act were granted a […]

Philips found an authentication bypass issue affecting Philips Ultrasound Systems. An attacker can potentially manipulate this problem to access or modify data. The vulnerability is set off by the existence of an optional path or […]

May 2020 had a noticeable drop in the reports of healthcare data breaches as 28 data breaches involving 500 or more records were submitted to the HHS’ Office for Civil Rights. This number is the […]

Landmark Hospital of Athens based in Georgia suspended three staff members who are alleged of viewing, copying or exposing patient records. The likely HIPAA breach can be associated to a legal case that four nursing […]

American Medical Technologies based in Irvine, CA, a provider of wound care solutions and medical supplies, reported that an unauthorized person accessed the email account of an employee and most likely viewed and copied the […]

Sunrise Treatment Center located in Cincinnati, OH is notifying 3,660 patients about the potential unauthorized access of some of their protected health information (PHI) contained in an employee’s email account. The breach happened on February […]

The Senate Health, Education, Labor, and Pensions (HELP) Committee is thinking about what must be retained of the 31 latest changes to telehealth policies once the COVID-19 national public health crisis ends. The interim modifications […]

On June 16, 2020, The National Association of Attorneys General (NAAG) sent a letter to Apple and Google to communicate issues regarding consumer privacy connected to COVID-19 contact tracing along with exposure notification programs. NAAG […]

There were 19 zero-day vulnerabilities identified in the TCP/IP communication software library that Treck Inc. developed. Innumerable connected devices throughout practically all industry sectors, which include healthcare, were affected. Treck is a company based in […]

The University of Utah Health encountered another phishing attack that led to the exposure of the protected health information (PHI) of 2,700 patients. For the third time this year, the University of Utah had a […]

Cano Health, a population health management company and healthcare provider based in Florida, discovered that an unauthorized person accessed the email accounts of three employees by setting up a mail forwarder the email accounts and […]

There is an upcoming virtual event to be hosted on June 23, 2020 to assist managed service providers (MSPs) in facing the obstacles of operations during these difficult times. COVID-19 has compelled companies in all […]

A warning issued by the DHS Cybersecurity and Infrastructure Security Agency (CISA) stated that there is a functional proof of concept (PoC) exploit associated with a critical remote code execution vulnerability identified in the Microsoft […]

The Everett & Hurite Ophthalmic Association (EHOA) refers to a group of ophthalmology experts offering their services in Pittsburgh & Warrendale, PA. EHOA discovered an unauthorized person had accessed the email account of an employee […]

The Commonwealth of Kentucky Personnel Cabinet has reported two data breaches that happened from late April to Early May. Because of the attacks, the protected health information (PHI) of about 1,000 members of the Kentucky […]

St Joseph Health System in North Central Indiana is sending notifications to patients regarding the exposure of some of their protected health information (PHI) due to unauthorized viewing. The breach did not occur at St […]

Healthcare provider Kaiser Permanente based in Oakland, CA discovered that a former staff gained access to the radiology information of many patients without permission for a period of 8 years. Kaiser Permanente knew about the […]

The FBI and the Cybersecurity and Infrastructure Security Agency lately made a joint public service announcement explaining the 2016 to 2019 top 10 most exploited vulnerabilities. Advanced nation state hackers exploit these vulnerabilities to target […]

A Russian hacking gang referred to as Sandworm (Fancy Bear) is exploiting an Exim Mail Transfer Agent vulnerability. The flaw, labeled as CVE-2019-10149, is a remote code execution vulnerability that was brought in in Exim […]

The HHS’ Office of Inspector General (OIG) has issued a tactical plan for monitoring the COVID-19 response and recovery work of the Department of Health and Human Services. OIG is going to evaluate how good […]

Mat-Su Surgical Associates based in Palmer, AK made an announcement that it encountered a ransomware attack in March. The staff discovered the attack on March 16 after being locked out of the computer systems because […]

Four Senators wrote to the Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) because of the latest notification telling COVID-19 research organizations that hackers associated with China are doing […]

Advanced Persistent Threat (APT) groups keep on targeting healthcare companies, research groups, pharmaceutical firms, and other organizations actively helping during the COVID-19 crisis. That is why, the United Kingdom and the United States cybersecurity authorities […]

In April 2020, 37 healthcare data breaches involving at least 500 records were reported That number is only one more than the number of breaches in March and is still lower than the average number […]

Lurie Children’s Hospital of Chicago is dealing with lawsuits regarding two privacy breaches which involved employees accessing the healthcare records of patients with no permission. The legal action was filed on behalf of a mom […]

Mille Lacs Health System based in Onamia, Mn has suffered a phishing attack that possibly exposed more than 10,000 patients’ protected health information (PHI). A number of employees of Mille Lacs Health System got phishing […]

Two privacy bills were presented in relation to the COVID-19 contact tracing apps which Congress is currently considering. Republican and Democratic lawmakers introduced contending bills that have several common ground and hope to accomplish the […]

Companies that encounter a ransomware attack might be enticed to pay the ransom demand to minimize downtime and expenses on recovery, however a Sophos survey indicates companies that pay the ransom in reality turn out […]

Management and Network Services (MNS), LLC based in Dublin, OH provides post-acute healthcare companies with administrative support services. The email accounts of some MNS employees were found to have been compromised. MNS explained in a […]

Organizations engaged in researching SARS-CoV-2 and COVID-19 received warning that hackers associated with the Peoples Republic of China (PRC) are targeting their organizations, consequently, they need to take steps to safeguard their systems from any […]

Saint Francis Healthcare Partners in Connecticut is informing 38,529 patients about the potential compromise of some of their protected health information (PHI) due to a sophisticated cybersecurity incident that permitted an unauthorized person to access […]

Business email compromise scammers from Nigeria were found targeting COVID-19 research institutions, pandemic response agencies, and government healthcare organizations to get falsified wire transfer payments and install malware. Palo Alto Networks’ Unit 42 team researchers […]

COVID-19 has compelled a lot of organizations to quickly implement a work from home scheme for employees, which resulted in new possibilities for cybercriminals to execute attacks. Cyberattacks on remote employees have grown considerably at […]

The HHS’ Office for Civil Rights (OCR) issued guidance to remind healthcare providers that under the HIPAA Privacy Rule, the media and film crews are not allowed to access healthcare facilities where patients’ protected health […]

A number of healthcare companies were impacted by a strange data breach at STAT Informatics Solutions, LLC based in Waupaca, WI. STAT provides a number of healthcare companies with secure medical records services which include […]

The Department of Health and Human Services is slow in responding to the high priority recommendations of the Government Accountability Office (GAO). Of the 54 high priority recommendations specified in a GAO report in March […]

The number of reported healthcare data breaches decreased in March 2020 by 7.69%. The number of breached records also decreased by 45.88%. In March, there were 36 healthcare data breaches involving 500 and up records […]

Parkview Medical Center located in Pueblo, Colorado is recouping from a ransomware attack which began on April 21, 2020. Several IT systems were deactivated because of the attack. The Meditech electronic medical record system of […]

The World Health Organization (WHO) is a well-known organization that is fighting COVID-19. Cybercriminals and hacktivists have escalated attacks on WHO as it addresses the COVID-19 pandemic. WHO receives five times more attacks now as […]

The American Hospital Association (AHA) and the American Medical Association (AMA) have made a joint cybersecurity guidance for work at home doctors during the COVID-19 outbreak so that they would be guided in keeping their […]

A Federal judge gave the final approval of the proposed settlement by Banner Health for a class-action lawsuit filed over its 3.7 million-record data breach last 2016. The proposed settlement having an amount of $8.9 […]

The HHS’ Office of Inspector General (OIG) recommended a rule last Tuesday that make changes to civil monetary penalty guidelines to also cover information blocking. If implemented, the new CMPs for information blocking will be […]

The FBI has given a new alert after a surge in COVID-19 phishing scams directed at healthcare companies. In the advisory, the FBI clarifies that on March 18, 2020 network perimeter cybersecurity programs utilized by […]

The Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) gave an advisory to all companies that use Pulse Secure VPN servers regarding the likelihood of not preventing cyberattacks even after patching vulnerabilities. CISA is […]

A phishing attack on Aurora Medical Center-Bay Area in Marinette, WI on January 1, 2020 resulted in the exposure of some protected health information (PHI) of 27,137 patients. A number of Aurora Medical Center employees […]

Beaumont Health, Michigan’s biggest healthcare system, announced the potential compromise of patient data located in email messages and file attachments because unauthorized persons gained access to some employees’ email accounts. Beaumont Health discovered the email […]

On April 15, 2020, Microsoft issued updates to resolve 113 vulnerabilities that affected its operating systems and software products, including 19 critical vulnerabilities. The updates this month consist of fixes for no less than 3 […]

Microsoft introduced a patch to address a critical vulnerability impacting Microsoft Exchange Servers which threat actors could potently exploit to have complete command of a vulnerable system. In spite of the warning of Microsoft that […]

The HHS has released a Notice of Enforcement Discretion that is applicable to healthcare organizations and business associates that get involved in the operations of COVID-19 community-based testing areas. According to the terms of the […]

The McHenry County Health Department in Illinois were not providing 911 dispatchers with the names of COVID-19 patients to safeguard patient privacy, just as what they do with patients that caught other infectious diseases like […]

A ransomware attack on Brandywine Urology Consultants based in Delaware on January 25, 2020 resulted in the encryption of files stored on its servers and computer systems. The scope of the attack was limited and […]