HIPAA News

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) and Microsoft launched a new project to create guidance on the development and implementation of an effective patch management strategy. After […]

A new report from Emsisoft, a New Zealand-based cybersecurity company, exposed the magnitude of ransomware usage in cyberattacks in America. 2019’s first 9 months had 621 reports of ransomware attacks on government agencies, healthcare companies, […]

The 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs) has been published by Gartner. It includes a study of the healthcare cloud market and points out how the cloud may be […]

A new Proofpoint report provides ideas on the cyber threats that healthcare companies run into and the most prevalent attacks that bring about healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report reveals the evolving threat […]

Hunt Regional Healthcare based in Texas learned that a May 2018 cyberattack was more extensive than earlier thought. The FBI informed Hunt Regional on May 14, 2019 that an advanced, targeted cyberattack hit its systems […]

The University of Texas at Austin McCombs School of Business introduced a special healthcare-specific professional cybersecurity certificate program. The professional leadership and educational program is the first healthcare targeted cybersecurity certification program to be made […]

Three of DCH Health System’s hospitals in Alabama were forced not to accept new patients other than those in a critical state due to a ransomware attack. The staff in DCH Regional Medical Center in […]

CHI Health in Omaha, NE, a 14-hospital health system, had a ransomware attack, which led to the potential exposure of the protected health information (PHI) of close to 48,000 patients. CHI Health became aware of […]

On behalf of Kaspersky Lab, a B2B International survey recently performed confirmed there is an increase in the average expense of a data breach at the enterprise-level from $1.23 million (2018) to $1.41 million. The […]

Cancer Treatment Centers of America (CTCA) is informing some patients about the exposure of their protected health information (PHI) because of a phishing-related email security breach at its Southeastern Regional Medical Center, which happened on […]

There has been an increase in the number of business email compromise (BEC) attacks in the United States. According to Symantec, an average of 6,029 businesses received BEC emails in the last 12 months and […]

The Department of Health and Human Services’ Office for Civil Rights consented to a negotiation with Elite Dental Associates concerning its HIPAA violation case relating to the impermissible disclosure of protected health information (PHI) of […]

Armis Security researchers found 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, which is a third-party software part utilized in some medical devices and hospital networks. The DHS Cybersecurity and Infrastructure Security Agency (CISA) received […]

North Florida OB-GYN located in Jacksonville, FL found out that hackers acquired access to selected parts of its computer system holding personal and health information of patients and infected the system with a virus that […]

A damaging ransomware attack on Wood Ranch Medical in Simi Valley, CA caused its irreversible shutting down on December 17, 2019. The attack took place on August 10, 2019 and the ransomware corrupted the servers. […]

Sen. Rand Paul, M.D., (R-Kentucky) has announced a new bill that tries to once and for all take away the HIPAA national patient identifier provision considering the privacy problems in using such a system. At […]

Dr. Ulrich Klopfer operated three abortion clinics in Indiana, but the clinics were closed down upon the suspension of his license in 2015. After his passing away on September 3, 2019, his family members discovered […]

The Department of Health and Human Services (HHS) is banned from expending any of its funds for the creation and launch of a national patient identifier, although there was anticipation that the prohibition will eventually […]

Starting October 1, 2019, medical insurance companies and related services must inform the Maryland Insurance Administration (MIA) in case a breach of insureds’ personal data occurs. The change in legislation is applicable to health plans, […]

Philips IntelliVue WLAN firmware had been found to have two vulnerabilities that affected some IntelliVue MP monitors. The vulnerabilities can be exploited by hackers to install malicious software that could have an effect on data […]

A ransomware attack on Campbell County Health located in Gillette, WY resulted in the disablement of hospital systems, which prevented access to patient information. The attack began in early in the morning of September 20, […]

Based on a recent investigation by ProPublica, Bayerischer Rundfunk (a German public broadcaster), and Greenbone Networks (vulnerability and analysis firm, 24.3 million medical images in medical image storage systems are publicly accessible on the internet […]

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices. Mobile devices permit personnel to […]

A phishing attack on East Central Indiana School Trust (ECIST) resulted in the exposure of some protected health information (PHI) of over 3,200 people. On May 19, 2019, an ECIST employee was misled into sharing […]

According to the Global Connected Industries Cybersecurity Survey conducted by Irdeto, a Swedish software company, 82% of healthcare companies utilizing Internet-of-Things (IoT) devices were attacked via one of those devices in the past year. Irdeto […]

The Office of Management and Budget (OMB) submitted its annual audit report to Congress concerning the cybersecurity status of federal agencies, as ordered by the Federal Information Security Modernization Act of 2014 (FISMA). OMB examined […]

A new research study published in JAMA Network Open revealed that many patients are okay with sharing their EHR data and biospecimens for research purposes; however, the majority of patients would like to limit the […]

When healthcare providers encounter a data breach, breach victims will naturally be annoyed and upset. People provide their data to healthcare organizations with the understanding that they implement safeguards to protect that information. Whenever patients […]

A phishing attack on Artesia General Hospital in Artesia, NM resulted to the compromise of 13,905 patients’ protected health information (PHI). The hospital detected the breach on June 18, 2019 when it was discovered that […]

The agency assigned to implement HIPAA compliance is the Department of Health and Human Services’ Office for Civil Rights. Only a handful of HIPAA violations were issued financial penalties prior to 2016. Then, the number […]

The last phishing attack on Bonita Springs, an NCH Healthcare System based in Florida, highlighted the great importance of providing healthcare employees with security awareness training. Bonita Springs detected the attack on June 14, 2019 […]

On June 26, a University of Chicago Medical Center (UCMC) patient filed legal action against UCMC and Google with regards to an alleged privacy violation involving the disclosure of protected health information (PHI) without de-identifying […]

A phishing attack on NCH Healthcare System in Naples, FL resulted in the exposure of patient information. NCH Healthcare knew about the suspicious activities on its payroll system on June 14, 2019. A third-party computer […]

The Swedish Data Protection Authority (DPA) issued its first financial penalty for a General Data Protection Regulation (GDPR) violation. A high school in Skellefteå was issued a 200,000 SEK fine (€19,000/$21,000) for conducting a pilot […]

An unsecured database online contains the personal data of individuals who exhibited an interest in Vascepa®, a cholesterol drug that Amarin Pharma manufactures. The database contained information including complete names, telephone numbers, email addresses, home […]

Massachusetts General Hospital (MGH) discovered recently the unauthorized access of the computer applications utilized by its Department of Neurology researchers. The person behind the breach could potentially access the protected health information (PHI) of around […]

Nuvance Health informed some Western Connecticut Health Network (WCHN) patients concerning their protected health information (PHI) exp. CHN sent to the Connecticut State Department of Public Health a package of medical documents on June 11, […]

The healthcare industry is being attacked with more data breaches. Why do hackers want to target the healthcare industry? FireEye came up with a new report to provide answers to this question. FireEye researchers analyzed […]

The Western District of Wisconsin US District Court has partly dismissed the class-action data breach lawsuit that UnityPoint Health is facing. In February 2018, employees of UnityPoint Health received phishing emails and responded to them. […]

A database which comprises of the personal information of men and women who expressed interest in Vascepa®, a cholesterol drug manufactured by Amarin Pharma, was exposed online. The database, which a third party vendor maintained, […]

Florida’s Integrated Regional Laboratories (IRL) is informing about 30,000 patients regarding the potential compromise of their protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) data breach, which was discovered […]

medRxiv, a health manuscript archiving firm, recently conducted a study which revealed the prevalent noncompliance with the HIPAA right of access. The researchers of this study mailed 51 healthcare providers requesting for medical record and […]

Eye Care Associates, a fully integrated eye care provider in the northeast Ohio region, had a ransomware attack in late July which led to the inaccessibility of its computer systems. Two weeks after the attack, […]

The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock […]

Because of a phishing attack on April 2019, the University of Missouri Health Care (MU Health) is charged with a lawsuit. MU Health found out on May 1, 2019 the one week unauthorized access of […]

Allscripts Healthcare Solutions proposed a preliminary settlement to resolve the violations of HIPAA, the Anti-Kickback Statute and the electronic health record (EHR) incentive program of the HITECH Act by the electronic health record (EHR) firm […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital had a ransomware attack which affected over 500,000 patients living in Bayamón, Puerto Rico. A press release on July 19, 2019 explained the discovery by […]

Bayamón Medical Center and Puerto Rico Women and Children’s Hospital were attacked by ransomware, which affected more than half a million patients from Bayamón, Puerto Rico. A press release on July 19, 2019 mentioned the […]

Businesses governed by HIPAA regulations need to be mindful whenever using emergency text notification systems and ensure not to disclose Protected Health Information (PHI) without authorization. It can be quite difficult to adhere to HIPAA […]

The Department of Veteran Affairs Office of Inspector General (VA OIG) inspected a California VA medical center recently and found security vulnerabilities linked to medical device workarounds as well as non-compliance with Veterans Health Administration […]

The healthcare industry has had a particularly bad first six months. The many reports of data breaches and the volume of healthcare records exposed every day are very concerning. The trend this 2019 is over […]

A HIPAA business associate from Madison Heights, MI, Northwood Inc., reported hacking of one of its employee’s email account and potential viewing or acquisition of sensitive patient information. Northwood Inc knew about the breach on […]

The first GDPR data breach fine has been issued by Authoriteit Persoonsgegevens, the GDPR data protection authority in the Netherlands, to Haga Hospital in the Hague. The hospital is to pay a GDPR fine of […]

Patients of Wise Health System in Decatur, TX received notification regarding the potential exposure of their protected health information (PHI) because of a phishing attack. About 35,899 patients were affected by the breach. The phishing […]

The 2019 Cost of a Data Breach Report of Ponemon Institute/IBM Security has been published. It is a detailed study of the reported data breaches in 2018. It revealed the continuous increase of data breach […]

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its […]

Equifax has decided to resolve its federal data breach case by paying at least $575 million. The settlement could possibly go up to $700 million plus the need to make significant improvements to its security […]

Edgepark Medical Supplies (EMS) discovered on May 13, 2019 that an unauthorized person access the account of some of its customers accounts and altered their addresses causing a redirection of their orders to different delivery […]

Idaho is giving patients new rights as hospitals implement the new rules. The Idaho Department of Health and Welfare (IDHW) is implementing the rules which began July 1, 2019. IDHW stated that patient advocacy groups […]

Just a few days after expressing the intention to issue a penalty to British Airways the amount of £183 million ($230 M) for its 383-million records breach, the United Kingdom’s Information Commissioner’s Office (ICO) is […]

Adirondack Health Vermont notified about 25,000 patients regarding the potential exposure of their protected health information (PHI) due to hacking. The potentially compromised information include the patients’ names, birth dates, healthcare insurance member numbers or […]

The U.S. Department of Health and Human Services (HHS) Secretary has declared a partial waiver of HIPAA sanctions and penalties in Louisiana because of the damage that Tropical Storm Barry likely caused when it hit […]

UK Information Commissioners Office (ICO), which is the GDPR supervisory authority, issued the biggest GDPR penalty to British Airways amounting to £183.39 million or $228 million for failure to employ security controls that led to […]

Premera Blue Cross agreed to pay $10 million to settle a multi-state data breach lawsuit that involved 30 state attorneys general. The alleged violations of state and federal laws resulted to a breach of 10.4 […]

Essentia Health is an integrated health system providing services in the states of Minnesota, North Dakota, Wisconsin and Idaho. Notifications sent to over 1,000 Essentia Health patients stated that some of their protected health information […]

Nemadji Research Corporation, doing business under the name of California Reimbursement Enterprises, released information regarding the unauthorized person who accessed the email account of an employee. There is potential exposure of the protected health information […]

GE Aestiva and Aespire Anesthesia devices were found to have an improper authentication vulnerability. These devices are typically used in hospitals all over America. The CVE-2019-10966 vulnerability can allow an attacker to remotely change the […]

A recent nCipher Security survey explored the value consumers put on their health information privacy and security. The survey had 1,300 U.S. consumers as participants and looked into their attitudes toward online personal privacy, sharing […]

Hackers exploited a two-year-old vulnerability in Microsoft Outlook targeting U.S. government networks. A warning issued by U.S. Cyber Command talked about the active exploitation of vulnerability CVE-2017-1174 and installation of remote access Trojans and other […]

A medical student is filing a lawsuit against Marshall University and Cabell Huntington Hospital because some of his protected health information (PHI) was impermissibly disclosed to a class of students. The medical student, which the […]

Alerts regarding the cybersecurity vulnerabilities discovered in several Medtronic insulin pumps were released by the United States Computer Emergency Readiness Team (US-CERT) and the Food and Drug Administration (FDA). The vulnerable insulin pumps connect to […]

According to a recent study, larger healthcare providers are more inclined to have fully developed, sophisticated cybersecurity defenses, whereas smaller healthcare providers struggle to implement cybersecurity best practices. KLAS and CHIME conducted the study and […]

Franciscan Health located in Mishawaka, IN found out that a former staff committed unauthorized access of the protected health information (PHI) of around 2,200 patients. In a routine privacy review, Franciscan Health learned about the […]

A former UChicago Medicine patient filed a lawsuit claiming that his medical information along with those of hundred other patients were shared with Google with no prior authorization. The lawsuit accuses UChicago Medical Center, UChicago […]

Virginia-based Dominion National, which is an insurance company, health plan manager, and administrator of dental and vision benefits, learned that a data breach affected the personal information of individuals connected to the services it provides. […]

Estes Park Health (EPH) located in Colorado was attacked by ransomware, which extensively encrypted files all across its network. EPH discovered the ransomware attack on June 2, 2019 when employees noticed and reported the computers’ […]

A patient care coordinator previously employed at the University of Pittsburgh Medical Center (UPMC) received a one-year imprisonment term for accessing patient healthcare records and utilizing that data for malicious damages. Sue Kalina, 62, living […]

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning after a surge in ‘Iranian regime actors’ cyberattacks. Christopher C. Krebs gave the warning as tensions build up […]

Cybercriminals that locate and exploit vulnerabilities to access healthcare networks and patient information are increasing their activities. The last two months were the worst and second worst months in terms of number of healthcare data […]

A ransomware attack on Tenx Systems, a company providing software for assisted living communities, impacted over 60 facilities that utilize the software program. Also known as ResiDex Software, Tenx Systems stated the attack happened on […]

A phishing attack on the Oregon Department of Human Services (ODHS) resulted to the potential compromise of the personal information of 645,000 clients. The phishing attack began on January 9, 2019, which got 9 ODHS […]

A recent ransomware attack on Shingle Springs Health and Wellness Center (SSHWC) located in Placerville, CA resulted to the potential compromise of the protected health information (PHI) of 21,513 patients. SSHWC found out on April […]

Rave Mobile Safety is hosting a webinar on June 18, 2019 that seeks to give better understanding of mental health problems, the difficulties community members encounter in relation to mental health conditions, and how to […]

An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient […]

A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing […]

An ex-employee of a healthcare provider based in Germantown, MD is alleged to have accessed the protected health information (PHI) of approximately 16,542 patients. The information was allegedly given to a third party to be […]

Ever since reports regarding the massive data breach at American Medical Collection Agency (AMCA) became known, over 12 lawsuits had been submitted by breach victims. Quest Diagnostics formally reported the breach on June 3, 2019 […]

News reports spoke of the American Medical Collection Agency (AMCA) data breach that brought about the compromise of 11.9 million Quest Diagnostics patient records. Current news cite another healthcre company affected by the AMCA breach. […]

Turlock Irrigation District in California is notifying its employees who are members of their employer-sponsored health plan regarding the exposure of some of their protected health information (PHI) online due to a business associate error. […]

The huge data breaches lately which included the breach at Quest Diagnostics affecting 11.9 million records and the breach at LabCorp affecting 7.7 million records. Now, University of Chicago Medicine announced a data breach with […]

The Vermont Supreme Court issued a ruling permitting a patient to take legal action against a hospital and nurse for privacy violation, irrespective of Vermont law and the HIPAA law that do not allow private […]

Microsoft issued another warning regarding the BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) after publishing online proof-of-concept exploits for the vulnerability. Microsoft issued fixes for the vulnerability on May 14, 2019. Patches were also made […]

In March 2015, health insurer Premera Blue Cross in Seattle reported a major data breach that affected close to 10.6 million plan members. The breach happened in 2014 and a wide range of information was […]

People Inc. is a non-profit health and human services firm located in Western New York providing services to elderly people and people with developmental disabilities. A phishing attack on the organization affected roughly 1,000 persons. […]

Medical Oncology Hematology Consultants (MOHC), a Newark,DE based cancer treatment center, suffered an email security breach that lead to the compromise of the protected health information (PHI) of some patients. MOHC published a substitute breach […]

Many view the HHS’ Office for Civil Rights’ enforcement of HIPAA compliance as excessively punitive. Compliance investigations after receiving complaints or data breaches reports usually result to the discovery of HIPAA Rules violations and sizable […]

A recent announcement requires Medical Informatics Engineering (MIE) to pay a financial penalty amounting to $900,000 to resolve a multi-state lawsuit over the HIPAA violations linked to a breach of 3.9 million records in 2015. […]

Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017. The […]

Ever since the implementation of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule by the Department of Health and Human Services, […]

Medical Informatics Engineering, Inc (MIE) settled with the HHS’ Office for Civil Rights its HIPAA violation case by paying $100,000. MIE provides electronic medical record software and services in Indiana. Its case of serious data […]