Articles by HIPAA Editor

At the end of November, the Department of Justice charged two Iranians in connection with the SamSam ransomware attacks. However, the attacks are unlikely to…

The HHS’ Office for Civil Rights (OCR) investigated an incident of impermissible PHI disclosure by a business associate of a HIPAA-covered entity and found major…

Medical Informatics Engineering and NoMoreClipboard was charged with multi-state federal lawsuit over the 2015 data breach exposing the information of 3.9 million people. Indiana Attorney…

Georgia Spine and Orthopaedics of Atlanta (GSOA) is informing a number o its patients concerning a phishing attack that caused the possible theft and exposure…

Healthcare billing services provider, AccuDoc Solutions Inc, reported a data breach that caused the compromise of the protected health information (PHI) of 2,650,000 Atrium Health…

Mercy Medical Center North Iowa found out that an old employee possibly accessed patients’ healthcare records without appropriate authorization for over 12 months. The medical…

The United Kingdom’s Information Commissioner’s Office (ICO) discovered that the options for the Washington Post online subscription are not General Data Protection Regulation (GDPR) compliant….

A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information…

St. John’s Episcopal Hospital and Episcopal Health Services located in New York have informed former and current patients about the potential compromise of their protected…

Microsoft Office is under review by Dutch investigators due to complaints of the EU’s General Data Protection Regulations (GDPR) violation. Allegedly, Microsoft’s software is gathering…

A phishing attack on New York Oncology Hematology in Albany, New York resulted to the compromise of 15 employee email accounts and gave the hackers…

HealthEquity is informing 190,000 people about the exposure of some of their protected health information (PHI) because of a phishing attack. HealthEquity is a company…

The operators of the WordPress content management platform gave an advisory to users regarding the need to refresh the WP GDPR Compliance plug-in immediately because…

Inova Health System in Virginia began notifying its 12,331 patients regarding the unauthorized access of some of their protected health information (PHI). On September 5,…

A phishing attack on Metrocare Services, the biggest mental health services provider in North Texas, resulted in the compromise of the protected health information (PHI)…

Upstate University Hospital located in Syracuse, NY notified 1,216 of its patients regarding the impermissible access of a former personnel to some of their protected…

Altus Hospital located in Baytown, Texas had been attacked by ransomware, which encrypted much of the hospital data records. The attack did not have an…

Facebook is confronted with the wrath of EU’s General Data Protection Regulation (GDPR) once more after the UK Information Commissioner Office (ICO) made a complaint…

Accessing of patient information by healthcare employees who are not authorized to do so is clearly a violation of the Health Insurance Portability and Accountability…

Apple CEO Tim Cook was guest speaker at the 40th edition of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels and…

The protected health information (PHI) of around 40,000 patients of the Jones Eye Clinic and its associate surgery center, CJ Elmwood Partners, L.P, located in…

Catawba Valley Medical Center (CVMC) based in Hickory, NC discovered on August 13, 2018 the access of an unauthorized person to the email account of…

There is a flaw in the Employees Retirement System of Texas (ERS) OnLine portal. It was discovered when a number of people entered the portal…

In August 2018, BDO USA conducted a survey as part of the BDO 2018 Cyber Governance Survey. It was participated by 145 U.S. company board…

MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of…

The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on…

Raley’s Pharmacy is notifying about 10,000 patients about the potential compromise of some of their protected health information (PHI). The incident on September 24, 2018…

The U.S. Food and Drug Administration (FDA) along with the Department of Homeland Security (DHS) presented a memorandum of agreement to make use of a…

The email accounts of two employees of the Children’s Hospital of Philadelphia (CHOP) were compromised after the successful phishing attacks launched on August 23 and…

The Department of Health and Human Services’ Office of Inspector General (OIG) issued a new report stating that most Medicaid data breaches are rather minor…

A health insurance system connected to the HealthCare.gov website was hacked according to the Centers for Medicaid & Medicare Services (CMS). The sensitive data of…

Aetna committed two mailing errors in 2017, which caused the impermissible disclosure of the protected health information (PHI) of its members. Because of the data…

OCR has issued a settlement fine to Anthem for potential HIPAA violations that led to a 78.8 million records breach in 2015. Anthem paid $16…

According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by…

Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks….

The ECRI Institute, a non-profit firm that researches new methods to improve patient care, has recently released an annual listing of the top 10 Health…

There were two phishing attacks on the Minnesota Department of Human Services (DHS) that impacted 21,000 persons provided with medical assistance. DHS already mailed the…

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare sector to have increased awareness…

Under the HIPAA Privacy Rule, patients have the right to get a copy of their health records from healthcare providers. When requested, copies of health…

Michigan Medicine is informing over 3,600 patients that some of their protected health information (PHI) was impermissibly disclosed. The Michigan Medicine Development Office had a…

Lambda Legal filed a lawsuit on behalf of 93 data breach victims who are lower-income HIV positive persons whose highly sensitive protected health information (PHI)…

On October 1, 2018, the U.S. Food and Drug Administration presented a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook created to assist healthcare…

Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users….

The National Institute of Standards and Technology (NIST) produced a draft of the guidance that is made to support federal agencies and other firms understand…

Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access…

Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative…

Claxton-Hepburn Medical Center is a not-for-profit community hospital located in Ogdensburg, NY. A number of its employees were terminated from work for accessing patient medical…

Three hospitals paid the Department of Health and Human Services’ Office for Civil Rights (OCR) a fine of $999,000 to settle their HIPAA violation. Because…

Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email…

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is notifying 1,567 plan members about the impermissible disclosure of their protected health information (PHI) by…

The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed…

Independence Blue Cross in Philadelphia is sending notifications to thousands of its plan members because of the potential exposure of their protected health information (PHI)…

Hopebridge is a network of 28 autism treatment centers located all over the Midwest. It experienced a phishing attack, which potentially resulted in the access…

Acadiana Computer Services Inc., which provides the healthcare industry in Lafayette, LA with software and business solutions, discovered that an unauthorized person accessed an employee’s…

After the European Union’s General Data Protection Regulation (GDPR) was enforced on May 25, 2018, there is a remarkable drop in the number of daily…

Reliable Respiratory, which is a respiratory care provider in Norwood, MA experienced a phishing attack that impacted 21,311 patients. A suspected cyberattack was noted on…

Arc of Erie County Pays $200,000 for Security BreachThe New York Attorney General penalized the Arc of Erie County with $200,000 for HIPAA Rules violation…

The final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in healthcare delivery organizations prepared by the National Cybersecurity Center of…

There is a code vulnerability discovered in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS). A threat actor could remotely exploit the vulnerability to acquire administrator…

Reuters Institute at the University of Oxford did a research and discovered that there was a 22% decline in the number of tracking cookies on…

Th BD Alaris Plus medical syringe pumps has a crucial wirelessly exploitable vulnerability. When linked to a terminal server through the serial port, the medical…

Consent management platform Quantcast Choice released a report recently that pointed out that European Union (EU) domains obtain on average a consent rating of above…

Ovum performed a survey lately for analytics company FICO, which showed there was a significant increase in businesses getting cybersecurity insurance, yet the healthcare sector…

Legacy Health found an unauthorized person has obtained access to its email system as well as the protected health information (PHI) of about 38,000 patients….

Anthem Inc. offered a $115 million settlement deal in 2017 to take care of the class action legal cases submitted by the victims of a…

The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out….

Three Democrat legislators accused the Oklahoma Department of Veteran Affairs of breaking Health Insurance Portability and Accountability Act (HIPAA) Rules. They have likewise called for…

MedSpring Urgent Care is a group of critical care clinics established in Atlanta, Austin, Chicago, Fort Worth, Dallas, and Houston, which identified an unauthorized individual…

Approximately 300,000 patients from SSM Health St. Mary’s Hospital based in Jefferson City, Missouri were advised about the exposure of some of their protected health…

The HIPAA Security Rule mandates covered entities to consistently safeguard the confidentiality, integrity and availability of protected health information (PHI). The duties of healthcare companies…

This is a summing up of healthcare data breaches shared as of late to the press and the Department of Health and Human Services’ Office…

A survey conducted by the healthcare marketing agency SCOUT revealed that consumers are not as much concerned about the privacy and safety of their medical…

The protected health information (PHI) of more than 19,000 patients was compromised as a result of a mistake that a transcription service vendor made while…

A data security breach took place at Confluence Health, which is a non-profit health system operating Wenatchee Valley Hospital, Central Washington Hospital and other satellite…

According to the healthcare data breach report for June 2018, healthcare data breaches increased by 13.8% from last month. However the data breaches were not…

Two healthcare providers sent in reports of phishing attacks that granted cyber criminals access to patients’ protected health information (PHI). The attackers in both incidents…

The Golden Heart Administrative Professionals located in Fairbanks, AK serves as a business associate to local healthcare providers by providing invoicing as a service. It…

LabCorp is a clinical laboratory in the United States that had encountered a cyberattack allowing hackers to possibly view or copy the protected health information…

The email account of doctors at UMC Physicians located in Texas was attacked by hackers which brought about the likely compromise of certain protected health…

As per a report publicized in Tennessean, one of Metro Health’s personnel made a mistake causing the exposure of the protected health information (PHI) of…

Law enforcement investigated the involvement of an employee at Arkansas Children’s Hospital in the theft and improper use of patients’ protected health information (PHI). According…

Manitowoc County in Wisconsin suffered a phishing attack which resulted to protected health information (PHI) being stolen. The phishing attack most likely took place on…

The American Hospital Association (AHA) members are concerned about the proposed rule by HHS — Centers for Medicare and Medicaid Services’ hospital inpatient prospective payment…