Microsoft Warning Against BlueKeep Exploit in Real World Attacks

In May 2019, Microsoft announced a critical remote code execution vulnerability in Windows Remote Desktop Services referred to as BlueKeep – CVE-2019-0708. The cybersecurity community expected the development of this weaponized exploit and use in large-scale attacks. The foremost wide-scale attacks utilizing a BlueKeep exploit were identified over the weekend. Right after Microsoft mentioned about … Read more

Brooklyn Hospital Center Malware Attack and Washington University School of Medicine Unauthorized PHI Access

A security breach has been announced by Brooklyn Hospital Center in New York. The incident that transpired in late July 2019 involved the installation of malware on some servers of the hospital. The prompt discovery of the attack limited the harm caused as safety action steps were taken. However, a number of files were still … Read more

Jackson Health System Paid in $2.15 Million Civil Monetary Penalty for Multiple HIPAA Violations

The Department of Health and Human Services’ Office for Civil Rights charged Jackson Health System (JHS) with a civil monetary penalty amounting to $2.15 million. JHS is a nonprofit academic medical system located in Miami, FL, which has violated HIPAA Security Rule, Privacy Rule, and Breach Notification Rule in multiple cases. OCR learned in July … Read more

PHI Potentially Compromised Due to Prisma Health Website Breach and Seattle Cancer Care Alliance Email Error

Due to a data breach on the Palmetto Health website, Prisma Health Midlands is sending breach notifications to around 19,000 patients and 3,000 employees. Prisma Health – previously called Palmetto Health – discovered on August 29, 2019 that a suspicious individual got the login information of a Prisma Health employee. The attacker used the stolen … Read more

Report Reveals Increased Security After a Data Breach Caused a Rise in Patient Mortality Rate

Healthcare data breaches bring about a lower quality of patient care, as per a study just posted in Health Services Research. Researchers studied data from Medicare Compare which highlights quality measures employed at hospitals. Information from 2012 to 2016 was assessed and compared with records from the HHS’ Office for Civil Rights on data breaches … Read more

57% of Companies Use Multi-Factor Authentication For Better Security But It is Not Fail-Proof

The password manager provider LastPass recently conducted a study, which revealed that only 57% of companies make use of multi-factor authentication, despite the fact that it is a very good way to prevent the use of stolen credentials to access email accounts and company networks. With multi-factor authentication, a second factor to verify users is … Read more

FBI Gives An Alert Regarding E-Skimming Threats and Recommendations for Minimizing Risk

The Federal Bureau of Investigation gave an alert regarding e-skimming threats, after attacks on SMBs and government institutions increased. E-skimming refers to the adding of malicious code on online payment processing websites. The code steals the debit and credit card details of users as they enter the information into the payment websites. The attacker gets … Read more

Millions of Patients’ Sensitive Data Were Publicly Accessible Online

Because nine companies failed to keep their medical databases secure, the sensitive health information of millions of patients were exposed online. The security researchers at WizeCase discovered the exposed patient information. The research team, under the leadership of Avishai Efrat, looked for exposed information that are accessible without requiring any usernames or passwords using freely … Read more

September 2019 Healthcare Data Breach Report

There were 36 healthcare data breaches involving over 500 records reported to the Department of Health and Human Services’ Office for Civil Rights in September. This figure presents a 26.53% reduction in breaches compared to the last month. The September breaches had exposed a total of 1,957,168 medical records, which represents a 168.11% rise from … Read more

15,982 Patients of South Texas Dermatopathology Notified About the AMCA Data Breach

South Texas Dermatopathology is the last identified casualty of the American Medical Collection Agency (AMCA) data breach. It has reported the data breach to the Department of Health and Human Services Office for Civil Rights (OCR) and informed the affected patients. The OCR breach portal has published information about the breach on October 7, 2019 … Read more

Mission Health E-Commerce Websites Had a Malicious Code that Allowed Payment Data Theft for 3 Years

Malicious code was found installed on the e-commerce website of Mission Health in Western North Carolina. The malicious code can capture the payment information entered by patients purchasing health products on the website. Then, the data can be routed to an unauthorized third party. Mission Health discovered the breach in June 2019. But according to … Read more

Proofpoint Report Reveals Which Cyber Threat Healthcare Organizations Commonly Encounter

A recent Proofpoint report gives information on the cyber threats that healthcare organizations encounter and the most common attacks that result in healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report shows the constantly changing threat landscape and how the strategies utilized by cybercriminals are in a consistent state of flux. The study, which was conducted … Read more

UAB Medicine Phishing Attack Impacts 19,000 Patients

Due to a phishing attack on August 7, 2019, UAB Medicine is informing its patients regarding the potential access of a number of employee email accounts of UAB Medical Center in Birmingham, AL. When UAB became aware of the breach, the security team modified the passwords of the breached email accounts to block further unauthorized … Read more

New York Legislation Stops the Selling of Patient Information by First Responders to Third Parties

S.4119/A.230 is a new legislation signed into law on October 7, 2019 by New York Governor Andrew Cuomo. This law forbids first response and ambulance service employees to sell or share patient information to third parties for the purpose of marketing or raising money. New York Assembly Member Edward Braunstein originally introduced the bill in … Read more

MITA Puts Out New Medical Device Security Standard

The Medical Imaging & Technology Alliance (MITA) has published a new medical device security standard that offers healthcare delivery organizations (HDOs) crucial data regarding risk management and medical device security controls to secure the medical devices against suspicious access and cyberattacks. The new voluntary standard, known as Manufacturer Disclosure Statement for Medical Device Security (MDS2) … Read more

Philadelphia Department of Public Health Announced the Exposure of Hepatitis Patients’ Data

The Philadelphia Department of Public Health (PDPH) found that sensitive data of patients suffering from hepatitis B and hepatitis C were exposed over the web and any person could access it without having authentication. PDPH knew about the breach on October 12, 2019 after getting notification from one The Philadelphia Inquirer correspondent. The matter was … Read more

APT Actors Actively Exploiting GlobalProtect, Pulse Connect, Fortigate VPN Vulnerabilities

Advanced persistent threat (APT) actors are taking advantage of flaws in widely used VPN products provided by FortiGuard, Palo Alto and Pulse Secure to obtain control of vulnerable Internal networks and VPNs. The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) together with other cybersecurity institutions published security alerts regarding a number of vulnerabilities in VPN … Read more

Data Breaches at Cancer Treatment Centers of America and Humana

Cancer Treatment Centers of America (CTCA) sent notifications to some of its patients after their protected health information (PHI) were exposed due to a phishing attack and email security breach on July 2019 at its Southeastern Regional Medical Center. CTCA knew about the phishing attack on July 29, 2019 when there was suspicious activity identified … Read more

9,160 Goshen Health Patients Affected by Phishing-Related Email Breach

9,160 patients from Goshen Health in Indiana received notification about its phishing-related email breach in August 2018 that could have resulted in the potential exposure of their protected health information (PHI). Goshen Health took steps to secure the compromised email accounts upon discovery of the breach and immediately had the incident investigated. Initially, it was … Read more

PHI of 391,472 Patients of Sarrell Dental Potentially Compromised Due to a Ransomware Attack

A ransomware attack on Sarrell Dental in Alabama, is non-profit Children’s dental and optical services provider resulted in the potential compromise of the protected health information (PHI) of its patients. Sarrell Dental is the biggest dental services provider in the state of Alabama with 17 clinics in operation. In July 2019, cyberattackers deployed ransomware on … Read more

Potential Compromise of PHI As a Result of North Florida OB-GYN Cybersecurity Breach

North Florida OB-GYN in Jacksonville, FL learned that hackers got access to particular portions of its computer system that contain personal and medical data of patients and attacked the system with a virus that encrypted the data. Once the breach was uncovered on July 27, 2019, the provider deactivated the networked computer systems and started … Read more

Atlantic.Net and Compliancy Group Will Conduct Webinar on Cybersecurity and HIPAA Compliance

Atlantic.net is a HIPAA-compliant hosting company that teamed up with Compliancy Group and its HIPAA-compliance specialists in conducting a webinar on Cybersecurity and HIPAA Compliance. In the webinar, healthcare organizations can learn a few quick-to-implement steps to easily enhance their security standing, be more resistant to cyberattacks, and guarantee continued compliance with HIPAA rules. Cybercriminals … Read more

Sen. Rand Paul Presents National Patient Identifier Repeal Act

Sen. Rand Paul, M.D., (R-Kentucky) has presented a new bill that attempts to permanently remove the national patient identifier provision of HIPAA because of the privacy issues in implementing such a system. At this time, HIPAA is most widely known for its healthcare data privacy and security rules, however, the national patient identifier system was … Read more

Senator Demands Explanation for the Exposure of Medical Images Stored in Unprotected PACS

Sen. Mark Warner (D-Virginia) wrote a letter to TridentUSA asking for an explanation concerning a breach involving sensitive medical images at MobileXUSA, one of its affiliates. Sen. Warner is one of the founders of the Senate Cybersecurity Caucus (SCC) that was created to be a bipartisan educational resource for the Senate to effectively engage on … Read more

HIPAA Seal of Compliance Awarded to Integration Link LLC by Compliancy Group

Integration Link, LLC is a provider of virtual Chief Information Security Officers and cybersecurity consultancy services to businesses of varying sizes — small, medium and large. It recently completed Compliancy Group’s 6-Stage HIPAA Risk Analysis and remediation process, which proves that it is fully compliant with all the requirements of the HITECH Act, the Omnibus … Read more

Healthcare Data Breach Report for August 2019

In August, more than 1.5 healthcare data breaches were reported per day. This is the second consecutive month that there are a lot of reported breaches. Though the number of breaches is not significantly different from last month (49 versus 50), the number of exposed records went down substantially. There were 729,975 healthcare records breached … Read more

New Data Breach Notification Regulation for Health Insurers in Maryland

Beginning October 1, 2019, health insurance providers and associated services have to notify the Maryland Insurance Administration (MIA) whenever a breach of insureds’ personal information occurs. The change in rules covers health plans, health insurance companies, HMOs, managed general agents, managed care institutions, and third-party health insurance administrators. MIA’s Compliance & Enforcement Unit ought to … Read more

Phishing Attacks on Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Members

The managed care firm Magellan Health based in Scottsville, AZScottsville, AZ learned that phishing attacks on two of its subsidiaries caused the compromise of the protected health information (PHI) of Presbyterian Health Plan members from Albuquerque, NM. Two service vendors to Presbyterian Health Plan, specifically Magellan Healthcare and National Imaging Associates, encountered the phishing attacks. … Read more

NCCoE Issued a Mobile Device Security Guidance for COPE Gadgets

The National Cybersecurity Center of Excellence (NCCoE) published the latest draft NIST mobile device security guidance to aid institutions to reduce the risks brought in by corporate-owned personally enabled (COPE) gadgets. Mobile gadgets enable workers to access information required to perform their job, regardless of where those persons are found. So, the devices enable organizations … Read more

NCCoE Releases Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem

The draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem was issued by the National Cybersecurity Center of Excellence (NCCoE). The guidelines called NIST Cybersecurity Practice Guide, SP 1800-24 were penned for health healthcare delivery organizations (HDOs) to help protect their PACS and minimize the likelihood of a data breach or … Read more

About 6,000 People’s PHI Impacted by Phishing Attacks on East Central Indiana School and Frasier

A phishing attack on East Central Indiana School Trust (ECIST) is the reason for the compromise of some protected health information (PHI) of more than 3,200 men and women. On May 19, 2019, an ECIST staff was tricked into revealing his/her email account credentials that an attacker employed to access that person’s email account. ECIST … Read more

Multi-Factor Authentication Stops 99.9% of Cyberattacks

The healthcare sector runs into a lot of phishing attacks. Every week, healthcare organizations report a number of phishing attacks resulting in protected health information (PHI) exposure or theft. In most cases, the attacks are preventable by adhering to fundamental cybersecurity guidelines. Cyberattacks are now more complex, though most of the attacks aren’t. They entail … Read more

Guidance on Healthcare Information Sharing Organizations Published by HSCC

The Healthcare and Public Health Sector Coordinating Council (HSCC) released guidance on cybersecurity information sharing for healthcare organizations. HSCC is a partnership of over 200 public-private companies and organizations, such as health IT organizations, healthcare device manufacturers, pharmaceutical firms, laboratories, health plans, payers and government institutions. Its purpose is to deliver collaborative solutions to aid … Read more

Utah Ransomware Attack, Alive Hospice Mailing Error and Community Psychiatric Clinic Breaches Compromised Patient Data

Premier Family Medicine, which is a physician group located in Utah, notified 320,000 patients concerning the potential exposure of their protected health information (PHI) caused by a ransomware attack that affected ten facilities located in Utah County. On July 8, 2019, the ransomware attack occurred and prevented the Family Medicine’s staff from accessing patient files … Read more

Patients Impacted by Massachusetts General Hospital Data Breach and Sonoma Valley Hospital Website Hacking

Massachusetts General Hospital (MGH) found lately that the computer applications used by the researchers of its Department of Neurology was accessed without authorization. The individual behind the breach may possibly access approximately 10,000 patients’ protected health information (PHI). MGH became aware of the breach on June 24, 2019 and immediately blocked the software and databases … Read more

Declaration of Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and South Carolina Due to Hurricane Dorian

The Secretary of the Department of Health and Human Services (HHS), Alex Azar, has made an announcement placing Puerto Rico and the states of Georgia, Florida, and South Carolina in a public health emergency (PHE) because of Hurricane Dorian. The announcement of the presidential PHE in the previously mentioned areas was made while the states … Read more

73 Email Accounts of Bonita Springs Employees Compromised Due to Phishing Attack

A phishing attack on NCH Healthcare System, Bonita Springs located in Florida, highlighted how critical it is to train healthcare employees on security awareness. On June 14, 2019, Bonita Springs tracked down the phishing attack upon seeing suspicious email activity connected with its payroll system. The investigation confirmed that 73 employees surprisingly disclosed their account … Read more

Irdeto Survey Reveals 82% of Healthcare Providers Have Encountered a Cyberattack on Their IoT Devices

The Swedish software firm Irdeto conducted the Global Connected Industries Cybersecurity Survey, which showed that 82% of healthcare organizations using Internet-of-Things (IoT) devices have encountered a cyberattack on no less than one of those devices in the last 12 months. Irdeto asked 700 security leaders of healthcare providers and companies in the manufacturing, IT and … Read more

Identified Vulnerability in Philips HDI 4000 Ultrasound Systems

There is a vulnerability identified in Philips HDI 4000 Ultrasound systems that attackers could exploit to access ultrasound images. Besides stealing information, an attacker could tamper with ultrasound images to hinder the diagnosis of a possibly deadly health ailment. Philips HDI 4000 Ultrasound systems run on legacy operating systems like Windows 2000 which aren’t supported … Read more

Code Execution Vulnerability Found in Cardiology Devices of Change Healthcare

Devices of Change Healthcare Cardiology, Horizon Cardiology and McKesson Cardiology were found to have a vulnerability, which a locally authenticated user could exploit to add files that can enable the attacker to implement arbitrary code on a device. Asante Information Security’s Alfonso Powers and Bradley Shubin identified vulnerability CVE-2019-18630 and reported it to Change Healthcare. … Read more

Healthcare Data Breach Report Summary in July 2019

May 2019 had 46 breaches with over 500 records exposed making it the worst month ever since the HHS’ Office for Civil Rights began reporting breach summaries on its web portal in 2009. But that record was broken last July, which had 50 healthcare data breaches with over 500 records reported. July had 13 more … Read more

AMCA Breach Impacts 33,370 Mount Sinai Hospital Patients

Mount Sinai Hospital discovered the compromise of 33,730 patients’ protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) cyberattack. This hospital is number 24 in the list of AMCA breach victims, which has impacted nearly 25 million individuals. On June 4, 2019, AMCA informed Mount Sinai Hospital about the unauthorized … Read more

AMCA Data Breach Impacts Almost 25M To Date

The number of victims of the American Medical Collection Agency (AMCA) data breach has gone up to about 25 million with one more healthcare organization announcing that it was impacted by the breach. Wisconsin Diagnostic Laboratories (WDL) runs 13 medical testing facilities in the area of Milwaukee. Around 114,985 of its patients were notified about … Read more

OMB Audit Report Finds the HHS Information Security Program as Ineffective

The Office of Management and Budget (OMB) sent in its yearly audit report to Congress about the status of federal agencies’ cybersecurity, as demanded by the Federal Information Security Modernization Act of 2014 (FISMA). OMB evaluated 4 of the 12 Department of Health and Human Services (HHS) operating divisions to determine their compliance with FISMA. … Read more

Threat of Lateral Phishing Attacks on Health Care Organizations Increasing

University of California Berkeley, University of San Diego, and Barracuda Networks conducted a recent study, which showed the increasing threat of lateral phishing to healthcare organizations. In a typical phishing attack, the attacker sends an email with an embedded hyperlink going to a malicious web page that harvests login credentials . The emails include a … Read more

Security Breaches at Rhode Island Healthcare Provider and California Hospice Potentially Compromised PHI

Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) is informing 2,943 patients regarding the unauthorized access of a server that contained some of their health data. A hacker accessed RIENT’s network on June 19, 2019. The provider detected the breach on the same day and secured its network. A hired third-party computer forensics company … Read more

32% of Healthcare Employees Did Not Receive Cybersecurity Training

Since January, about 200 breaches involving over 500 records were reported and it seems that 2019 will be another record year when it comes to healthcare data breaches. Because of the increase in data breaches, Kaspersky Lab conducted a survey to get more understanding about the healthcare industry’s state of cybersecurity. Kaspersky Lab recently published … Read more

45,000 PHI Potentially Exposed Due to Integrated Regional Laboratories, Bayview Dental and Mid-Valley Behavioral Care Network Breaches

Florida-based Integrated Regional Laboratories (IRL) notified around 30,000 patients concerning the potential compromise of their protected health information (PHI) due to the American Medical Collection Agency (AMCA) data breach, which was identified on March 20, 2019. AMCA advised IRL on June 3, 2019 that it had a data breach and confirmed on June 13 that … Read more

Phishing Attacks on Michigan Medicine and Virginia Gay Hospital Potentially Exposed PHI

Michigan Medicine notified about 5,500 of its patients regarding the exposure of some of their protected health information (PHI) because of a phishing attack recently. In July, Michigan Medicine was hit by a phishing attack. About 3,200 employees got phishing emails that have a hyperlink going to a legit-looking web site, which asked for the … Read more

Direct Connect Computer Systems Inc. Receives HIPAA Seal of Compliance

Direct Connect Computer Systems, Inc., the technology solution provider based in Cleveland, OH, has proven that it is surely Health Insurance Portability and Accountability Act (HIPAA) compliant. Under HIPAA, firms offering technology solutions and services to healthcare organizations that necessitate access to electronic protected health information (ePHI) are considered as ‘business associates. Business associates of … Read more

State Attorneys General Call For the Alignment of Part 2 Regulations with HIPAA

The National Association of Attorneys General (NAAG) told the House and Senate leaders to make improvements to Confidentiality of Substance Use Disorder Patient Records regulations referred to as 42 CFR Part 2. NAAG tagged the regulations under consideration as cumbersome [and] out-of-date and they limit the substance abuse treatment records uses and disclosures. The HIPAA … Read more

Renown Health Discovers PHI was Stored on Lost Thumb Drive

Renown Health, which is Northern Nevada’s biggest healthcare provider, has begun notifying some patients about the potential compromise of some of their protected health information (PHI). On June 30, 2019, a portable storage device (thumb drive) containing files with patient data was found missing. A thorough search for the thumb drive was conducted in the … Read more

Exposure of Seattle Community Psychiatric Clinic Patient Data Due to Email Security Breaches

A Seattle, WA provider of accredited outpatient, counseling services and mental health treatment, Community Psychiatric Clinic, has encountered two security breaches resulting in the compromise of patient information. In the two instances, an unauthorized person accessed the Microsoft Office 365 account of an employee. Community Psychiatric Clinic detected the first security breach on March 12, … Read more

Patients’ PHI Compromised Due to Unsecured Amarin and Medico Database

A database that contains the personal data of people who were interested in Vascepa®, Amarin Pharma’s cholesterol drug, was exposed on the internet. A third party vendor maintained the database, which contained data including full names, email addresses, addresses, phone numbers, interest in a copay card for Vascepa® and medications information. Amarin discovered the breach … Read more

NIST Published a New Guidance on Securing IoT Devices

The National Institute of Standards and Technology (NIST) has published its latest guide for companies manufacturing Internet of Things (IoT) devices so that they can integrate proper cybersecurity controls to ensure the devices are secured against risks when connected to the Internet. This is the second in the series of published security of IoT devices … Read more

Presbyterian Healthcare Services and Three Rivers Community Health Group Data Breaches Impact About 184,000 Patients

Presbyterian Healthcare Services in New Mexico is informing about 183,000 patients and health plan members about the exposure of some of their protected health information (PHI) as a result of a recent security breach. A number of Presbyterian Healthcare Services employees got phishing emails some time on May 6, 2019. Some employees replied to the … Read more

Imperial Health Ransomware Attack and Lost Laptop Impacts Patients’ PHI

Imperial Health in Southwest Louisiana is a physicians’ network that is announcing the potential compromise of over 111,000 patients’ protected health information (PHI) because of a recent ransomware attack, which was discovered on May 19, 2019. An unauthorized party was able to download ransomware into the network so that files and the Imperial Health’s Center … Read more

Atlantic.Net’s 25th Year Anniversary as Internet and Cloud Services Provider

Cloud service provider Atlantic.Net, which offers HIPAA-compliant hosting to healthcare businesses, is remembering its 25th year anniversary. The company started as an internet service provider in 1994. It adapted with the changing technology trends and offered cloud services in 2009. The company continued to develop it its hosting platform and related services over the next … Read more

Critical Vulnerabilities Affect 2 Billion VxWorks Devices

Armin’s security researchers discovered 11 vulnerabilities in the real-time operating system of VxWorks, which is widely used in close to 2 billion IoT devices, control systems and medical devices. Six vulnerabilities are rated critical and have been collectively called “Urgent/11.” A hacker could remotely exploit them with no need for user interaction. If successful, a … Read more

NIST’s New Mobile Device Security Guidance for Corporately-Owned Personally-Enabled (COPE) Devices

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released a draft of a mobile device security guidance that aims to help companies strengthen the security of corporately-owned personally-enabled (COPE) mobile gadgets and lower network security risks that may arise because of the devices. Modern businesses need mobile gadgets to … Read more

$70,000 Ransom Paid by Kentucky Community Health Center to Recover Encrypted Data

Park DuValle Community Health Center in Louisville, KY encountered a ransomware attack on June 7, 2019. The hackers successfully accessed its network and installed ransomware so that the center’s appointment scheduling platform and medical record system became inaccessible. The non-profit health center offers healthcare services to low-income patients in the western Louisville area who have … Read more

Computer Doc is Now HIPAA Compliant

Computer Doc, an IT company based in Indian Trail, NC, is now certified as compliant with the HIPAA Privacy, Security and Breach Notification Rules, the Omnibus Rules and the HITECH Act as announced by the Compliancy Group. Computer Doc has been in business since 1997 providing businesses in the area of Charlotte, NC with IT … Read more

Losses Due to BEC Attacks Reach $301 Million Per Month

The Treasury Department released statistics that show a continual increase of business email compromise (BEC) attacks throughout the last two years. The number of reported successful BEC attacks in 2018 is more than double the number in 2016. Losses in operations and breach responses as a result of these scams are soaring. Business email compromise … Read more

18 Healthcare Providers Affected by AMCA Breach Resulting to Over 25 Million Records Exposed

More healthcare providers have confirmed that they were affected by American Medical Collection Agency (AMCA) data breach over the last few days. To date, there are 18 healthcare providers who were affected and over 25 million were considered victims. Retrieval Masters Credit Bureau (RMCB), AMCA’s parent company, discovered the AMCA breach on March 21, 2019. … Read more

Coveware Study Shows Increasing Ransomware Attacks and Ransom Payments

Ransomware attacks increased in the Q2 of 2019, according to Coveware’s new report. Coveware is a ransomware recovery service provider, which helps businesses recover their data in the event of a ransomware attack. The method used to recover their data may be through free remediation or through negotiation with the attackers. Coveware analyzed anonymized information … Read more

Cyberattacks on St. Croix Hospice and Hunt Regional Healthcare

St. Croix Hospice, provides hospice care across the Midwest, discovered that an unauthorized person accessed an employee’s email account and could have viewed patient data. The hospice detected the breach on May 10, 2019 upon seeing suspicious email activity in the account. Investigation went underway with the help of a third-party computer forensics company. It … Read more

AMCA Breach Also Impacts 2.2 Million of Clinical Pathology Laboratories Patients

Clinical Pathology Laboratories based in Texas recently learned that the data breach at American Medical Collection Agency (AMCA) affected its 2.2 million patients potentially compromising their protected health information (PHI). AMCA is a company that provides a lot of healthcare companies with debt collection services. As a provider of this service, AMCA receives the PHI … Read more

Discovered Vulnerability in GE Aestiva and Aespire Anesthesia Devices

An improper authentication vulnerability was found in the devices GE Aestiva and Aespire Anesthesia. Many hospitals all across American generally use these devices. The CVE-2019-10966 vulnerability could make it possible for an attacker to remotely alter the parameters of a vulnerable device and silence the alarms. Possible changes include adjusting the parameters of gas composition … Read more

Patient Records of Direct-to-Consumer DNA Testing Company Exposed Online

Vitagene is a health tech firm based in San Francisco, CA that offers services of direct-to-consumer DNA-testing. Vitagene accidentally exposed the private and genealogy data of a large number of its customers because of unauthorized access on the web. The Vitagene DNA testing service is one componenet of a DNA-based individualized health and wellness program. … Read more

PHI of 25,000 Adirondack Health Patients Potentially Exposed Due to Email Account Hack

Adirondack Health in Vermont is informing roughly 25,000 patients about the potential access of some of their protected health information (PHI) by a hacker. The information that were potentially compromised include the names of patients, birth dates, Medicare ID numbers or medical insurance member numbers, and some information on treatment and/or clinical results. The Social … Read more

Webinar by Compliance Experts on Ransomware, Malware, Phishing, and HIPAA Compliance

Compliancy Group is conducting a webinar for healthcare professionals covering the major threats that the healthcare industry is facing. Compliance experts are going to discuss threats like malware, ransomware and phishing in connection with HIPAA and patient data privacy and security. Cybersecurity plays a very important role in healthcare today than ever before. Hackers regard … Read more

GAO Audit Pointed Out CMS’ Weak ID Verification System

A Government Accountability Office (GAO) audit recently conducted showed that the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) uses a remote ID verification process that is poor and outdated. Consequently, it likely gives limited security against fraud. The CMS site can help users find government financial assistance that is … Read more

Researchers Found Critical Vulnerability in Burrow-Wheeler Aligner Genomics Mapping Software

Some Sandia National Laboratories researchers discovered that the open software utilized by genomic researchers had a vulnerability. If an attacker exploits this vulnerability, he could access and modify sensitive genetic data. There are two steps involved in DNA screening. The first step is the sequencing of a patient’s DNA and the mapping of their genome. … Read more

PHI of 10,893 Summa Health Patients and 5,400 Community Physicians Group Patients Potentially Compromised in Phishing Attack

Summa Health in Akron, Ohio discovered an unauthorized person had accessed four employee email accounts that contain the protected health information (PHI) of patients. Summa Health knew about the breach on May 1, 2019 and started an investigation showing the breach of 2 email accounts in August 2018, and the breach of two more accounts … Read more

9-Year PHI Breach at Dominion National Impacted 2.9 Million Members

A data security incident at Dominion National involved the personal data of their clients. Dominion National is an insurance provider, health plan administrator, and administrator of dental and vision benefits primarily based in Virginia. Hackers initially accessed the provider’s servers in 2010. Dominion National started an internal investigation after being alerted about the incident and … Read more

HELP Committee Passes Lower Health Care Costs Act

The Senate Health, Education, Labor and Pensions (HELP) Committee has okayed a very important bill to HIPAA-covered entities – the Lower Health Care Costs (LHCC) Act of 2019. One key objective of the bill is to enhance the transparency of medical care costs and quality of service. The bill is meant to stop surprise medical … Read more

5 Million-Records Breach of MedicareSupplement.com and Summa Health Data Breach

The personal data of approximately 5 million people contained in a MongoDB database were exposed on the web. MedicareSupplement.com owns the database containing personal and health data. TZ Insurance Solutions operates the website and use it for helping people look for a Medigap insurance plan. People in search of coverage could go to the website … Read more

New OCR Guidance on Allowable Uses and Disclosures by Health Plans for Patient Care Coordination and Continuity of Care

The Department of Health and Human Services’ Office for Civil Rights published new HIPAA guidance for health plans about the proper sharing of protected health information to assist patient care coordination and continuity of patient care. The guidance is written in the format of an FAQ. It answers two questions that health plans frequently ask: … Read more

2,200 Franciscan Health Patients PHI Exposed Due to Unauthorized Access and Boxes of Medical Records Abandoned in Chatham Chicago

Franciscan Health based in Mishawaka, IN learned that a former employee accessed the protected health information (PHI) of about 2,200 patients without authorization. During a scheduled privacy audit, Franciscan Health discovered the privacy breach. On May 24, 2019, it was confirmed that Franciscan Health that an employee assigned in the quality research department accessed patients’ … Read more

A Nurse Terminated and 10,970 Patient PHI Exposed Due to Breaches at Takai, Hoover & Hsu and Navicent Health

A former staff at a healthcare provider located in Germantown, MD allegedly accessed the protected health information (PHI) of roughly 16,542 patients. The data was purportedly provided to a third party and utilized for bogus transactions. On April 10, 2019, County and state law enforcement informed Takai, Hoover & Hsu, P.A., the owner of THH … Read more

May 2019 Healthcare Data Breach Report

April had more healthcare data breaches reported when compared with any other month so far. May continued to have a high number of data breaches, with 44 breaches reported. The number of exposed records in May, which is 1,988,376 healthcare records, increased by 186% compared to April. The average number of healthcare data breaches reported … Read more

Ransomware Attacks on Illinois and California Clinics Reported

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health information (PHI) because of a ransomware attack in April 2019. An unauthorized person accessed Quantum systems on April 18, 2019 and installed ransomware, which encrypted files. The information contained in … Read more

Meditab Software Breach Impacts Capitol Cardiology Associates (CCA) and Southern Maryland Medical Group (SMMG) Patients

A potential breach at Meditab Software Inc. affects two healthcare companies in Maryland. Meditab is a business associate of the two companies providing EMR and practice management software. As such, its systems include patient protected health information (PHI). Meditab discovered in March 2019 that some PHI were left unsecured. Meditab had developed a website to … Read more

Statewide Collection Service Receives HIPAA Seal of Compliance

Statewide Collection Service is a company providing a full-service accounts receivable management and risk assessment to the healthcare sector. The company recently concluded the Compliancy Group’s Six Stage implementation process and obtained its HIPAA Seal of Compliance. Companies providing services or products to healthcare organizations and need access to patient data have to abide by … Read more