Articles by HIPAA Editor

The Government Accountability Office (GAO) just published the results of an audit involving all federal government systems running on legacy operating systems. The purpose of…

Healthcare Cyber Heists in 2019 had compiled information from 20 industry leading CISOs, which include the cyberattacks they experienced in the past year, the strategies…

Since the news about the huge data breach at American Medical Collection Agency (AMCA) went out, there is now over a dozen lawsuits filed by…

Mercy Health found out that some of its patient data were uploaded to a private server used for online appointment scheduling, electronic doctor’s office check-ins…

The American Medical Collections Agency (AMCA) data breach victims has now gone over 20 million with the confirmation of another healthcare organization that it was…

An updated Oregon breach notification laws had been approved. The update included the following: expanded definition of consumer data, modified the meaning of covered entity,…

Coffey Health System agreed to settle alleged violations of the False Claims and HITECH Acts by paying $250,000 to the U.S. Department of Justice. The…

There have been massive data breaches recently including the 11.9 million records breach at Quest Diagnostics and the 7.7 million records breach at LabCorp. Now,…

A hacker accessed the systems of American Medical Collection Agency (AMCA) based in Elmsford, NY, a billing collections company. The breach may have resulted to…

A phishing attack on Health Quest resulted to the exposure of the protected health information (PHI) of some patients. The affiliates of Health Quest, namely…

Microsoft issued a patch to correct a critical, wormable flaw found in Remote Desktop Services about two weaks earlier. Yet approximately 1 million devices are…

There are six security advisories involving Siemens Healthineers products. The vulnerabilities have a CVSS v3 score of 9.8 out of 10 and may be linked…

TriHealth, a health system based in Cincinnati, is notifying 2,433 patients because their protected health information (PHI) was impermissibly disclosed to a student mentee. A…

Medford Patients’ PHI Exposed Medford, a Hematology Oncology Associates located in Oregon, had a phishing attack, which caused the email accounts of several Medford employees…

Health records of Today’s Vision patients and employees were found in boxes abandoned in a Texas public dumpster. The documents include highly sensitive information. The…

A recent report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC) revealed that even though majority of hospitals and doctors…

Inmediata, a clearinghouse service provider to healthcare organizations, notified some of its patients in April that their protected health information (PHI) were exposed on the…

Siemens has identified one critical vulnerability and a number of high-severity vulnerabilities in the direct access point of Scalance W1750D. Attackers with a low level…

Cancer Treatment Centers of America (CTCA) experienced another breach of the email account of an employee belonging to its Southeastern Regional Medical Center after responding…

A phishing attack on American Medical Response, a provider of emergency and patient relocation services in Greenwood Village, CO resulted to the access by an…

The sensitive data of 24 female HIV patients were accessed by unauthorized individuals. Even if it’s been over 7 months since the breach was discovered,…

On May 14, 2019, Microsoft issued a patch to correct a ‘wormable’ vulnerability in Windows, which is identical to the vulnerability that attackers exploited in…

Facebook is implementing a few changes to Facebook Group Communities talking about medical conditions. This decision was deemed necessary considering the complaint on Facebook Groups…

The second Senate HELP Committee hearing this week was about the proposed rules for the implementation of the electronic health records provisions of the 21st…

The U.S. Department of Justice charged two Chinese nationals for allegedly instigating the 2015 hacking of Anthem Inc. Fujie Wang, 32 years old, and an…

This is the second time in two months that Spectrum Health Lakeland announced the occurrence of a breach exposing some patients’ protected health information (PHI)….

A former employee of American Indian Health & Services violated HIPAA rules by forwarding to a personal email account the email messages that contain the…

The National institute of Standards and Technology (NIST) announced a request for information (RFI) to get industry stakeholders’ comments regarding the formation of new criteria…

The owner of Bodybuilding.com, a website on bodybuilding and personal fitness, announced a security incident that potentially resulted in the access of customer and employees…

After the breach at Inmediata that resulted to PHI exposure, the provider mailed notification letters to the affected people. But a number of folks submitted…

A February 2019 phishing attack on Baystate Health led to the compromise of the protected health information (PHI) of 12,000 patients. On April 11 Attorney…

A man from Arizona sued Costco for a privacy violation. The lawsuit was dismissed by the trial court but the Court of Appeals overturned the…

A vulnerability was discovered in the Philips Tasy EMR information system. An attacker could exploit the vulnerability and send to the system unexpected data that…

Webpage Misconfiguration Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure…

The medical billing services provider, Doctors’ Management Service Inc. based in Massachusetts, found out on December 24, 2018 the download of malicious software to its…

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information…

Three scientists of MD Anderson Cancer Center, the top cancer research center in the world, were recently fired because of espionage fears after the National…

There were two vulnerabilities found in Fujifilm computed radiography cassette readers. An attacker could exploit these vulnerabilities and access the operating system, implement arbitrary code,…

The King County Superior Court recently approved a $4.7 million settlement to repay people who suffered theft of their personal data from Washington State University…

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees…

A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On…

Centrelake Medical Group, which has 8 medical imaging and oncology centers located in California, is sending notifications to some patients about the exposure of some…

The U.S. Department of Health and Human Services (HHS) is quite slow in implementing the recommendations of the Government Accountability Office (GAO). There are 392…

At the Dublin Tech Summit in Ireland recently, the chief technology officer of Amazon Web Services, Werner Vogels, dispelled security issues concerning cloud computing. After the…

In 2018, the HHS’ Office for Civil Rights (OCR) issued a $4,348,000 civil monetary penalty (CMP) to University of Texas MD Anderson Cancer Center after…

A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems. The cyberattack began on the evening of…

Burrell Behavioral Health notified 67,493 patients regarding the accidental compromise of their healthcare information because of an error at an unnamed business associate in August…

Amazon not long ago introduced a new system that can mark included protected health information (PHI) in medical photos and redact the PHI automatically to…

A phishing attack on Main Line Endoscopy Centers, a group of outpatient endoscopy facilities located in the Bala Cynwyd, Malvern and Media regions of Pennsylvania…

It’s very common to see the use of mobile health apps nowadays. These apps track health metrics to promote healthdul living and so record a…

Sharp HealthCare and Sharp Grossmont Hospital were charged with a lawsuit alleging that the hospital covertly took a video of female patients while undressing and…

The eHealth Initiative Foundation and Manatt Health gave a brief that requires introducing a values framework in order to efficiently protect health data that is…

The HHS’ Centers for Medicare and Medicaid Services (CMS) introduced a compliance review program for assessing the compliance of HIPAA covered entities with the HIPAA…

A class action lawsuit has been filed against the University of Connecticut and UConn Health in behalf of patients for the exposure of their protected…

In the past few days, there were three reports of email system breaches that resulted in the unauthorized access of email accounts that contain protected…

A phishing attack on the Oregon Department of Human Services (ODHS) potentially resulted to the viewing or access of the protected health information (PHI) of…

Gina Graziano, a patient of Northwestern Medicine Regional Medical Group, is suing the medical group for the disclosure of sensitive medial information on Twitter and…

Security researcher Jeremiah Fowler discovered an unsecured healthcare database containing about 37,000 records on March 1, 2019. A brief review of the database revealed that…

Meditab Software Inc., a medical software provider based in Sacramento, CA, and MedPharm Services, its affiliate based in San Juan, PR, had an enormous breach…

U.S. Sens. Cory Gardner (R-CO) and Mark R. Warner (D-VA) are co-chairs of the Senate Cybersecurity Caucus, and Sens. Steve Daines (R-MT) and Maggie Hassan…

Rave Mobile Safety based in Framingham, MA released the findings of its yearly workplace safety and preparedness survey. According to the report, emergency preparedness was…

Check Point researchers demonstrated how it is possible to quickly access IoT medical devices. It serves as a warning not to ignore the security risks…

Audits performed by the HHS’ Office of Inspector General (OIG) showed the HHS Operating Divisions (OPDIVs) to have several safety vulnerabilities. From 2016 to 2017,…

Michigan Attorney General Dana Nessel issued an alert regarding the potential impact of the ransomware attack on Wolverine Solutions Group in Detroit to over 600,000…

Pasquotank-Camden Emergency Medical Services (PCEMS) found out that hackers gained access to its server where its billing system is located. The protected health information (PHI)…

Emerson Hospital located in Concord, MA, is notifying 6,300 patients about the exposure of some of their protected health information (PHI) because of a security…

The most recent Beazley Breach Insights Report states that healthcare is the industry sector most hit by breach incidents. About 41% of all breach reports…

According to the new Moody’s Investors Service Report, four industry sectors face considerable financial risks from cyberattacks. These include the hospitals, market infrastructure providers, banks…

Columbia Surgical Specialists of Spokane located in Washington encountered a ransomware attack, which resulted to the potential access of unauthorized persons to the protected health…

Rush University Medical Center is informing roughly 45,000 patients about the exposure of their protected health information (PHI) because of a data incident that happened…

From March 20, 2019, insurance firms based in Ohio will need to follow Senate Bill 273. This new law requires insurance companies to create and…

UConn Health is informing around 326,000 patients regarding the exposure of some of their personal data because of a phishing attack on several of UConn…

Rutland Regional Medical Center (RRMC) located in Rutland City is the biggest community hospital in the Vermont state. It was discovered that hackers accessed nine…

The FTC received a complaint that was submitted concerning Facebook’s misleading practices. The complaint claims that health-related information disclosed in closed, purportedly anonymous and non-public…

Because businesses and hospitals in Maryland had suffered a large number of ransomware attacks, the new Senate Bill 151 was introduced to increase ransomware attacks…

March 1, 2019 is the deadline for sending the Department of Health and Human Services’ Office for Civil Rights all 2018 data breach reports for…

Paper documents containing patient data was stolen from the vehicle of an employee of Anesthesia Associates of Kansas City on December 14, 2018. A bag…

The United Hospital District based in Blue Earth, MN discovered the exposure of patient information and its potential access by an unauthorized person due to…

An attacker got access to an EyeSouth Partners employee’s email account resulting to the potential viewing or theft of the protected health information (ePHI) of…

Amazon Alexa can be used in the healthcare industry but it is limited because of its non-HIPAA compliance. Although that may change in the near…

Wyoming is looking at repealing the Hospital Records Act of 1991, which was passed to ensure that hospitals are taking steps to protect patient data…

Community Health Systems’ (CHS) is offering compensation to its patients for the theft of their protected health information (PHI) during a cyberattack in 2014. Community…

The Reproductive Medicine and Infertility Associates network was infected by malware, according to an infertility clinic in Woodbury, MN. Although there’s no proof found that…

Roper St. Francis Healthcare based in Charleston, SC experienced a large-scale phishing attack, which allowed the attackers to access 13 employees’ email accounts. Roper St….

The Oregon Health Information Property Act is a proposal that allows patients to give consent to their healthcare providers to sell their health information and…

Becton, Dickinson and Company (BD) has discovered an access control flaw in its BD FACSLyric flow cytometry solution. If an attacker exploits vulnerability, access to…

Verity Health System is a network of 6 hospitals based in Redwood City, California. It has encountered a phishing attack on November 27, 2018 resulting…