Articles by HIPAA Editor

In May 2019, Microsoft announced a critical remote code execution vulnerability in Windows Remote Desktop Services referred to as BlueKeep – CVE-2019-0708. The cybersecurity community…

A security breach has been announced by Brooklyn Hospital Center in New York. The incident that transpired in late July 2019 involved the installation of…

The Department of Health and Human Services’ Office for Civil Rights charged Jackson Health System (JHS) with a civil monetary penalty amounting to $2.15 million….

Due to a data breach on the Palmetto Health website, Prisma Health Midlands is sending breach notifications to around 19,000 patients and 3,000 employees. Prisma…

Healthcare data breaches bring about a lower quality of patient care, as per a study just posted in Health Services Research. Researchers studied data from…

Roger Severino, the HHS’ Office for Civil Rights Director, gave a report on the priorities of OCR’s HIPAA enforcement during the OCR/NIST 11th Annual HIPAA…

The password manager provider LastPass recently conducted a study, which revealed that only 57% of companies make use of multi-factor authentication, despite the fact that…

The Federal Bureau of Investigation gave an alert regarding e-skimming threats, after attacks on SMBs and government institutions increased. E-skimming refers to the adding of…

Because nine companies failed to keep their medical databases secure, the sensitive health information of millions of patients were exposed online. The security researchers at…

There were 36 healthcare data breaches involving over 500 records reported to the Department of Health and Human Services’ Office for Civil Rights in September….

South Texas Dermatopathology is the last identified casualty of the American Medical Collection Agency (AMCA) data breach. It has reported the data breach to the…

Malicious code was found installed on the e-commerce website of Mission Health in Western North Carolina. The malicious code can capture the payment information entered…

A recent Proofpoint report gives information on the cyber threats that healthcare organizations encounter and the most common attacks that result in healthcare data breaches….

Due to a phishing attack on August 7, 2019, UAB Medicine is informing its patients regarding the potential access of a number of employee email…

S.4119/A.230 is a new legislation signed into law on October 7, 2019 by New York Governor Andrew Cuomo. This law forbids first response and ambulance…

The Medical Imaging & Technology Alliance (MITA) has published a new medical device security standard that offers healthcare delivery organizations (HDOs) crucial data regarding risk…

The Philadelphia Department of Public Health (PDPH) found that sensitive data of patients suffering from hepatitis B and hepatitis C were exposed over the web…

Advanced persistent threat (APT) actors are taking advantage of flaws in widely used VPN products provided by FortiGuard, Palo Alto and Pulse Secure to obtain…

Cancer Treatment Centers of America (CTCA) sent notifications to some of its patients after their protected health information (PHI) were exposed due to a phishing…

A recent B2B International survey undertaken on behalf of Kaspersky Lab showed the rise in the average cost of an enterprise-level data breach from $1.23…

9,160 patients from Goshen Health in Indiana received notification about its phishing-related email breach in August 2018 that could have resulted in the potential exposure…

There has been a rise in the volume of business email compromise (BEC) attacks in the U.S. As per Symantec, about 6,029 businesses got BEC…

A ransomware attack on Sarrell Dental in Alabama, is non-profit Children’s dental and optical services provider resulted in the potential compromise of the protected health…

North Florida OB-GYN in Jacksonville, FL learned that hackers got access to particular portions of its computer system that contain personal and medical data of…

Atlantic.net is a HIPAA-compliant hosting company that teamed up with Compliancy Group and its HIPAA-compliance specialists in conducting a webinar on Cybersecurity and HIPAA Compliance….

Sen. Rand Paul, M.D., (R-Kentucky) has presented a new bill that attempts to permanently remove the national patient identifier provision of HIPAA because of the…

Sen. Mark Warner (D-Virginia) wrote a letter to TridentUSA asking for an explanation concerning a breach involving sensitive medical images at MobileXUSA, one of its…

Integration Link, LLC is a provider of virtual Chief Information Security Officers and cybersecurity consultancy services to businesses of varying sizes — small, medium and…

In August, more than 1.5 healthcare data breaches were reported per day. This is the second consecutive month that there are a lot of reported…

Beginning October 1, 2019, health insurance providers and associated services have to notify the Maryland Insurance Administration (MIA) whenever a breach of insureds’ personal information…

Dr. Ulrich Klopfer from Indiana operated three abortion clinics until his license was suspended in 2015. He was found to have taken away fetal remains…

The managed care firm Magellan Health based in Scottsville, AZScottsville, AZ learned that phishing attacks on two of its subsidiaries caused the compromise of the…

Ramsey County has learned that the phishing attack on August 2018 has impacted considerably more persons than originally believed. The number of affected individuals went…

The National Cybersecurity Center of Excellence (NCCoE) published the latest draft NIST mobile device security guidance to aid institutions to reduce the risks brought in…

The draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem was issued by the National Cybersecurity Center of Excellence (NCCoE). The…

A phishing attack on East Central Indiana School Trust (ECIST) is the reason for the compromise of some protected health information (PHI) of more than…

The healthcare sector runs into a lot of phishing attacks. Every week, healthcare organizations report a number of phishing attacks resulting in protected health information…

The Healthcare and Public Health Sector Coordinating Council (HSCC) released guidance on cybersecurity information sharing for healthcare organizations. HSCC is a partnership of over 200…

A new investigation by ProPublica has showcased a growing concern that is encouraging the existing ransomware problem. Insurance providers are preferring to pay ransom demands…

Premier Family Medicine, which is a physician group located in Utah, notified 320,000 patients concerning the potential exposure of their protected health information (PHI) caused…

Massachusetts General Hospital (MGH) found lately that the computer applications used by the researchers of its Department of Neurology was accessed without authorization. The individual…

The Department of Health and Human Services’ Office for Civil Rights (OCR) made an announcement early this year that HIPAA enforcement in 2019 would primarily…

The Secretary of the Department of Health and Human Services (HHS), Alex Azar, has made an announcement placing Puerto Rico and the states of Georgia,…

A phishing attack on NCH Healthcare System, Bonita Springs located in Florida, highlighted how critical it is to train healthcare employees on security awareness. On…

The Swedish software firm Irdeto conducted the Global Connected Industries Cybersecurity Survey, which showed that 82% of healthcare organizations using Internet-of-Things (IoT) devices have encountered…

There is a vulnerability identified in Philips HDI 4000 Ultrasound systems that attackers could exploit to access ultrasound images. Besides stealing information, an attacker could…

Devices of Change Healthcare Cardiology, Horizon Cardiology and McKesson Cardiology were found to have a vulnerability, which a locally authenticated user could exploit to add…

May 2019 had 46 breaches with over 500 records exposed making it the worst month ever since the HHS’ Office for Civil Rights began reporting…

Mount Sinai Hospital discovered the compromise of 33,730 patients’ protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) cyberattack. This…

The number of victims of the American Medical Collection Agency (AMCA) data breach has gone up to about 25 million with one more healthcare organization…

The Office of Management and Budget (OMB) sent in its yearly audit report to Congress about the status of federal agencies’ cybersecurity, as demanded by…

University of California Berkeley, University of San Diego, and Barracuda Networks conducted a recent study, which showed the increasing threat of lateral phishing to healthcare…

Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) is informing 2,943 patients regarding the unauthorized access of a server that contained some of their…

Since January, about 200 breaches involving over 500 records were reported and it seems that 2019 will be another record year when it comes to…

Florida-based Integrated Regional Laboratories (IRL) notified around 30,000 patients concerning the potential compromise of their protected health information (PHI) due to the American Medical Collection…

Michigan Medicine notified about 5,500 of its patients regarding the exposure of some of their protected health information (PHI) because of a phishing attack recently….

Direct Connect Computer Systems, Inc., the technology solution provider based in Cleveland, OH, has proven that it is surely Health Insurance Portability and Accountability Act…

The National Association of Attorneys General (NAAG) told the House and Senate leaders to make improvements to Confidentiality of Substance Use Disorder Patient Records regulations…

Renown Health, which is Northern Nevada’s biggest healthcare provider, has begun notifying some patients about the potential compromise of some of their protected health information…

From 2011 to 2018, the New York Fire Department (FDNY) had used its ambulance to bring over 10,000 EMS patients to the hospital. Due to…

The University of Missouri Health Care (MU Health) is facing a lawsuit over the phishing attack on April 2019. MU Health discovered on May 1,…

A Seattle, WA provider of accredited outpatient, counseling services and mental health treatment, Community Psychiatric Clinic, has encountered two security breaches resulting in the compromise…

A database that contains the personal data of people who were interested in Vascepa®, Amarin Pharma’s cholesterol drug, was exposed on the internet. A third…

The National Institute of Standards and Technology (NIST) has published its latest guide for companies manufacturing Internet of Things (IoT) devices so that they can…

Edgepark Medical Supplies (EMS) learned on May 13, 2019 about the access of an unauthorized person into some accounts of its clients. That person modified…

Presbyterian Healthcare Services in New Mexico is informing about 183,000 patients and health plan members about the exposure of some of their protected health information…

Imperial Health in Southwest Louisiana is a physicians’ network that is announcing the potential compromise of over 111,000 patients’ protected health information (PHI) because of…

Cloud service provider Atlantic.Net, which offers HIPAA-compliant hosting to healthcare businesses, is remembering its 25th year anniversary. The company started as an internet service provider…

Armin’s security researchers discovered 11 vulnerabilities in the real-time operating system of VxWorks, which is widely used in close to 2 billion IoT devices, control…

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released a draft of a mobile device security guidance that aims…

Park DuValle Community Health Center in Louisville, KY encountered a ransomware attack on June 7, 2019. The hackers successfully accessed its network and installed ransomware…

Computer Doc, an IT company based in Indian Trail, NC, is now certified as compliant with the HIPAA Privacy, Security and Breach Notification Rules, the…

The Treasury Department released statistics that show a continual increase of business email compromise (BEC) attacks throughout the last two years. The number of reported…

June is a better month than the last two months in terms of data breaches reported. Compared to the 1.5 healthcare data breaches per day…

More healthcare providers have confirmed that they were affected by American Medical Collection Agency (AMCA) data breach over the last few days. To date, there…

Ransomware attacks increased in the Q2 of 2019, according to Coveware’s new report. Coveware is a ransomware recovery service provider, which helps businesses recover their…

St. Croix Hospice, provides hospice care across the Midwest, discovered that an unauthorized person accessed an employee’s email account and could have viewed patient data….

Clinical Pathology Laboratories based in Texas recently learned that the data breach at American Medical Collection Agency (AMCA) affected its 2.2 million patients potentially compromising…

Premera Blue Cross consented to pay $10 million to resolve a multi-state data breach lawsuit. The 2014 breach impacting 10.4 million records was allegedly due…

An improper authentication vulnerability was found in the devices GE Aestiva and Aespire Anesthesia. Many hospitals all across American generally use these devices. The CVE-2019-10966…

Vitagene is a health tech firm based in San Francisco, CA that offers services of direct-to-consumer DNA-testing. Vitagene accidentally exposed the private and genealogy data…

Adirondack Health in Vermont is informing roughly 25,000 patients about the potential access of some of their protected health information (PHI) by a hacker. The…

Compliancy Group is conducting a webinar for healthcare professionals covering the major threats that the healthcare industry is facing. Compliance experts are going to discuss…

A medical university student filed a legal case against Cabell Huntington Hospital and Marshall University because of the impermissible disclosure of some of his protected…

Several patients of Pardee UNC Health Care are being notified about the potential exposure of their protected health information (PHI) as a result of a…

A Government Accountability Office (GAO) audit recently conducted showed that the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) uses…

Some Sandia National Laboratories researchers discovered that the open software utilized by genomic researchers had a vulnerability. If an attacker exploits this vulnerability, he could…

Summa Health in Akron, Ohio discovered an unauthorized person had accessed four employee email accounts that contain the protected health information (PHI) of patients. Summa…

A data security incident at Dominion National involved the personal data of their clients. Dominion National is an insurance provider, health plan administrator, and administrator…

A patient care coordinator who worked at the University of Pittsburgh Medical Center (UPMC) in the past was sentenced to a one-year jail term for…

The Senate Health, Education, Labor and Pensions (HELP) Committee has okayed a very important bill to HIPAA-covered entities – the Lower Health Care Costs (LHCC)…

The personal data of approximately 5 million people contained in a MongoDB database were exposed on the web. MedicareSupplement.com owns the database containing personal and…

The Department of Health and Human Services’ Office for Civil Rights published new HIPAA guidance for health plans about the proper sharing of protected health…

Franciscan Health based in Mishawaka, IN learned that a former employee accessed the protected health information (PHI) of about 2,200 patients without authorization. During a…

A former staff at a healthcare provider located in Germantown, MD allegedly accessed the protected health information (PHI) of roughly 16,542 patients. The data was…

April had more healthcare data breaches reported when compared with any other month so far. May continued to have a high number of data breaches,…

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health…

A potential breach at Meditab Software Inc. affects two healthcare companies in Maryland. Meditab is a business associate of the two companies providing EMR and…

Statewide Collection Service is a company providing a full-service accounts receivable management and risk assessment to the healthcare sector. The company recently concluded the Compliancy…

Becton Dickinson (BD) discovered two vulnerabilities in some of its infusion pumps. One vulnerability is rated critical severity with a maximum CVSS v3 rating of…