Articles by HIPAA Editor

Michigan Medicine notified about 5,500 of its patients regarding the exposure of some of their protected health information (PHI) because of a phishing attack recently….

Direct Connect Computer Systems, Inc., the technology solution provider based in Cleveland, OH, has proven that it is surely Health Insurance Portability and Accountability Act…

The National Association of Attorneys General (NAAG) told the House and Senate leaders to make improvements to Confidentiality of Substance Use Disorder Patient Records regulations…

Renown Health, which is Northern Nevada’s biggest healthcare provider, has begun notifying some patients about the potential compromise of some of their protected health information…

From 2011 to 2018, the New York Fire Department (FDNY) had used its ambulance to bring over 10,000 EMS patients to the hospital. Due to…

The University of Missouri Health Care (MU Health) is facing a lawsuit over the phishing attack on April 2019. MU Health discovered on May 1,…

A Seattle, WA provider of accredited outpatient, counseling services and mental health treatment, Community Psychiatric Clinic, has encountered two security breaches resulting in the compromise…

A database that contains the personal data of people who were interested in Vascepa®, Amarin Pharma’s cholesterol drug, was exposed on the internet. A third…

The National Institute of Standards and Technology (NIST) has published its latest guide for companies manufacturing Internet of Things (IoT) devices so that they can…

Edgepark Medical Supplies (EMS) learned on May 13, 2019 about the access of an unauthorized person into some accounts of its clients. That person modified…

Presbyterian Healthcare Services in New Mexico is informing about 183,000 patients and health plan members about the exposure of some of their protected health information…

Imperial Health in Southwest Louisiana is a physicians’ network that is announcing the potential compromise of over 111,000 patients’ protected health information (PHI) because of…

Cloud service provider Atlantic.Net, which offers HIPAA-compliant hosting to healthcare businesses, is remembering its 25th year anniversary. The company started as an internet service provider…

Armin’s security researchers discovered 11 vulnerabilities in the real-time operating system of VxWorks, which is widely used in close to 2 billion IoT devices, control…

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released a draft of a mobile device security guidance that aims…

Park DuValle Community Health Center in Louisville, KY encountered a ransomware attack on June 7, 2019. The hackers successfully accessed its network and installed ransomware…

Computer Doc, an IT company based in Indian Trail, NC, is now certified as compliant with the HIPAA Privacy, Security and Breach Notification Rules, the…

The Treasury Department released statistics that show a continual increase of business email compromise (BEC) attacks throughout the last two years. The number of reported…

June is a better month than the last two months in terms of data breaches reported. Compared to the 1.5 healthcare data breaches per day…

More healthcare providers have confirmed that they were affected by American Medical Collection Agency (AMCA) data breach over the last few days. To date, there…

Ransomware attacks increased in the Q2 of 2019, according to Coveware’s new report. Coveware is a ransomware recovery service provider, which helps businesses recover their…

St. Croix Hospice, provides hospice care across the Midwest, discovered that an unauthorized person accessed an employee’s email account and could have viewed patient data….

Clinical Pathology Laboratories based in Texas recently learned that the data breach at American Medical Collection Agency (AMCA) affected its 2.2 million patients potentially compromising…

Premera Blue Cross consented to pay $10 million to resolve a multi-state data breach lawsuit. The 2014 breach impacting 10.4 million records was allegedly due…

An improper authentication vulnerability was found in the devices GE Aestiva and Aespire Anesthesia. Many hospitals all across American generally use these devices. The CVE-2019-10966…

Vitagene is a health tech firm based in San Francisco, CA that offers services of direct-to-consumer DNA-testing. Vitagene accidentally exposed the private and genealogy data…

Adirondack Health in Vermont is informing roughly 25,000 patients about the potential access of some of their protected health information (PHI) by a hacker. The…

Compliancy Group is conducting a webinar for healthcare professionals covering the major threats that the healthcare industry is facing. Compliance experts are going to discuss…

A medical university student filed a legal case against Cabell Huntington Hospital and Marshall University because of the impermissible disclosure of some of his protected…

Several patients of Pardee UNC Health Care are being notified about the potential exposure of their protected health information (PHI) as a result of a…

A Government Accountability Office (GAO) audit recently conducted showed that the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) uses…

Some Sandia National Laboratories researchers discovered that the open software utilized by genomic researchers had a vulnerability. If an attacker exploits this vulnerability, he could…

Summa Health in Akron, Ohio discovered an unauthorized person had accessed four employee email accounts that contain the protected health information (PHI) of patients. Summa…

A data security incident at Dominion National involved the personal data of their clients. Dominion National is an insurance provider, health plan administrator, and administrator…

A patient care coordinator who worked at the University of Pittsburgh Medical Center (UPMC) in the past was sentenced to a one-year jail term for…

The Senate Health, Education, Labor and Pensions (HELP) Committee has okayed a very important bill to HIPAA-covered entities – the Lower Health Care Costs (LHCC)…

The personal data of approximately 5 million people contained in a MongoDB database were exposed on the web. MedicareSupplement.com owns the database containing personal and…

The Department of Health and Human Services’ Office for Civil Rights published new HIPAA guidance for health plans about the proper sharing of protected health…

Franciscan Health based in Mishawaka, IN learned that a former employee accessed the protected health information (PHI) of about 2,200 patients without authorization. During a…

A former staff at a healthcare provider located in Germantown, MD allegedly accessed the protected health information (PHI) of roughly 16,542 patients. The data was…

April had more healthcare data breaches reported when compared with any other month so far. May continued to have a high number of data breaches,…

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health…

A potential breach at Meditab Software Inc. affects two healthcare companies in Maryland. Meditab is a business associate of the two companies providing EMR and…

Statewide Collection Service is a company providing a full-service accounts receivable management and risk assessment to the healthcare sector. The company recently concluded the Compliancy…

Becton Dickinson (BD) discovered two vulnerabilities in some of its infusion pumps. One vulnerability is rated critical severity with a maximum CVSS v3 rating of…

Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., encountered a phishing attack, which caused the protected health information (PHI) of 87,000 plan members…

Amy Pertuit from Alabama received $300,000 in damages for the illegal access and disclosure of her protected health information (PHI) to a third party by…

The Government Accountability Office (GAO) just published the results of an audit involving all federal government systems running on legacy operating systems. The purpose of…

Healthcare Cyber Heists in 2019 had compiled information from 20 industry leading CISOs, which include the cyberattacks they experienced in the past year, the strategies…

Since the news about the huge data breach at American Medical Collection Agency (AMCA) went out, there is now over a dozen lawsuits filed by…

Mercy Health found out that some of its patient data were uploaded to a private server used for online appointment scheduling, electronic doctor’s office check-ins…

The American Medical Collections Agency (AMCA) data breach victims has now gone over 20 million with the confirmation of another healthcare organization that it was…

An updated Oregon breach notification laws had been approved. The update included the following: expanded definition of consumer data, modified the meaning of covered entity,…

Coffey Health System agreed to settle alleged violations of the False Claims and HITECH Acts by paying $250,000 to the U.S. Department of Justice. The…

There have been massive data breaches recently including the 11.9 million records breach at Quest Diagnostics and the 7.7 million records breach at LabCorp. Now,…

A hacker accessed the systems of American Medical Collection Agency (AMCA) based in Elmsford, NY, a billing collections company. The breach may have resulted to…

A phishing attack on Health Quest resulted to the exposure of the protected health information (PHI) of some patients. The affiliates of Health Quest, namely…

Microsoft issued a patch to correct a critical, wormable flaw found in Remote Desktop Services about two weaks earlier. Yet approximately 1 million devices are…

There are six security advisories involving Siemens Healthineers products. The vulnerabilities have a CVSS v3 score of 9.8 out of 10 and may be linked…

TriHealth, a health system based in Cincinnati, is notifying 2,433 patients because their protected health information (PHI) was impermissibly disclosed to a student mentee. A…

Medford Patients’ PHI Exposed Medford, a Hematology Oncology Associates located in Oregon, had a phishing attack, which caused the email accounts of several Medford employees…

Health records of Today’s Vision patients and employees were found in boxes abandoned in a Texas public dumpster. The documents include highly sensitive information. The…

A recent report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC) revealed that even though majority of hospitals and doctors…

Inmediata, a clearinghouse service provider to healthcare organizations, notified some of its patients in April that their protected health information (PHI) were exposed on the…

Siemens has identified one critical vulnerability and a number of high-severity vulnerabilities in the direct access point of Scalance W1750D. Attackers with a low level…

Cancer Treatment Centers of America (CTCA) experienced another breach of the email account of an employee belonging to its Southeastern Regional Medical Center after responding…

A phishing attack on American Medical Response, a provider of emergency and patient relocation services in Greenwood Village, CO resulted to the access by an…

The sensitive data of 24 female HIV patients were accessed by unauthorized individuals. Even if it’s been over 7 months since the breach was discovered,…

On May 14, 2019, Microsoft issued a patch to correct a ‘wormable’ vulnerability in Windows, which is identical to the vulnerability that attackers exploited in…

Facebook is implementing a few changes to Facebook Group Communities talking about medical conditions. This decision was deemed necessary considering the complaint on Facebook Groups…

The second Senate HELP Committee hearing this week was about the proposed rules for the implementation of the electronic health records provisions of the 21st…

The U.S. Department of Justice charged two Chinese nationals for allegedly instigating the 2015 hacking of Anthem Inc. Fujie Wang, 32 years old, and an…

This is the second time in two months that Spectrum Health Lakeland announced the occurrence of a breach exposing some patients’ protected health information (PHI)….

A former employee of American Indian Health & Services violated HIPAA rules by forwarding to a personal email account the email messages that contain the…

The National institute of Standards and Technology (NIST) announced a request for information (RFI) to get industry stakeholders’ comments regarding the formation of new criteria…

The owner of Bodybuilding.com, a website on bodybuilding and personal fitness, announced a security incident that potentially resulted in the access of customer and employees…

After the breach at Inmediata that resulted to PHI exposure, the provider mailed notification letters to the affected people. But a number of folks submitted…

A February 2019 phishing attack on Baystate Health led to the compromise of the protected health information (PHI) of 12,000 patients. On April 11 Attorney…

A man from Arizona sued Costco for a privacy violation. The lawsuit was dismissed by the trial court but the Court of Appeals overturned the…

A vulnerability was discovered in the Philips Tasy EMR information system. An attacker could exploit the vulnerability and send to the system unexpected data that…

Webpage Misconfiguration Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure…

The medical billing services provider, Doctors’ Management Service Inc. based in Massachusetts, found out on December 24, 2018 the download of malicious software to its…

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information…

Three scientists of MD Anderson Cancer Center, the top cancer research center in the world, were recently fired because of espionage fears after the National…

There were two vulnerabilities found in Fujifilm computed radiography cassette readers. An attacker could exploit these vulnerabilities and access the operating system, implement arbitrary code,…

The King County Superior Court recently approved a $4.7 million settlement to repay people who suffered theft of their personal data from Washington State University…

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees…

A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On…

Centrelake Medical Group, which has 8 medical imaging and oncology centers located in California, is sending notifications to some patients about the exposure of some…

The U.S. Department of Health and Human Services (HHS) is quite slow in implementing the recommendations of the Government Accountability Office (GAO). There are 392…

At the Dublin Tech Summit in Ireland recently, the chief technology officer of Amazon Web Services, Werner Vogels, dispelled security issues concerning cloud computing. After the…

In 2018, the HHS’ Office for Civil Rights (OCR) issued a $4,348,000 civil monetary penalty (CMP) to University of Texas MD Anderson Cancer Center after…

A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems. The cyberattack began on the evening of…

Burrell Behavioral Health notified 67,493 patients regarding the accidental compromise of their healthcare information because of an error at an unnamed business associate in August…

Amazon not long ago introduced a new system that can mark included protected health information (PHI) in medical photos and redact the PHI automatically to…

A phishing attack on Main Line Endoscopy Centers, a group of outpatient endoscopy facilities located in the Bala Cynwyd, Malvern and Media regions of Pennsylvania…