Waste Management Firm Employees PHI Compromised in Data Breach
Due to a a January 2021 cyberattack, USA Waste-Management Resources, LLC has begun getting in touch with a range of internal members of staff and…
Articles by HIPAA News
637,000 Patients Impacted in UNM Health Data Breach
It has been confirmed that an unauthorized third party was able to access the network of UNM Health, possibly obtaining access to and downloading files…
Electromed Inc. Data Breach Suffer Breach Impacted 47,000 Individuals Private Information
A security breach that occurred during June 2021 at Electromed Inc. that involved unauthorized people obtaining access to the groups databases. The New Prague, Michigan…
Cyberattack Impacting 2.41 Million Reported by Wisconsin Dermatology Practice
On June 4, 2021 it was discovered by Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. that unauthorized people had obtained access to…
Data Breach Affecting 2.41 Million Individuals Reported by Wisconsin Dermatology Practice
On June 4, 2021 Forefront Management, LLC and Forefront Dermatology, S.C. discovered that unauthorized access had been obtained to its databases which could have resulted…
Class Action Data Breach Lawsuit Proposed Settlement of $2m Offered by Dominion National
A class action lawsuit filed by those impacted in a 2.96 million-record data breach, discovered in 2019, against Dominion National has resulted in a settlement…
SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals
Service Employees International Union 775 (SEIU 775) Benefits Group, a benefits administrator for home healthcare and nursing home staff, has been infiltrated by a hacking…
HIPAA Security Rule Violations Settled by Clinical Laboratory with OCR for $25,000
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed that a HIPAA breach settlement has been agreed with Peachstate Health…
Are you Breaching HIPAA if you ask an Employee if they had a COVID Vaccine?
Recently there has been a lot of discussion in relation to employers asking their staff if they have had their COVID-19 vaccine and whether enquiring…
420,433 Individuals Impacted by Data Breach at Health Plan of San Joaquin
Health Plan of San Joaquin (HPSJ) has revealed that an unauthorized actor obtained access to its email databases and may have been able to infiltrate…
How Regularly Should HIPAA Training Take Place?
When it come to HIPAA training and how often it should be scheduled both the HIPAA Privacy Rule and HIPAA Security Rule have training provisions…
Californian Healthcare Provider Discovers Patient Data was Exposed on the Internet for Over a Year
It has been discovered that a contractor used by a former vendor of Doctors Medical Center of Modesto (DCM) in California mistakenly breached patient data…
200,000 Washington D.C. Health Plan Members have PHI Stolen
Following a cyberattack in which protected health information was stolen, CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is alerting its impacted clients….
HIPAA Right of Access Case Breach Settlement of $30K for New Jersey Plastic Surgery Clinic
Ridgewood, NJ-based Village Plastic Surgery has reached a HIPAA settlement agreement with the HHS’ Office for Civil Rights to resolve possible violations of the HIPAA…
Gore Medical Management Alerted to 2017 Breach of 79,100 Patients’ PHI
A historic data breach which impacted the protected health information (PHI) of 79,100 clients Gore Medical Management, a medical practice firm located in Griffin, GA,…
How can Hospital Workers Help Prevent HIPAA Violations?
Hospital must adhere with the HIPAA Privacy, Security, and Breach Notifications Rules and put in place security measure to stop HIPAA breaches. However, even with…
Universal Health Services Ransomware Attack Cost $67 Million in 2020
The past 12 months were very year for ransomware attacks on the healthcare sector. One of the worst of these was suffered by the King…
Cochise Eye & Laser Ransomware Attack Impacts Around 100,000 People
A ransomware attack took place on the Sierra Vista, the Arizona-based ophthalmology and optometry supplier Cochise Eye and Laser on January 13, 2021. This attack…
34,000 Patients Impacted by Grand River Medical Group Email Breach
It has been discovered that an unauthorized individual gained access to the email account of an employee at Grand River Medical Group in Dubuque…
Ransomware Attacks Impact Ramsey County & Crisp Regional Health Services
In Ramsey County, MN the County Manager’s Office has begun issuing alerts to 8,687 clients of its Family Health Division ro make them aware that…
Kevin Fu Appointed as First Director of Medical Device Security by FDA
University of Michigan associate professor Kevin Fu has been appointed by the U.S. Food and Drug Administration (FDA) as its first director of medical device…
$5.1m HIPAA Settlement Agreed by PenaltyExcellus Health Plan
Health insurer provider Excellus Health Plan has agreed to pay a $5.1m penalty with the Department of Health and Human Services’ Office for Civil Rights…
HIPAA Penalty Actions by State Attorneys General
In relation to policing compliance with the Health Insurance Portability and Accountability Act Rules state Attorneys General play a major part. State attorneys general have…
45% rise in Healthcare Industry Attacks by Cybercriminals
In the latter half of 2020 the joint CISA, FBI, and HHS cybersecurity advisory issued an alert for the healthcare and public health sectors as…
Disclosures of PHI to Health Information Exchanges under HIPAA: OCR Issues Guidance
The Department of Health and Human Services’ Office for Civil Rights has released new information in relation to the Health Insurance Portability and Accountability Act…
EyeMed Phishing Attack Exposes Tufts Health Plan Members’ PHI
60,545 subscribers to Tufts Health Plan have had their protected health information infiltrated as result of a phishing attack on the vision benefits management firm…
Over 1,000,000 Million Patients Impacted in Dental Care Alliance Data Breach
Dental Care Alliance, LLC, a dental support group with over 320 affiliated dental practices spread across 20 states, has been hacked and the protected health…
Increasing Ragnar Locker Ransomware Activity leads to FBI Warning
Hackers using Ragnar Locker ransomware have increased up their activity and have been focusing on companies and groups in a number of different sectors, according…
University of Cincinnati Medical Center Fined $65,000 for HIPAA Right of Access Failure
The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of…
Ransomware Activity Targeting the Healthcare Sector Provided by ASPR
An update on ransomware activity targeting the healthcare and public health sectors has been released by the HHS’ Office of the Assistant Secretary for Preparedness…
Ransomware Infiltrates Sky Lakes Medical Center & St. Lawrence Health System
An additional two hospitals have been impacted by ransomware attacks that have resulted in their computer networks being offline and medics having to use pen…
Suspected Universal Health Services Ransomware Attack: Senator Warner Seeks Answers
Universal Health Services has revealed the every one of its 250 United States based hospitals are 100% back in action following a suspected ransomware attack….
CyberAttacks Target Magnolia Pediatrics & Accents on Health
PrairieVille is a Magnolia Pediatrics based in LA and is now notifying 12,861 of its patients that a ransomware attack has potentially compromised some of…
Updated Security Risk Assessment Tool made Avail by HHS
A new version of the Security Risk Assessment (SRA) Tool has been released by the Department of Health and Human Services’ Office for Civil Rights….
Improper PHI Access Leads to Dismissal of Montefiore Medical Center Employee
Bronx, New York based Montefiore Medical Center has dismissed a member of staff in relation to the alleged theft of the protected health information of…
HHS Security Risk Assessment Tool Updated
The update to the Security Risk Assessment (SRA) Tool of the Department of Health and Human Services’ Office for Civil Rights (OCR) has been updated…
Thales Wireless IoT Modules Flaw Impacts Millions of Devices
The discovery of a security flaw IoT device components could allow cybercriminals to illegally obtain valuable private data or use the devices in further cyberattacks….
What is Meaningful Use in Relation to the HITECH Act
At the time that the HITECH ACT was passed, 2009, it was referred to as “the most important piece of healthcare legislation to be passed…
Ransomware Attacks Carried out on Four Healthcare Providers & Ventilator Producer
Long Island City, NY-located Boyce Technologies Inc, which produces transport communication systems and recently changed its production facilities to provide ventilators for hospitals during the…
Ban on HHS Funding a National Patient Identifier System Remove by House of Representatives
In Washington, the House of Representatives has voted to remove the ban on the Department of Health and Human Services using federal funds to create…
OCR Sanctions $1M HIPAA Fine on Lifespan for Lack of Encryption
The HHS’ Office for Civil Rights has sanctioned a $1,040,000 HIPAA fine on Lifespan Health System Affiliated Covered Entity (Lifespan ACE) following the discovery of…
HIPAA Security Rule Breach Results in $25,000 for Small North Carolina Healthcare Provider
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of…
What are HIPAA Civil Penalties?
What are the civil penalties for knowingly breaching HIPAA laws? What is the highest possible financial penalty for a HIPAA violation and when are fines…
$25,000 Fine for HIPAA Security Rule Noncompliance Sanctioned against Small North Carolina Healthcare Provider
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of…
Permanent Changes to Telehealth Policies Considered by Senate HELP Committee
The Senate Health, Education, Labor, and Pensions (HELP) Committee is pondering which of the 31 recent amendments to telehealth policies should remain in place when…
Blood and Plasma Donation Contact Guidance in Relation to COVID-19 Patients to Request
When patients suffer from an infectious respiratory disease like COVID-19, the immune system creates antibodies that put in place protection if the pathogen is another…
What are HIPAA Regulations for SMS?
The HIPAA regulations for SMS do not specifically rule out the implementation of a “Short Message Service” to share Protected Health Information (PHI), but they…
2019 Phishing Attack Could Lead to Class Action Lawsuit for Aveanna Healthcare
Healthcare provider Aveanna Healthcare is facing a potential class action lawsuit in relation to a data breach that took place during 2019 which impacted 166,000…
What Are HIPAA Compliance Officer Duties?
The Healthcare Insurance Portability and Accountability Act states that a person (or persons) within a Covered Entity or Business Associate must be given the duties…
HIPAA Violations Lead to Healthcare Workers in Michigan and Illinois Being Sacked
In separate incident employees based in Michigan and Illinois have been fired from their positions due to their involvement in HIPAA violations. At Ann &…
30,132 Patients of Management and Network Services Notified of PHI Breach Notifies
Management and Network Services (MNS), LLC, a Dublin, OH-located supplier of administrative support services to post-acute healthcare providers, has revealed that the email accounts of…
Data Stolen in Magellan Health Ransomware Attack
The Fortune 500 company Magellan Health has announced it experienced a ransomware attack in April that resulted in the encryption of files and theft of…
10,600 Patients Affected in Mille Lacs Health System Phishing Attack
The protected health information of more than 10,000 patients has been impacted in a phishing attack no the Onamia, MN-based Mille Lacs Health System Phishing…
What are the Penalties for Breaking HIPAA Rules?
HIPAA states that covered entities must conduct training for staff to ensure HIPAA Rules and regulations are fully comprehended. As part of this HIPAA training,…
Significant Improvement in Compliance Indicated in Ciitizen HIPAA Right of Access Study
The most recent Patient Record Scorecard Report from Ciitizen has shown that there has been a welcome improvement in compliance with the HIPAA Right of…
HIPAA Compliance Confirmed for Safe Partner Inc.
Compliancy Group has revealed that Safe Partner Inc. has been able to show the establishment of a strong HIPAA compliance program and has successfully completed…
35,529 Saint Francis Healthcare Partners Patients Impacted in Email Breach
Connecticut -based Saint Francis Healthcare Partners is contacting 38,529 patients to make them aware that some of their protected health information may have been obtained…
What are Common HIPAA Business Associate Agreement Failures?
A HIPAA business associate agreement (BAA) is contract between a HIPAA-covered entity and a vendor that is providing a service to that covered entity. They…
Media and Film Crew Given OCR Guidance on Accessing Healthcare Facilities
The HHS’ Office for Civil Rights (OCR) has released guidance to healthcare providers to reinforce the point that the HIPAA Privacy Rule forbids media and…
What are the Most Commonly Witnessed HIPAA Breaches by Healthcare Workers?
Breaches of HIPAA often occur due to a lack of comprehension of HIPAA requirements, particularly in relation to healthcare workers breaching the data privacy legislation….
What is a HIPAA Release Form?
A completed HIPAA release form must be handed over by a patient before their protected health information can be disclosed to other individuals or groups,…
Critical Flaw Still Impacting 82% of Public-Facing Exchange Servers
On February Patch Tuesday, 2020, Microsoft made available a patch for a critical flaw the impacts Microsoft Exchange Servers which could possibly be targeted by…
Andrews Braces Ransomware Attack Impacts PHI of Around 16,600 Patients
The Sparks, NV orthodontics practice, Andrews Braces suffered a ransomware attack on February 14, leading to the encryption of patient data. A resulting investigation determining…
Stockdale Radiology and Affordacare Urgent Care Clinics Report Ransomware Attacks
Stockdale Radiology in California has revealed that patient data has been impacted due to a ransomware attack thsat occurred on January 17, 2020. An internal…
14,795 Washington University School of Medicine Oncology Patients Impacted Due to Phishing
Washington University School of Medicine making 14,795 oncology patients aware that some of their PHI may have been impacted in a phishing attacking during January…
McHenry County Health Department Must Share COVID-19 Patients’ Names to 911 Dispatchers Following Court Ruling
The McHenry County Health Department in Illinois has been refusing to hand over the names of COVID-19 patients to 911 dispatchers to safeguard the privacy…
HIPAA Waiver issued for Good Faith Operation of COVID-19 Community-Based Testing Centers
The HHS has released a Notice of Enforcement Discretion covering healthcare suppliers and business associates that participate in the operation of COVID-19 community-based testing centers….
What is HIPAA Certification?
“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating…
NeoGenomics, Georgia Department of Human Services Suffer Data Breaches
The Georgia Department of Human Services has revealed that employees in Augusta, GA improperly shared of confidential case files that geld the healthcare records of…
What are the 10 Most Common HIPAA Violations?
This article looks into the 10 of the most common HIPAA violations. It should be remember that, in a lot of instances, investigations have found…
Notice of Enforcement Discretion for Business Associates to Allow PHI Disclosures for Public Health and Health Oversight Activities
The Department of Health and Human Services announced, n April 2, 2020, that it will from here on be exercising enforcement discretion and will not…
OCR Issues Guidance on Permissible Sharing of PHI to First Responders During the COVID-19 Pandemic
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has released additional guidance on HIPAA and COVID-19, the disease caused by…
Coronavirus Pandemic HIPAA Guidance on Telehealth Issued by OCR
After the initial announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to the good faith provision of telehealth…
Healthcare Data Breach Report February 2020
During February there were 39 healthcare data breaches of 500 or more records reported and 1,531,855 records were breached, which is the same as a…
Over 70,000 Records May Have been Breached by California Business Associate
Stephan C Dean, the co-owner of the California record storage company Surefile, reported a hacking/IT incident to the HHS’ Office for Civil Rights (OCR) on…
Massive Increase in WHO Hacking Attempts During Current Pandemic
Recent reports have indicated that the World Health Organization has been impacted by a spate of cyber attacks where web pages have been established to…
When Was HIPAA Passed?
On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into…
Multiple Phishing Attacks Reported, Targeting Three Bodies
The Minnesota-based senior care treatment LifeSprk is making contact 9,000 of its clients that some of their protected health information was possibly breach due to…
Five-Year Insider Data Breach Identified at Hawaii Pacific Health
It has been identified that an employee of Hawaii Pacific Health at Straub Medical Center in Honolulu has been snooping on the medical records of…
What are Cyber Threat Information Sharing Best Practices?
The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is…
Is Information Sharing Hindering by HIPAA Rules?
The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare…
First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights
The Department of Health and Human Services’ Office for Civil Rights (OCR) has made public the first HIPAA penalty of 2020. The medical practice of…
How Can I Use Technology in a HIPAA Compliant Manner?
The evolution of technology has made it easier and easier for professionals within the healthcare sector. However, in tandem with this growth so has grown…
January 2020 Healthcare Data Breach Report
Healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate…
Ransomware Attack Hits NRC Health
NRC Health, a supplier of patient survey services and software to over 9,000 healthcare group, including 75% of the biggest hospital networks in the United…
What is PHI?
The term PHI a reference that normally refers to healthcare data, but what does PHI refer to, and what data is the subject of the…
Widespread Improper Use of Medicare Part D Eligibility Verification Transactions Discovered in OIG Audit
A Department of Health and Human Services’ Office of Inspector General (OIG) audit has found that a number of pharmacies and other healthcare providers are…
2019 Healthcare Data Breaches of Fewer than 500 Records to be Reported by February 29
The HIPAA Breach Notification Rule States that data breaches of 500 or greater records to be made known to the Secretary of the Department of…
HIPAA Violation Hits 16,167 Patients Patients at Hospital Sisters Health System
Unauthorized individuals have been gaining access to access emails and email attachments containing the protected health information of 16,167 patients within the Hospital Sisters Health…
Business Associate Data Breach Impacts 654,000 Members of Health Share of Oregon
Oregon’s Medicaid coordinated-care group, Health Share of Oregon, is getting in touch with around 654,000 current and former subscribers to make them aware that a…
Requiring Pharmacies Must Track Partially Filled Prescriptions of Schedule II Drugs Following HHS Issuing Final Rule
The Department of Health and Human Services has released a final rule amending the HIPAA National Council for Prescription Drug Programs (NCPDP) D.0 Telecommunication Standard…
In HIPAA, What is a Limited Data Set Under HIPAA?
A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain…
What is defined as a HIPAA-Covered Entity?
The term “HIPAA Covered Entity” was not actually included in the initial Healthcare Insurance Portability and Accountability Act when it was originally formulated in August…
How Does HIPAA Affect Employers?
Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA…
Personal and Health Data of LabCorp Patients Breached due to Website Error
Security experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system deployed the clinical laboratory network LabCorp….
Why is the HITECH Act Important?
The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – makes up part of an economic stimulus package that was…
Quest Health Systems Locates More Patients Impacted by 2018 Phishing Attack
Health Quest, which now forms part of Nuvance Health, has become aware the phishing attack it experienced in July 2018 was more wide reaching than…
Netherlands has Recorded Most Breach Reports since GDPR became Enforceable
The Dutch Data Protection Authority (DDPA) has recorded the highest number of General Data Protection Regulation (GDPR) breach notifications according to a report published by…
Healthcare Data Breach Report December 2019
There were an increase of 8.57%, from the previous month, of healthcare data breaches reported during December. 38 breaches of 500 or greater records were…
Adventist Health Sonora Reports Phishing Attack
Adventist Health Sonora in California has found out that an unauthorized person has obtained access to the email account of a hospital associate and may…
