In relation to policing compliance with the Health Insurance Portability and Accountability Act Rules state Attorneys General play a major part. State attorneys general have been given the power to initiate civil proceeding on behalf of state residents who have been affected by breaches of the HIPAA Privacy and Security Rules in the Health Information … Read more
In the latter half of 2020 the joint CISA, FBI, and HHS cybersecurity advisory issued an alert for the healthcare and public health sectors as a result of a recorded increase in ransomware attacks. It revealed that these sectors were being concentrated on by ransomware operators and many cyber criminal groups had increased their level … Read more
The Department of Health and Human Services’ Office for Civil Rights has released new information in relation to the Health Insurance Portability and Accountability Act (HIPAA) Rules governing the sharing of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). An HIE is classified … Read more
60,545 subscribers to Tufts Health Plan have had their protected health information infiltrated as result of a phishing attack on the vision benefits management firm EyeMed. The phishing attack happened in June 2020 and was identified by EyeMed on July 1, 2020. Access to the breached account was shut down the same day. EyeMed alerted … Read more
Dental Care Alliance, LLC, a dental support group with over 320 affiliated dental practices spread across 20 states, has been hacked and the protected health information of more than a million individuals has possibly been infiltrated. The breach happened on September 18, 2020, was detected on October 11, and was closed off on October 13. … Read more
Hackers using Ragnar Locker ransomware have increased up their activity and have been focusing on companies and groups in a number of different sectors, according to a recent private sector alert released by the Federal Bureau of Investigation (FBI). Ragnar Locker ransomware was first discovered by security experts during April 2019, with the first identified … Read more
The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of Access enforcement initiative. In 2019, OCR revealed a new drive to ensure individuals are allowed timely access to their health records, at a reasonable cost, as mandated by the HIPAA … Read more
An update on ransomware activity targeting the healthcare and public health sectors has been released by the HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) saying, “At this time, we consider the threat to be credible, ongoing, and persistent.” Last month, a joint alert was released by the Cybersecurity and Infrastructure Security … Read more
An additional two hospitals have been impacted by ransomware attacks that have resulted in their computer networks being offline and medics having to use pen and paper to record patient details. These ransomware attacks took place on Tuesday, October 27, 2020 at Sky Lakes Medical Center in Klamath Falls, OR and St. Lawrence Health System … Read more
Universal Health Services has revealed the every one of its 250 United States based hospitals are 100% back in action following a suspected ransomware attack. The attack in question took down its systems for a period of three weeks. The attack began some time around September 27, 2020. All systems were back online by October … Read more
PrairieVille is a Magnolia Pediatrics based in LA and is now notifying 12,861 of its patients that a ransomware attack has potentially compromised some of their protected health information around March 26th, 2020. This sudden attack was first investigated by the companies IT vendor, LaCompuTech, which figured that only its master boot record had been … Read more
A new version of the Security Risk Assessment (SRA) Tool has been released by the Department of Health and Human Services’ Office for Civil Rights. The SRA tool was created by the Office of the National Coordinator for Health Information Technology (ONC) in collaboration with OCR to assist small- to medium-sized healthcare providers comply with … Read more
Bronx, New York based Montefiore Medical Center has dismissed a member of staff in relation to the alleged theft of the protected health information of what is estimated to be 4,000 clients. The Montefiore Medical Center discovered a possible internal HIPAA data breach back in July of this year. The organization then moved quickly to … Read more
The update to the Security Risk Assessment (SRA) Tool of the Department of Health and Human Services’ Office for Civil Rights (OCR) has been updated and made available this week. Initially developed by the Office of the National Coordinator for Health Information Technology (ONC) – in collaboration with OCR – this tool assists small-to-medium sized … Read more
The discovery of a security flaw IoT device components could allow cybercriminals to illegally obtain valuable private data or use the devices in further cyberattacks. More than 30,000 businesses use Thales components in products that perform a number of different functions in sectors including energy, telecommunications, and healthcare. The flaw is present in the Cinterion … Read more
At the time that the HITECH ACT was passed, 2009, it was referred to as “the most important piece of healthcare legislation to be passed in the last 20 to 30 years.” Along with an program that sought to create a digital version of all US citizen’s health information inside of five years, it created … Read more
Long Island City, NY-located Boyce Technologies Inc, which produces transport communication systems and recently changed its production facilities to provide ventilators for hospitals during the pandemic, has been targeted with DoppelPaymer ransomware. Data was illegally taken before file encryption and a sample of the stolen data has been published on the threat actor’s blog. The … Read more
In Washington, the House of Representatives has voted to remove the ban on the Department of Health and Human Services using federal funds to create a national patient identifier system. The Health Insurance Portability and Accountability Act (HIPAA) called for the creation of a national patient identifier system. As the name suggests, a national patient … Read more
The HHS’ Office for Civil Rights has sanctioned a $1,040,000 HIPAA fine on Lifespan Health System Affiliated Covered Entity (Lifespan ACE) following the discovery of systemic noncompliance with the HIPAA legislation. Lifespan is a not-for-profit health system located in Rhode Island that has many healthcare supplier affiliates in the State. On April 21, 2017, a … Read more
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of the HIPAA Security Rule. Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that supplies integrated medical, dental, behavioral health & pharmacy services for adults and children. … Read more
What are the civil penalties for knowingly breaching HIPAA laws? What is the highest possible financial penalty for a HIPAA violation and when are fines applied? In this post we address these questions and explain about the penalties for violating HIPAA legislation. The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation the polices … Read more
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of the HIPAA Security Rule. Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that supplies integrated medical, dental, behavioral health & pharmacy services for adults and children. … Read more
The Senate Health, Education, Labor, and Pensions (HELP) Committee is pondering which of the 31 recent amendments to telehealth policies should remain in place when the COVID-19 national public health emergency concludes. The temporary changes to policies on telehealth have acted to expand access during the COVID-19 public health emergency. These changes were required to … Read more
When patients suffer from an infectious respiratory disease like COVID-19, the immune system creates antibodies that put in place protection if the pathogen is another time. These antibodies, in the blood of patients who recover from such an illness, are invaluable as they have the ability to provide protection for the patient and also for … Read more
The HIPAA regulations for SMS do not specifically rule out the implementation of a “Short Message Service” to share Protected Health Information (PHI), but they do stata that specific conditions have to be in place before using SMS to communicate PHI is HIPAA compliant. The majority of SMS messages are not HIPAA compliant. This is … Read more
Healthcare provider Aveanna Healthcare is facing a potential class action lawsuit in relation to a data breach that took place during 2019 which impacted 166,000 patients. Aveanna Healthcare is a supplier of healthcare services to adults and children in 23 states and is the biggest provider of pediatric home care in the United States. In … Read more
The Healthcare Insurance Portability and Accountability Act states that a person (or persons) within a Covered Entity or Business Associate must be given the duties of a HIPAA Compliance Officer. This may be a current employee or a new position can be introduced to meet the requirement. It is even possible to outsource the duties … Read more
In separate incident employees based in Michigan and Illinois have been fired from their positions due to their involvement in HIPAA violations. At Ann & Robert H. Lurie Children’s Hospital of Chicago an employee was fired for improperly accessing the medical records of patients without authorization during a time period of 15 months. The privacy … Read more
Management and Network Services (MNS), LLC, a Dublin, OH-located supplier of administrative support services to post-acute healthcare providers, has revealed that the email accounts of some of its employees have been infiltrated. In a May 4, 2020 breach notification letter, MNS said that it became aware sometime around August 21, 2019 that a number of … Read more
The Fortune 500 company Magellan Health has announced it experienced a ransomware attack in April that resulted in the encryption of files and theft of some employee information. The ransomware attack was detected by Magellan Health on April 11, 2020 when files were encrypted on its systems. The investigation into the attack revealed the attacker … Read more
The protected health information of more than 10,000 patients has been impacted in a phishing attack no the Onamia, MN-based Mille Lacs Health System Phishing emails were shared to a number of its employees that included directing them to a website that requested their email details. A small number of employees were tricked by the … Read more
HIPAA states that covered entities must conduct training for staff to ensure HIPAA Rules and regulations are fully comprehended. As part of this HIPAA training, healthcare staff must learn the possible penalties for HIPAA breaches. If you break HIPAA Rules fours things may happen. Firstly, the violation could be managed internally by an employer. Secondly, … Read more
The most recent Patient Record Scorecard Report from Ciitizen has shown that there has been a welcome improvement in compliance with the HIPAA Right of Access. In gathering data for the report, Ciitizen survueyed 820 healthcare providers to assess how well each responded to patient requests for copies of their healthcare data. A wide spectrum … Read more
Compliancy Group has revealed that Safe Partner Inc. has been able to show the establishment of a strong HIPAA compliance program and has successfully completed its proprietary 6-stage HIPAA risk analysis and remediation structure. Safe Partner Inc. is a Belmont, CA-based boutique software development and consulting company that supplies a complete range of software services, … Read more
Connecticut -based Saint Francis Healthcare Partners is contacting 38,529 patients to make them aware that some of their protected health information may have been obtained by cybercriminals due to a “sophisticated cybersecurity incident” that allowed an unauthorized person to gain access to its email system. The attack took place on December 30, 2019 but it … Read more
A HIPAA business associate agreement (BAA) is contract between a HIPAA-covered entity and a vendor that is providing a service to that covered entity. They are very common in the healthcare sector yet, despite this, there are often mistakes made by HIPAA-covered entities when they are completing a BAA. A signed HIPAA business associate agreement … Read more
The HHS’ Office for Civil Rights (OCR) has released guidance to healthcare providers to reinforce the point that the HIPAA Privacy Rule forbids media and film crews entering healthcare facilities where patients’ protected health information is accessible unless prior written authorization has been obtained from the patients who may be involved. A public health emergency … Read more
Breaches of HIPAA often occur due to a lack of comprehension of HIPAA requirements, particularly in relation to healthcare workers breaching the data privacy legislation. No matter how serious the nature of the HIPAA breach is perceived, they can still result in a major amount of damage to the patient(s) and employers – even ended … Read more
If your organization is required to comply with the HIPAA Privacy Rule, a valid HIPAA release form must be obtained from an individual before their protected health information can be used or disclosed for a purpose not permitted by the Privacy Rule. The HIPAA Privacy Rule (45 CFR §164.500-534) became effective on April 14, 2001. … Read more
On February Patch Tuesday, 2020, Microsoft made available a patch for a critical flaw the impacts Microsoft Exchange Servers which could possibly be targeted by hackers to take full control of a vulnerable system. Despite Microsoft warning that the flaw would be attractive to hackers, patching has not been a quick process. An analysis carried … Read more
The Sparks, NV orthodontics practice, Andrews Braces suffered a ransomware attack on February 14, leading to the encryption of patient data. A resulting investigation determining the ransomware was placed on their systems the previous day. The practice brought in a third-party forensic investigator to assess the scope and extent of the attack and determine whether … Read more
Stockdale Radiology in California has revealed that patient data has been impacted due to a ransomware attack thsat occurred on January 17, 2020. An internal review confirmed that the hackers obtained access to patients’ first and last names, addresses, refund logs, and personal health information, including doctor’s notes. Stockdale Radiology said a small number of … Read more
Washington University School of Medicine making 14,795 oncology patients aware that some of their PHI may have been impacted in a phishing attacking during January 2020.A hacker obtained access to the email account of a research supervisor in the Division of Oncology during January after a reply was sent to a phishing email. The group … Read more
The McHenry County Health Department in Illinois has been refusing to hand over the names of COVID-19 patients to 911 dispatchers to safeguard the privacy of patients, as is the case with patients that have contracted other infectious diseases including HIV and hepatitis. The Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule allows sharing … Read more
The HHS has released a Notice of Enforcement Discretion covering healthcare suppliers and business associates that participate in the operation of COVID-19 community-based testing centers. Under the terms of the Notice of Enforcement discretion, the HHS will not apply penalties in connection with good faith participation in the operation of COVID-19 community-based testing centers. The … Read more
“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating a person or group has undergone some level of training towards HIPAA compliance. The Department of Health and Human Services has released a statement on its website to the effect … Read more
The Georgia Department of Human Services has revealed that employees in Augusta, GA improperly shared of confidential case files that geld the healthcare records of individuals who received services from the Division of Family & Children Services (DFCS) before June 12, 2017 and people who received services from the Division of Aging Services (DAS) before … Read more
This article looks into the 10 of the most common HIPAA violations. It should be remember that, in a lot of instances, investigations have found multiple HIPAA violations during one breach. The settlement amounts reflect the seriousness of the breach, the duration the violation has been allowed to persist, the number of violations discovered, and … Read more
The Department of Health and Human Services announced, n April 2, 2020, that it will from here on be exercising enforcement discretion and will not sanction HIPAA penalties against healthcare suppliers or their business associates for good faith uses and disclosures of protected health information (PHI) by business associates for public health and health oversight … Read more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has released additional guidance on HIPAA and COVID-19, the disease caused by the 2019 Novel Coronavirus, SARS-CoV-2. The new guidance document provides examples of allowable disclosures of protected health information (PHI) by covered groups under the HIPAA Privacy Rule to help make … Read more
After the initial announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency has restrictions removed, OCR has released guidance on telehealth and remote communications. Telehealth is classified by the HHS’ Health Resources and Services … Read more
During February there were 39 healthcare data breaches of 500 or more records reported and 1,531,855 records were breached, which is the same as a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. There was a higher number of records breached in February than in the past three months pu … Read more
Stephan C Dean, the co-owner of the California record storage company Surefile, reported a hacking/IT incident to the HHS’ Office for Civil Rights (OCR) on March 4, 2020 affecting more than 70,000 clients. Stephan Dean and his wife have been conducting in a long running legal dispute with Kaiser Permanente over the return and destruction … Read more
Recent reports have indicated that the World Health Organization has been impacted by a spate of cyber attacks where web pages have been established to try and trick staff members into handing over passwords at the height of the COVID-19 Pandemic. An attorney for New York-based cybersecurity experts Blackstone Law Group, Alexander Urbelis, was the … Read more
On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into legislature. At first it envisaged that HIPAA would enhance the portability and continuity of health insurance coverage, especially for employees that were moving from job to job. In addition to … Read more
The Minnesota-based senior care treatment LifeSprk is making contact 9,000 of its clients that some of their protected health information was possibly breach due to a November 2019 phishing attack. On January 17, 2020, Lifesprk found out that an unauthorized person had logged into the email account of one of its employees. The account was … Read more
It has been identified that an employee of Hawaii Pacific Health at Straub Medical Center in Honolulu has been snooping on the medical records of patients over a duration longer than five years. Hawaii Pacific Health noticed the unauthorized access on January 17, 2020 and began a review. An analysis of access logs revealed the … Read more
The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is aimed at allowing healthcare organizations develop, implement, and maintain a successful cyber threat information sharing program to minimize cyber risk. The new document adds to earlier published guidance – the Health Industry … Read more
The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare providers to provide patient treatment. HHS is seeking comments from the public and healthcare sector stakeholders on any provisions of HIPAA Rules which are discouraging or restricting coordinated care and … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has made public the first HIPAA penalty of 2020. The medical practice of Steven A. Porter, M.D., has committed to paying a fine of $100,000 to account for a number of possible HIPAA Security Rule breaches and has also agreed to implementing a … Read more
The evolution of technology has made it easier and easier for professionals within the healthcare sector. However, in tandem with this growth so has grown the importance to ensure the private health information (PHI) the is being sent is 100% secure and is being handled in a manner that is compliant with HIPAA legislation. The … Read more
Healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate of more than one a day throughout January. 2019 was a very bad year for healthcare data breaches with 510 data breaches made known by HIPAA-covered entities and their business … Read more
NRC Health, a supplier of patient survey services and software to over 9,000 healthcare group, including 75% of the biggest hospital networks in the United States and Canada, suffered a ransomware attack on February 11, 2020 that impacted some of its computing systems. NRC Health quickly implemented steps to control the harm caused and shut … Read more
A Department of Health and Human Services’ Office of Inspector General (OIG) audit has found that a number of pharmacies and other healthcare providers are improperly using Medicare beneficiaries’ private information. The audit was conducted at the behest of the HHS’ Centers for Medicare and Medicaid Services (CMS) in order to ascertain if inappropriate access … Read more
The HIPAA Breach Notification Rule States that data breaches of 500 or greater records to be made known to the Secretary of the Department of Health and Human Services mo more than 60 days after the breach was first identified. Breaches of less than 500 records can be made known to the Secretary at any … Read more
Unauthorized individuals have been gaining access to access emails and email attachments containing the protected health information of 16,167 patients within the Hospital Sisters Health System. It was recently discovered that a HIPAA-violating email security breach took place during August 2019. A 15-hospital health system serving patients in Illinois and Wisconsin, Hospital Sisters Health System … Read more
Oregon’s Medicaid coordinated-care group, Health Share of Oregon, is getting in touch with around 654,000 current and former subscribers to make them aware that a portion of their protected health information (PHI) was saved on a laptop computer which was illegally taken from its transportation vendor, GridWorks. GridWorks was hired to operate Health Share’s Ride … Read more
The Department of Health and Human Services has released a final rule amending the HIPAA National Council for Prescription Drug Programs (NCPDP) D.0 Telecommunication Standard that requires pharmacies to record partially filled prescriptions for Schedule II drugs. The modification is an element of HHS efforts to control opioid abuse in the United States and will … Read more
A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain entities for research aims, public health activities, and healthcare operations without earlier obtaining authorization from patients, if certain conditions are adhered to. Different to, to de-identified protected health information, which … Read more
The term “HIPAA Covered Entity” was not actually included in the initial Healthcare Insurance Portability and Accountability Act when it was originally formulated in August 1996. The term first came to light during the HHR´s proposed HIPAA Privacy Rule when the Rule was made available for public comments in November 1999 and subsequently published after … Read more
Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA Privacy Rule. The HIPAA Privacy Rule is one of the most complex legislative acts impacting the healthcare sector. As the objectives to standardize how individually identifiable personal information is protected … Read more
Security experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system deployed the clinical laboratory network LabCorp. While the system was password protected, the experts identified a flaw in the part of the system that extracted patient files from the back-end system. The flaw meant that patient … Read more
The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – makes up part of an economic stimulus package that was established during the Obama administration: known as the American Recovery and Reinvestment Act of 2009 (ARRA). Before the HITECH Act was passed in 2008, only 10% of hospitals had implemented … Read more
Health Quest, which now forms part of Nuvance Health, has become aware the phishing attack it experienced in July 2018 was more wide reaching than first thought. Many employees were fooled and shared their email credentials by phishing emails, which allowed unauthorized individuals to access their accounts. A well known cybersecurity firm was engaged to … Read more
The Dutch Data Protection Authority (DDPA) has recorded the highest number of General Data Protection Regulation (GDPR) breach notifications according to a report published by law firm DLA Piper. DLA Piper has revealed that the Dutch regulators have been made aware of potential GDOR breaches since the legislation became enforceable on May 25 2018. The … Read more
There were an increase of 8.57%, from the previous month, of healthcare data breaches reported during December. 38 breaches of 500 or greater records were made known to the Department of Health and Human Services’ Office for Civil Rights in December 2019. While the number of breaches was one the rise, there was a major … Read more
Adventist Health Sonora in California has found out that an unauthorized person has obtained access to the email account of a hospital associate and may have seen patient information. The email account breach was first noticed by Adventist Health Sonora’s information security team on September 30, 2019. Swift action was taken to safeguard the compromised … Read more
If you wish to use Gmail in a HIPAA fashion then you must ensure that the email platform is 100% secure and adheres to the minimum standards for security laid down in the HIPAA Security Rule. A covered entity would be required to enter into a business associate agreement with Google covering Gmail, as Google … Read more
On January 1, 2020, the California Consumer Protection Act (CCPA) came became enforceable. CCPA enhanced privacy security for state residents and gave Californians new rights in relation to their personal data. Healthcare data governed by the Health Insurance Portability and Accountability Act (HIPAA) Rules and California’s Confidentiality of Medical Information Act (CMIA) were exempted from … Read more
Most group health plan sponsors are not fully adhering to the Health Insurance Portability and Accountability Act Rules, according to a recently published by the integrated HR and advantages consulting, technology, and administration services firm, Buck. The survey uncovered many areas where group health plan sponsors are not complying and showed many group health plan … Read more
HIPAA carries a big impact for healthcare providers, health plans, healthcare clearinghouses, and business associates of those HIPAA-governed bodies entities but how does HIPAA impact schools and educational institutions? Previously we looked into how HIPAA applies to schools and how the Health Insurance Portability and Accountability Act intersects with the Family Educational Rights and Privacy … Read more
Native American Rehabilitation Association of the Northwest, Inc., (NARA) a Portland, OR-based supplier of education, physical and mental health services and substance abuse treatment services to native Americans, is making contact with clients in relation to a malware infection that may have allowed unauthorized people to obtain to gain access to their protected health information. … Read more
50,000 patients of Alexandria, MN-based Alomere Health are being contacted to advise them that a portion of their protected health information was potentially accessed by unauthorized people due to a phishing attack. Alomere Health first became aware of out the phishing attack on November 6, 2019 and kicked off an internal investigation which confirmed the … Read more
If Gmail is to be deemed HIPAA compliant, Google would have to see to it that the service provided is 100% secure and adheres with the minimum requirements for security laid down in the HIPAA Security Rule. A business associate agreement must have been signed by a covered entity and Google covering Gmail, as Google … Read more
Within the healthcare sector there has been a massive shift in the last 10-15 years towards sharing Private health Information digitally to many different clients and business partners. With the proliferation of digital Cloud storage lets there is an opportunity for HIPAA-governed bodies to move huge quantities of data and file to cloud storage. This … Read more
If HIPAA rules are breached on purpose or by accident the financial implications can be massive. Even if a breach is discovered but you do not adhere to the HIPAA notification rule you could still be subjects to sanctions. There are other associated, and immeasurable, costs linked to HIPAA violations. Chief among these is the … Read more
Google and its parent company Alphabet are being targeting to release details regarding how the protected health information (PHI) of patients of Ascension will be shared, and the processes that will be used to see to it that PHI is secured and unauthorized access cannot take place. The partnership formed between Google and Ascension was … Read more
The Department of Education and the Office for Civil Rights has released updated guidelines which aims to set in stone when students’ health information can be made available via the Family Educational Rights and Privacy Act and HIPAA. Guidance which was first published in November 2008 has been brought up to date and refreshed so … Read more
Truman Medical Centers, the biggest provider of inpatient and outpatient services in Kansas City, MO, has found out that the protected health information of 114,466 patients was held on an unencrypted laptop device that was stolen from the vehicle of one of its staff members. The laptop was secured with a password, but there is … Read more
The Centers for Medicare and Medicaid Services (CMS) has found that a vulnerability in its Blue Button 2.0 API that allowed access to the protected health information of 10,000 Medicare beneficiaries. Access to the Blue Button API has been temporarily disabled while the CMS reviews the situation and completes a thorough code review. The … Read more
The email accounts of several staff members of Conway Medical Center in South Carolina have been obtained by unauthorized persons. The phishing attack was first discovered on October 7, 2019 and impacted email accounts were immediately secured to stop additional unauthorized access. External cybersecurity experts were engaged to review the breach and determine whether patient … Read more
Hackensack Meridian Health, the biggest health network in New Jersey, has revealed it was targeted in a cyberattack recently which resulted in ransomware being deployed on its databases. The attack left files encrypted and took its network offline for a number of days. With no access to computer systems and medical histories, Hackensack Meridian Health … Read more
Facebook may be considered a useful platform for connected people and corresponding. However, could it be used by healthcare organizations as the messaging service for sending protected health information (PHI) without breaching HIPAA legislation? A range of chat platforms are already employed by medical workers for communication, however is it proper to use these platforms … Read more
The Department of Health and Human Services’ Office for Civil Rights has revealed its second enforcement penalty has been applied under its HIPAA Right of Access Initiative. Florida-based Korunda Medical has committed to settling possible breaches of the HIPAA Right of Access and will implement a corrective action plan and bring its policies and procedures … Read more
Ransomware attacks are often conducted indiscriminately, with the file-encrypting software commonly distributed in mass spam email campaigns. However, since 2017, ransomware attacks have become far more targeted. It is now common for cybercriminals to select targets to attack where there is a higher than average probability of a ransom being paid. Healthcare providers are a … Read more
A HIPAA breach refers to the capture, viewing, use or sharing of Private Health Information in a manner not adhering with the HIPAA ACT , which impacts the security or privacy of the PHI. This is a very wide definition that might make you think that a glance at data could lead to a penalty … Read more
In most instances, emergency notification systems for business would not be implemented in order to share Protected Health Information (PHI); but if there was an event that required the sending of PHI, are emergency notification systems for business HIPAA-compliant? Emergency notification systems for business are software platforms most often deployed for warning personnel to any … Read more