Ransomware Infiltrates Sky Lakes Medical Center & St. Lawrence Health System
An additional two hospitals have been impacted by ransomware attacks that have resulted in their computer networks being offline and medics having to use pen…
Read MoreHIPAA News
Updated Security Risk Assessment Tool made Avail by HHS
HHS Security Risk Assessment Tool Updated
Thales Wireless IoT Modules Flaw Impacts Millions of Devices
Ban on HHS Funding a National Patient Identifier System Remove by House of Representatives
OCR Sanctions $1M HIPAA Fine on Lifespan for Lack of Encryption
$25,000 Fine for HIPAA Security Rule Noncompliance Sanctioned against Small North Carolina Healthcare Provider
Permanent Changes to Telehealth Policies Considered by Senate HELP Committee
Blood and Plasma Donation Contact Guidance in Relation to COVID-19 Patients to Request
HIPAA Violations Lead to Healthcare Workers in Michigan and Illinois Being Sacked
In separate incident employees based in Michigan and Illinois have been fired from their positions due to their involvement in HIPAA violations. At Ann &…
Data Stolen in Magellan Health Ransomware Attack
The Fortune 500 company Magellan Health has announced it experienced a ransomware attack in April that resulted in the encryption of files and theft of…
Significant Improvement in Compliance Indicated in Ciitizen HIPAA Right of Access Study
The most recent Patient Record Scorecard Report from Ciitizen has shown that there has been a welcome improvement in compliance with the HIPAA Right of…
HIPAA Compliance Confirmed for Safe Partner Inc.
Compliancy Group has revealed that Safe Partner Inc. has been able to show the establishment of a strong HIPAA compliance program and has successfully completed…
Media and Film Crew Given OCR Guidance on Accessing Healthcare Facilities
The HHS’ Office for Civil Rights (OCR) has released guidance to healthcare providers to reinforce the point that the HIPAA Privacy Rule forbids media and…
Critical Flaw Still Impacting 82% of Public-Facing Exchange Servers
On February Patch Tuesday, 2020, Microsoft made available a patch for a critical flaw the impacts Microsoft Exchange Servers which could possibly be targeted by…
McHenry County Health Department Must Share COVID-19 Patients’ Names to 911 Dispatchers Following Court Ruling
The McHenry County Health Department in Illinois has been refusing to hand over the names of COVID-19 patients to 911 dispatchers to safeguard the privacy…
HIPAA Waiver issued for Good Faith Operation of COVID-19 Community-Based Testing Centers
The HHS has released a Notice of Enforcement Discretion covering healthcare suppliers and business associates that participate in the operation of COVID-19 community-based testing centers….
Notice of Enforcement Discretion for Business Associates to Allow PHI Disclosures for Public Health and Health Oversight Activities
The Department of Health and Human Services announced, n April 2, 2020, that it will from here on be exercising enforcement discretion and will not…
OCR Issues Guidance on Permissible Sharing of PHI to First Responders During the COVID-19 Pandemic
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has released additional guidance on HIPAA and COVID-19, the disease caused by…
Coronavirus Pandemic HIPAA Guidance on Telehealth Issued by OCR
After the initial announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to the good faith provision of telehealth…
Healthcare Data Breach Report February 2020
During February there were 39 healthcare data breaches of 500 or more records reported and 1,531,855 records were breached, which is the same as a…
First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights
The Department of Health and Human Services’ Office for Civil Rights (OCR) has made public the first HIPAA penalty of 2020. The medical practice of…
January 2020 Healthcare Data Breach Report
Healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate…
Widespread Improper Use of Medicare Part D Eligibility Verification Transactions Discovered in OIG Audit
A Department of Health and Human Services’ Office of Inspector General (OIG) audit has found that a number of pharmacies and other healthcare providers are…
2019 Healthcare Data Breaches of Fewer than 500 Records to be Reported by February 29
The HIPAA Breach Notification Rule States that data breaches of 500 or greater records to be made known to the Secretary of the Department of…
Requiring Pharmacies Must Track Partially Filled Prescriptions of Schedule II Drugs Following HHS Issuing Final Rule
The Department of Health and Human Services has released a final rule amending the HIPAA National Council for Prescription Drug Programs (NCPDP) D.0 Telecommunication Standard…
Netherlands has Recorded Most Breach Reports since GDPR became Enforceable
The Dutch Data Protection Authority (DDPA) has recorded the highest number of General Data Protection Regulation (GDPR) breach notifications according to a report published by…
Healthcare Data Breach Report December 2019
There were an increase of 8.57%, from the previous month, of healthcare data breaches reported during December. 38 breaches of 500 or greater records were…
Further Health Data Exemptions for CCPA Proposed by California Bill
On January 1, 2020, the California Consumer Protection Act (CCPA) came became enforceable. CCPA enhanced privacy security for state residents and gave Californians new rights …
Group Health Plan Sponsors have HIPAA Compliance Issues: Buck Survey
Most group health plan sponsors are not fully adhering to the Health Insurance Portability and Accountability Act Rules, according to a recently published by the…
HIPAA Compliant Gmail
If Gmail is to be deemed HIPAA compliant, Google would have to see to it that the service provided is 100% secure and adheres with…
Google and Alphabet Questioned by Rep. Jayapal in Relation to Ascension Partnership
Google and its parent company Alphabet are being targeting to release details regarding how the protected health information (PHI) of patients of Ascension will be…
Guidance on Sharing of Student Health Records Issued by OCR & Dept of Education
The Department of Education and the Office for Civil Rights has released updated guidelines which aims to set in stone when students’ health information can…
Korunda Medical fined $85,000 Penalty for HIPAA Right of Access Failures
The Department of Health and Human Services’ Office for Civil Rights has revealed its second enforcement penalty has been applied under its HIPAA Right of…
HIPAA Compliance Can Help Covered Entities Stop, Address and Get Back Online ecover from Ransomware Attacks
Ransomware attacks are often conducted indiscriminately, with the file-encrypting software commonly distributed in mass spam email campaigns. However, since 2017, ransomware attacks have become far…
Microsoft Warning Against BlueKeep Exploit in Real World Attacks
In May 2019, Microsoft announced a critical remote code execution vulnerability in Windows Remote Desktop Services referred to as BlueKeep – CVE-2019-0708. The cybersecurity community…
Brooklyn Hospital Center Malware Attack and Washington University School of Medicine Unauthorized PHI Access
A security breach has been announced by Brooklyn Hospital Center in New York. The incident that transpired in late July 2019 involved the installation of…
Jackson Health System Paid in $2.15 Million Civil Monetary Penalty for Multiple HIPAA Violations
The Department of Health and Human Services’ Office for Civil Rights charged Jackson Health System (JHS) with a civil monetary penalty amounting to $2.15 million….
PHI Potentially Compromised Due to Prisma Health Website Breach and Seattle Cancer Care Alliance Email Error
Due to a data breach on the Palmetto Health website, Prisma Health Midlands is sending breach notifications to around 19,000 patients and 3,000 employees. Prisma…
Report Reveals Increased Security After a Data Breach Caused a Rise in Patient Mortality Rate
Healthcare data breaches bring about a lower quality of patient care, as per a study just posted in Health Services Research. Researchers studied data from…
Roger Severino Provides Update on OCR HIPAA Enforcement Priorities
Roger Severino, the HHS’ Office for Civil Rights Director, gave a report on the priorities of OCR’s HIPAA enforcement during the OCR/NIST 11th Annual HIPAA…
57% of Companies Use Multi-Factor Authentication For Better Security But It is Not Fail-Proof
The password manager provider LastPass recently conducted a study, which revealed that only 57% of companies make use of multi-factor authentication, despite the fact that…
FBI Gives An Alert Regarding E-Skimming Threats and Recommendations for Minimizing Risk
The Federal Bureau of Investigation gave an alert regarding e-skimming threats, after attacks on SMBs and government institutions increased. E-skimming refers to the adding of…
Millions of Patients’ Sensitive Data Were Publicly Accessible Online
Because nine companies failed to keep their medical databases secure, the sensitive health information of millions of patients were exposed online. The security researchers at…
September 2019 Healthcare Data Breach Report
There were 36 healthcare data breaches involving over 500 records reported to the Department of Health and Human Services’ Office for Civil Rights in September….
15,982 Patients of South Texas Dermatopathology Notified About the AMCA Data Breach
South Texas Dermatopathology is the last identified casualty of the American Medical Collection Agency (AMCA) data breach. It has reported the data breach to the…
Mission Health E-Commerce Websites Had a Malicious Code that Allowed Payment Data Theft for 3 Years
Malicious code was found installed on the e-commerce website of Mission Health in Western North Carolina. The malicious code can capture the payment information entered…
Proofpoint Report Reveals Which Cyber Threat Healthcare Organizations Commonly Encounter
A recent Proofpoint report gives information on the cyber threats that healthcare organizations encounter and the most common attacks that result in healthcare data breaches….
UAB Medicine Phishing Attack Impacts 19,000 Patients
Due to a phishing attack on August 7, 2019, UAB Medicine is informing its patients regarding the potential access of a number of employee email…
New York Legislation Stops the Selling of Patient Information by First Responders to Third Parties
S.4119/A.230 is a new legislation signed into law on October 7, 2019 by New York Governor Andrew Cuomo. This law forbids first response and ambulance…
MITA Puts Out New Medical Device Security Standard
The Medical Imaging & Technology Alliance (MITA) has published a new medical device security standard that offers healthcare delivery organizations (HDOs) crucial data regarding risk…
Philadelphia Department of Public Health Announced the Exposure of Hepatitis Patients’ Data
The Philadelphia Department of Public Health (PDPH) found that sensitive data of patients suffering from hepatitis B and hepatitis C were exposed over the web…
APT Actors Actively Exploiting GlobalProtect, Pulse Connect, Fortigate VPN Vulnerabilities
Advanced persistent threat (APT) actors are taking advantage of flaws in widely used VPN products provided by FortiGuard, Palo Alto and Pulse Secure to obtain…
Data Breaches at Cancer Treatment Centers of America and Humana
Cancer Treatment Centers of America (CTCA) sent notifications to some of its patients after their protected health information (PHI) were exposed due to a phishing…
An Internal Security Operations Center Reduces Data Breach Expenses by Over Fifty Percent
A recent B2B International survey undertaken on behalf of Kaspersky Lab showed the rise in the average cost of an enterprise-level data breach from $1.23…
9,160 Goshen Health Patients Affected by Phishing-Related Email Breach
9,160 patients from Goshen Health in Indiana received notification about its phishing-related email breach in August 2018 that could have resulted in the potential exposure…
Vendor Email Compromise Attacks Are the New Tactics of Cybercriminals
There has been a rise in the volume of business email compromise (BEC) attacks in the U.S. As per Symantec, about 6,029 businesses got BEC…
PHI of 391,472 Patients of Sarrell Dental Potentially Compromised Due to a Ransomware Attack
A ransomware attack on Sarrell Dental in Alabama, is non-profit Children’s dental and optical services provider resulted in the potential compromise of the protected health…
Potential Compromise of PHI As a Result of North Florida OB-GYN Cybersecurity Breach
North Florida OB-GYN in Jacksonville, FL learned that hackers got access to particular portions of its computer system that contain personal and medical data of…
Atlantic.Net and Compliancy Group Will Conduct Webinar on Cybersecurity and HIPAA Compliance
Atlantic.net is a HIPAA-compliant hosting company that teamed up with Compliancy Group and its HIPAA-compliance specialists in conducting a webinar on Cybersecurity and HIPAA Compliance….
Sen. Rand Paul Presents National Patient Identifier Repeal Act
Sen. Rand Paul, M.D., (R-Kentucky) has presented a new bill that attempts to permanently remove the national patient identifier provision of HIPAA because of the…
Senator Demands Explanation for the Exposure of Medical Images Stored in Unprotected PACS
Sen. Mark Warner (D-Virginia) wrote a letter to TridentUSA asking for an explanation concerning a breach involving sensitive medical images at MobileXUSA, one of its…
HIPAA Seal of Compliance Awarded to Integration Link LLC by Compliancy Group
Integration Link, LLC is a provider of virtual Chief Information Security Officers and cybersecurity consultancy services to businesses of varying sizes — small, medium and…
Healthcare Data Breach Report for August 2019
In August, more than 1.5 healthcare data breaches were reported per day. This is the second consecutive month that there are a lot of reported…
New Data Breach Notification Regulation for Health Insurers in Maryland
Beginning October 1, 2019, health insurance providers and associated services have to notify the Maryland Insurance Administration (MIA) whenever a breach of insureds’ personal information…
2,246 Fetal Remains and Abandoned Medical Documents Found in Indiana
Dr. Ulrich Klopfer from Indiana operated three abortion clinics until his license was suspended in 2015. He was found to have taken away fetal remains…
Phishing Attacks on Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Members
The managed care firm Magellan Health based in Scottsville, AZScottsville, AZ learned that phishing attacks on two of its subsidiaries caused the compromise of the…
Ramsey County 2018 Phishing Attack Impacted Not Only 599 But 117,905 Victims
Ramsey County has learned that the phishing attack on August 2018 has impacted considerably more persons than originally believed. The number of affected individuals went…
NCCoE Issued a Mobile Device Security Guidance for COPE Gadgets
The National Cybersecurity Center of Excellence (NCCoE) published the latest draft NIST mobile device security guidance to aid institutions to reduce the risks brought in…
NCCoE Releases Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem
The draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem was issued by the National Cybersecurity Center of Excellence (NCCoE). The…
About 6,000 People’s PHI Impacted by Phishing Attacks on East Central Indiana School and Frasier
A phishing attack on East Central Indiana School Trust (ECIST) is the reason for the compromise of some protected health information (PHI) of more than…
Multi-Factor Authentication Stops 99.9% of Cyberattacks
The healthcare sector runs into a lot of phishing attacks. Every week, healthcare organizations report a number of phishing attacks resulting in protected health information…
Guidance on Healthcare Information Sharing Organizations Published by HSCC
The Healthcare and Public Health Sector Coordinating Council (HSCC) released guidance on cybersecurity information sharing for healthcare organizations. HSCC is a partnership of over 200…
Insurance Firms are Inviting Ransomware Attacks by Paying Ransom Demands
A new investigation by ProPublica has showcased a growing concern that is encouraging the existing ransomware problem. Insurance providers are preferring to pay ransom demands…
Utah Ransomware Attack, Alive Hospice Mailing Error and Community Psychiatric Clinic Breaches Compromised Patient Data
Premier Family Medicine, which is a physician group located in Utah, notified 320,000 patients concerning the potential exposure of their protected health information (PHI) caused…
Patients Impacted by Massachusetts General Hospital Data Breach and Sonoma Valley Hospital Website Hacking
Massachusetts General Hospital (MGH) found lately that the computer applications used by the researchers of its Department of Neurology was accessed without authorization. The individual…
First HIPAA Violation Settlement Case in 2019 Involving the Right of Access Initiative
The Department of Health and Human Services’ Office for Civil Rights (OCR) made an announcement early this year that HIPAA enforcement in 2019 would primarily…
Declaration of Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and South Carolina Due to Hurricane Dorian
The Secretary of the Department of Health and Human Services (HHS), Alex Azar, has made an announcement placing Puerto Rico and the states of Georgia,…
73 Email Accounts of Bonita Springs Employees Compromised Due to Phishing Attack
A phishing attack on NCH Healthcare System, Bonita Springs located in Florida, highlighted how critical it is to train healthcare employees on security awareness. On…
Irdeto Survey Reveals 82% of Healthcare Providers Have Encountered a Cyberattack on Their IoT Devices
The Swedish software firm Irdeto conducted the Global Connected Industries Cybersecurity Survey, which showed that 82% of healthcare organizations using Internet-of-Things (IoT) devices have encountered…
Identified Vulnerability in Philips HDI 4000 Ultrasound Systems
There is a vulnerability identified in Philips HDI 4000 Ultrasound systems that attackers could exploit to access ultrasound images. Besides stealing information, an attacker could…
Code Execution Vulnerability Found in Cardiology Devices of Change Healthcare
Devices of Change Healthcare Cardiology, Horizon Cardiology and McKesson Cardiology were found to have a vulnerability, which a locally authenticated user could exploit to add…
Healthcare Data Breach Report Summary in July 2019
May 2019 had 46 breaches with over 500 records exposed making it the worst month ever since the HHS’ Office for Civil Rights began reporting…
AMCA Breach Impacts 33,370 Mount Sinai Hospital Patients
Mount Sinai Hospital discovered the compromise of 33,730 patients’ protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) cyberattack. This…
AMCA Data Breach Impacts Almost 25M To Date
The number of victims of the American Medical Collection Agency (AMCA) data breach has gone up to about 25 million with one more healthcare organization…
OMB Audit Report Finds the HHS Information Security Program as Ineffective
The Office of Management and Budget (OMB) sent in its yearly audit report to Congress about the status of federal agencies’ cybersecurity, as demanded by…
Threat of Lateral Phishing Attacks on Health Care Organizations Increasing
University of California Berkeley, University of San Diego, and Barracuda Networks conducted a recent study, which showed the increasing threat of lateral phishing to healthcare…
Security Breaches at Rhode Island Healthcare Provider and California Hospice Potentially Compromised PHI
Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) is informing 2,943 patients regarding the unauthorized access of a server that contained some of their…
32% of Healthcare Employees Did Not Receive Cybersecurity Training
Since January, about 200 breaches involving over 500 records were reported and it seems that 2019 will be another record year when it comes to…
45,000 PHI Potentially Exposed Due to Integrated Regional Laboratories, Bayview Dental and Mid-Valley Behavioral Care Network Breaches
Florida-based Integrated Regional Laboratories (IRL) notified around 30,000 patients concerning the potential compromise of their protected health information (PHI) due to the American Medical Collection…
Phishing Attacks on Michigan Medicine and Virginia Gay Hospital Potentially Exposed PHI
Michigan Medicine notified about 5,500 of its patients regarding the exposure of some of their protected health information (PHI) because of a phishing attack recently….
Direct Connect Computer Systems Inc. Receives HIPAA Seal of Compliance
Direct Connect Computer Systems, Inc., the technology solution provider based in Cleveland, OH, has proven that it is surely Health Insurance Portability and Accountability Act…
State Attorneys General Call For the Alignment of Part 2 Regulations with HIPAA
The National Association of Attorneys General (NAAG) told the House and Senate leaders to make improvements to Confidentiality of Substance Use Disorder Patient Records regulations…
Renown Health Discovers PHI was Stored on Lost Thumb Drive
Renown Health, which is Northern Nevada’s biggest healthcare provider, has begun notifying some patients about the potential compromise of some of their protected health information…
Patients’ PHI Compromised at FDNY and Perry County Medical Center Data Breaches
From 2011 to 2018, the New York Fire Department (FDNY) had used its ambulance to bring over 10,000 EMS patients to the hospital. Due to…
Patients Filed a Lawsuit Against MU Health Over May 2019 Phishing Attack
The University of Missouri Health Care (MU Health) is facing a lawsuit over the phishing attack on April 2019. MU Health discovered on May 1,…
Exposure of Seattle Community Psychiatric Clinic Patient Data Due to Email Security Breaches
A Seattle, WA provider of accredited outpatient, counseling services and mental health treatment, Community Psychiatric Clinic, has encountered two security breaches resulting in the compromise…
Patients’ PHI Compromised Due to Unsecured Amarin and Medico Database
A database that contains the personal data of people who were interested in Vascepa®, Amarin Pharma’s cholesterol drug, was exposed on the internet. A third…
NIST Published a New Guidance on Securing IoT Devices
The National Institute of Standards and Technology (NIST) has published its latest guide for companies manufacturing Internet of Things (IoT) devices so that they can…
Security Breach at Edgepark Medical Supplies Results in Fraudulent Orders
Edgepark Medical Supplies (EMS) learned on May 13, 2019 about the access of an unauthorized person into some accounts of its clients. That person modified…
