Seven prominent hospital associations, such as the American Hospital Association (AHA), are striving to have better data sharing throughout the healthcare industry. A new report…
Read More
The Managed Health Services based in Indianapolis, IN, which runs the Hoosier Care Connect Medicaid and Hoosier Healthwise programs, announced to 31,876 plan members on…
A phishing attack on Chaplaincy Health Care, a not-for-profit healthcare provider located in Richland, WA caused the exposure of the protected health information (PHI) of…
Choice Rehabilitation of Creve Coeur, MO learned that an unauthorized person accessed an employee’s email account and set up a mail forwarder, which sent email…
The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) published a notification regarding increased Chinese malicious cyber activity focusing on IT…
Humana-owned Family Physicians Group in Orlando notified 8,400 patients that a number of their protected health information (PHI) were potentially compromised because of a phishing…
Clearwater identified the most typical security flaws in the healthcare industry using the data analyses of IRM done during the last 6 years. There were…
Blue Cross Blue Shield of Michigan informed about 15,000 clients that some of their personal information kept on a laptop was compromised as the laptop…
A serious phishing attack on the San Diego School District resulted to the compromise of the private data, including health data, of around 500,000 students…
Massachusetts Attorney General Maura Healey issued to McLean Hospital a HIPAA violation fine amounting to $75,000 in relation to a data breach in 2015 that…
A vulnerability (CVE-2018-8340) was discovered in Microsoft’s Active Directory Federation Services (ADFS) which can permit an attacker to very easily circumvent multi-factor authentication (MFA). ADFS…
The Irish Data Protection Commission (DPC) is investigating one more prospective General Data Protection Regulation (GDPR) violation by Facebook, following the admission of the company…
An unauthorized person accessed the email account of a nurse at CCRM Dallas Fort Worth. CCRM discovered the breach on October 4, 2018, following the…
Based on a new Kaspersky Lab report, Cyber Pulse: The State of Cybersecurity in Healthcare, 27% of healthcare workers reported their company had encountered at…
About 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital received notifications that some of their protected health information (PHI) were compromised…
Google has announced their final decision to make a few modifications to its terms of service and privacy policy. The major change is the naming…
A request for information (RFI) issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) is striving to get feedback from…
The University of Maryland Medical System found the unauthorized installation of a malware on its system on December 9, 2018. Because of the speedy response…
The latest study by Insights, an enterprise threat management platform provider, unveiled a startling number of healthcare information is openly accessible on the internet due…
New Jersey state attorney general’s office penalized the health insurance provider EmblemHealth the amount of $100,000 for a data breach in 2016 that compromised the…
At the end of November, the Department of Justice charged two Iranians in connection with the SamSam ransomware attacks. However, the attacks are unlikely to…
The HHS’ Office for Civil Rights (OCR) investigated an incident of impermissible PHI disclosure by a business associate of a HIPAA-covered entity and found major…
Medical Informatics Engineering and NoMoreClipboard was charged with multi-state federal lawsuit over the 2015 data breach exposing the information of 3.9 million people. Indiana Attorney…
Georgia Spine and Orthopaedics of Atlanta (GSOA) is informing a number o its patients concerning a phishing attack that caused the possible theft and exposure…
Healthcare billing services provider, AccuDoc Solutions Inc, reported a data breach that caused the compromise of the protected health information (PHI) of 2,650,000 Atrium Health…
Mercy Medical Center North Iowa found out that an old employee possibly accessed patients’ healthcare records without appropriate authorization for over 12 months. The medical…
The United Kingdom’s Information Commissioner’s Office (ICO) discovered that the options for the Washington Post online subscription are not General Data Protection Regulation (GDPR) compliant….
A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information…
St. John’s Episcopal Hospital and Episcopal Health Services located in New York have informed former and current patients about the potential compromise of their protected…
Microsoft Office is under review by Dutch investigators due to complaints of the EU’s General Data Protection Regulations (GDPR) violation. Allegedly, Microsoft’s software is gathering…
A phishing attack on New York Oncology Hematology in Albany, New York resulted to the compromise of 15 employee email accounts and gave the hackers…
HealthEquity is informing 190,000 people about the exposure of some of their protected health information (PHI) because of a phishing attack. HealthEquity is a company…
The operators of the WordPress content management platform gave an advisory to users regarding the need to refresh the WP GDPR Compliance plug-in immediately because…
Inova Health System in Virginia began notifying its 12,331 patients regarding the unauthorized access of some of their protected health information (PHI). On September 5,…
A phishing attack on Metrocare Services, the biggest mental health services provider in North Texas, resulted in the compromise of the protected health information (PHI)…
Upstate University Hospital located in Syracuse, NY notified 1,216 of its patients regarding the impermissible access of a former personnel to some of their protected…
Altus Hospital located in Baytown, Texas had been attacked by ransomware, which encrypted much of the hospital data records. The attack did not have an…
Facebook is confronted with the wrath of EU’s General Data Protection Regulation (GDPR) once more after the UK Information Commissioner Office (ICO) made a complaint…
Accessing of patient information by healthcare employees who are not authorized to do so is clearly a violation of the Health Insurance Portability and Accountability…
Apple CEO Tim Cook was guest speaker at the 40th edition of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels and…
The protected health information (PHI) of around 40,000 patients of the Jones Eye Clinic and its associate surgery center, CJ Elmwood Partners, L.P, located in…
Catawba Valley Medical Center (CVMC) based in Hickory, NC discovered on August 13, 2018 the access of an unauthorized person to the email account of…
There is a flaw in the Employees Retirement System of Texas (ERS) OnLine portal. It was discovered when a number of people entered the portal…
In August 2018, BDO USA conducted a survey as part of the BDO 2018 Cyber Governance Survey. It was participated by 145 U.S. company board…
MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of…
The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on…
Raley’s Pharmacy is notifying about 10,000 patients about the potential compromise of some of their protected health information (PHI). The incident on September 24, 2018…
The U.S. Food and Drug Administration (FDA) along with the Department of Homeland Security (DHS) presented a memorandum of agreement to make use of a…
The email accounts of two employees of the Children’s Hospital of Philadelphia (CHOP) were compromised after the successful phishing attacks launched on August 23 and…
The Department of Health and Human Services’ Office of Inspector General (OIG) issued a new report stating that most Medicaid data breaches are rather minor…
A health insurance system connected to the HealthCare.gov website was hacked according to the Centers for Medicaid & Medicare Services (CMS). The sensitive data of…
Aetna committed two mailing errors in 2017, which caused the impermissible disclosure of the protected health information (PHI) of its members. Because of the data…
OCR has issued a settlement fine to Anthem for potential HIPAA violations that led to a 78.8 million records breach in 2015. Anthem paid $16…
According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by…
Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks….
The ECRI Institute, a non-profit firm that researches new methods to improve patient care, has recently released an annual listing of the top 10 Health…
There were two phishing attacks on the Minnesota Department of Human Services (DHS) that impacted 21,000 persons provided with medical assistance. DHS already mailed the…
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare sector to have increased awareness…
Under the HIPAA Privacy Rule, patients have the right to get a copy of their health records from healthcare providers. When requested, copies of health…
Michigan Medicine is informing over 3,600 patients that some of their protected health information (PHI) was impermissibly disclosed. The Michigan Medicine Development Office had a…
Lambda Legal filed a lawsuit on behalf of 93 data breach victims who are lower-income HIV positive persons whose highly sensitive protected health information (PHI)…
On October 1, 2018, the U.S. Food and Drug Administration presented a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook created to assist healthcare…
Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users….
The National Institute of Standards and Technology (NIST) produced a draft of the guidance that is made to support federal agencies and other firms understand…
Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access…
Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative…
Claxton-Hepburn Medical Center is a not-for-profit community hospital located in Ogdensburg, NY. A number of its employees were terminated from work for accessing patient medical…
Three hospitals paid the Department of Health and Human Services’ Office for Civil Rights (OCR) a fine of $999,000 to settle their HIPAA violation. Because…
Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email…
Blue Cross and Blue Shield of Rhode Island (BCBSRI) is notifying 1,567 plan members about the impermissible disclosure of their protected health information (PHI) by…
The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed…
Independence Blue Cross in Philadelphia is sending notifications to thousands of its plan members because of the potential exposure of their protected health information (PHI)…
Hopebridge is a network of 28 autism treatment centers located all over the Midwest. It experienced a phishing attack, which potentially resulted in the access…
Acadiana Computer Services Inc., which provides the healthcare industry in Lafayette, LA with software and business solutions, discovered that an unauthorized person accessed an employee’s…
After the European Union’s General Data Protection Regulation (GDPR) was enforced on May 25, 2018, there is a remarkable drop in the number of daily…
Reliable Respiratory, which is a respiratory care provider in Norwood, MA experienced a phishing attack that impacted 21,311 patients. A suspected cyberattack was noted on…
Arc of Erie County Pays $200,000 for Security BreachThe New York Attorney General penalized the Arc of Erie County with $200,000 for HIPAA Rules violation…
The final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in healthcare delivery organizations prepared by the National Cybersecurity Center of…
There is a code vulnerability discovered in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS). A threat actor could remotely exploit the vulnerability to acquire administrator…
Reuters Institute at the University of Oxford did a research and discovered that there was a 22% decline in the number of tracking cookies on…
Th BD Alaris Plus medical syringe pumps has a crucial wirelessly exploitable vulnerability. When linked to a terminal server through the serial port, the medical…
Consent management platform Quantcast Choice released a report recently that pointed out that European Union (EU) domains obtain on average a consent rating of above…
Ovum performed a survey lately for analytics company FICO, which showed there was a significant increase in businesses getting cybersecurity insurance, yet the healthcare sector…
Legacy Health found an unauthorized person has obtained access to its email system as well as the protected health information (PHI) of about 38,000 patients….
Anthem Inc. offered a $115 million settlement deal in 2017 to take care of the class action legal cases submitted by the victims of a…
The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out….
Three Democrat legislators accused the Oklahoma Department of Veteran Affairs of breaking Health Insurance Portability and Accountability Act (HIPAA) Rules. They have likewise called for…
MedSpring Urgent Care is a group of critical care clinics established in Atlanta, Austin, Chicago, Fort Worth, Dallas, and Houston, which identified an unauthorized individual…
Approximately 300,000 patients from SSM Health St. Mary’s Hospital based in Jefferson City, Missouri were advised about the exposure of some of their protected health…
The HIPAA Security Rule mandates covered entities to consistently safeguard the confidentiality, integrity and availability of protected health information (PHI). The duties of healthcare companies…
This is a summing up of healthcare data breaches shared as of late to the press and the Department of Health and Human Services’ Office…
A survey conducted by the healthcare marketing agency SCOUT revealed that consumers are not as much concerned about the privacy and safety of their medical…