Texas HB 300 expands individual privacy protections by requiring non-excluded covered entities to obtain an authorization for a number of disclosures of Protected Health Information that would be permitted by the HIPAA Privacy Rule. In 2001, Section 181 of the Texas Health and Safety Code was established by the passage of the Texas Medical Records … Read more
HIPAA changes occur more often than many people realize due to the Department for Health and Human Services (HHS) responding to external events, Executive Orders, or adopting standards to reduce the administrative burden of HIPAA compliance. While most recent HIPAA changes have been relatively minor, there are significant proposed HIPAA changes in 2024. Many articles … Read more
HIPAA laws are best known for protecting the privacy of individually identifiable health information maintained by health plans and qualifying health care providers. Strictly speaking, the content of the Health Insurance Portability and Accountability Act did not create any new HIPAA laws. Rather, it amended existing laws such as the Consolidated Omnibus Budget Reconciliation Act … Read more
Yes, Google Meet can be made HIPAA compliant when a Business Associate Agreement (BAA) is in place. A BAA is a legal contract that outlines the responsibilities and obligations of a service provider (Google) when handling Protected Health Information (PHI) on behalf of a covered entity (healthcare organization). If Google signs a BAA with a … Read more
A California-based dental practice has been issued with a $23,000 fine after it published a patient’s Protected Health Information (PHI) on the Yelp review website. This unauthorized use of PHI resulted in a complaint to the Office for Civil Rights, who then launched an investigation into the incident. On November 29, 2017, the OCR received … Read more
Empress EMS, a New York-based ambulance service, is facing multiple class-action lawsuits after patient data was stolen during a ransomware attack. The attack was carried out by the Hive ransomware group, which gained access to Empress EMS’ network, stole files, and then encrypted them. Though the criminals gained access on May 26, 2022, the attack … Read more
CommonSpirit Health, the second-largest non-profit hospital chain operating in the United States of America, has confirmed that patient data was accessed during a recent ransomware attack. The attack occurred between September 16, 2022, and October 3, 2022; it was detected in October. Upon detection of the attack, CommonSpirit Health immediately took some of its systems … Read more
The San Juan Regional Medical Center (SJRMC) has proposed a settlement to a class-action lawsuit. The lawsuit, Henderson et al. vs San Juan Regional Medical Center, concerned a data breach that affected 68,792 patients. On September 8, 2020, the New Mexico-based medical center was targeted by hackers who subsequently gained access to their network. While … Read more
Ashley Latimer, a former medical assistant based in Pennsylvania, has been changed in a 39-count indictment for stealing patient information for personal gain. Latimer, 34, who was previously employed at Axia Women’s Health, was charged by the Upper Moreland Police Department in Montgomery County, PA. She is alleged to have been involved in a scheme … Read more
On November 17, 2022, the Federal Bureau of Investigation (FBI), the Department for Health and Human Services (DHSS) and the Cybersecurity and Infrastructure Agency (CISA) have together issued a warning to the Health and Public Sector (HPH) over the increased risk of ransomware attacks. This comes after a sustained period of attacks between June 2021 … Read more
The Ann & Robert H. Lurie Children’s Hospital, based in Chicago, Illinois, has proposed a settlement to resolve a privacy-related class action lawsuit. The lawsuit was filed in response to two privacy breaches in which protected health information (PHI) was accessed by unauthorized employees. The breach was discovered on November 15, 2019. Lurie Children’s Hospital … Read more
A home health company based in Georgia has agreed to pay a $425,000 fine to Massachusetts’ Office of the Attorney General for violating state laws that required them to implement safeguards against phishing attacks. Though it is based in Georgia, Aveanna Healthcare is the United State’s largest provider of pediatric home care and operates in … Read more
In an effort to promote cybersecurity and raise awareness of the physical and digital threats to critical infrastructure, President Biden has declared that November will be “Critical Infrastructure Security and Resilience” month. The announcement reaffirms the White House’s commitment to strengthening critical infrastructure “by building better roads, bridges, and ports; fortifying our information technology and … Read more
University of Michigan Health has sent breach notification letters to around 33,850 patients whose data was potentially compromised during a phishing attack. Though there is not yet any evidence that the data has been sold or misused, University of Michigan Health has stated in its breach notification letter that affected patients should assume that all … Read more
WakeMed Health and Hospitals (“WakeMed”) has sent breach notification letters to nearly 495,000 patients notifying them that their PHI may have been impermissibly disclosed to Meta/Facebook. This breach was due to the use of the Meta Pixel tracking code of WakeMed’s website. The Meta Pixel code was added to WakeMed’s website and patient portal in … Read more
EyeMed Vision Care (“EyeMed”), an Ohio-based health insurance company, has been ordered to pay a $4.5 million fine by the New York State Department of Financial Services (DFS). The fine resulted from an investigation into potential violations of the DFS Cybersecurity Regulations. As part of its practices as a licensed health insurance company, EyeMed … Read more
Valle del Sol Community Health, a primary healthcare provider based in Phoenix, Arizona, has sent breach notifications to 70,268 of its patients. The notification letters stated the recipient’s Protected Health Information had been exposed in an attack that was first detected on January 25, 2022. The letters did not state who had access to the … Read more
The Aesthetic Dermatology Associates, based in Pennsylvania, have confirmed a breach involving the protected health information (PHI) of 33,793 current and former patients. The cyberattack, during which authorized individuals viewed and, in some cases, acquired, the PHI, was first detected on August 15, 2022. Upon detection of the suspicious network activity, the Aesthetic … Read more
A doctor, who has since ceased practicing, has pleaded guilty to criminal violations of HIPAA in which he passed on protected health information to the sales representative of a pharmaceutical firm. The doctor, who had practices in New York, New Jersey, and Florida, was prosecuted by the U.S. Attorney’s Office of the District of New … Read more
It has been discovered that Eye Care Leaders, a supplier of electronic health records and client management software products for eye care clinics, had its databases illegally accessed by cybercriminals on or around December 4, 2021. Upon obtaining access to the network they hackers logged into the myCare Identity solution and removed databases, systems configuration … Read more
Mountain View, California-located supplier of medication management solutions, Omnicell has revealed recently, as part of an 8-K submission with the Securities and Exchange Commission (SEC), that the groups was successfully targeted in the cyber attack on its databases. The cyber attack was initially discovered on May 4, 2022, and lead to a number of specific … Read more
It has recently been revealed by Illinois Gastroenterology Group that a number of unauthorized individuals were able to obtained access to its group databases to the extent that they may have been in a position to view and downloads sensitive private patient data. The illegal data breach was initially discovered when the group IT team … Read more
Downey, California-based SuperCare Health, a post-acute in-home respiratory care supplier for the western states in the USA, has begun contacting 318,379 patients to inform them that a portion of their PHI may have been accessed by unauthorized people during a cyberattack in July 2021. SuperCare Health, in a breach notification letter circulated on March 25 … Read more
A Request for information (RFI) has been released by the Department of Health and Human Services’ Office for Civil Rights (OCR) in connection with the two outstanding requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The HITECH Act, which was changed in 2021 by the introduction of … Read more
U.S. Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI), bipartisan senators, have introduced the Protecting and Transforming Cyber Health Care (PATCH) Act which seeks to enhance the security of medical technology. There are often flaws discovered in medical technological devices that can be targeted by cybercriminals who can alter the functionality of the devices, … Read more
A dental clinic operating out of Charlotte and Monroe, North Carolina, has been investigated by OCR due to a complaint that was filed in November 2015 claiming that the unauthorised release of protected health information (PHI) took place following the publishing of a negative online review of the practice. On or around September 28 2015 … Read more
In recent years cyberattacks have been on the rise with a 45% rise in hacking/IT incidents recorded from 2019 to 2020. In 2021 66% of breaches involving unsecured electronic protected health information (ePHI) happed as a result of hacking and other IT shortcomings.Most of these breaches could have been avoided if HIPAA-regulated entities were 100% … Read more
Protenus has published its 2022 Breach Barometer Report which shows that there were over 50 million healthcare records exposed or compromised during 2021. The report lists healthcare data breaches made known to regulators, including data breaches that have been covered by news outlets, incidents that have not been shared by the breached entity, and data … Read more
A cyberattack on Michigan-based business services provider Morley Companies, which was initiated on August 1 2021, prevented internal access to databases. The Saginaw, MI-based group recently reported the breach to the Department of Health and Human Services’ Office for Civil Rights (OCR), confirming that cybercriminal successfully infiltrated their network, impacting the Private Health Information of … Read more
In order to settle claims connected with a 2021 data breach that impacted the private health information of around 2.4 million of the patients of the healthcare provider it was working at, CaptureRx has offered a $4.75m settlement proposal. A healthcare admin solution that assists hospitals operate their 340B drug discount programs, CaptureRx revealed on … Read more
AccelHealth entity Cross Timbers Health Clinics was infiltrated by a ransomware attack on December 15 2021 which stopped the Federally Qualified Health Center from logging onto its own databases. The Brownwood, Texas-based clinic brought in the help of an external cybersecurity firm to review the security breach. This group was able to determine that access … Read more
The first healthcare data breach settlement of 2022 has been revealed by Letitia James, Attorney General for New York . EyeMed Vision Care, an Ohio-based vision benefits supplier, has committed to handing over a fine of $600,000 to settle a 2020 data breach that resulted in the personal data of 2.1 million people being impacted … Read more
Following a cyberattack and data breach that was first discovered by Memorial Health System on August 14, 2021, Marietta Area Health Care Inc., which operates as Memorial Health System, is facing a class action lawsuit. After the discovery of the breach, an investigation showed that hackers initially obtained access to company databases at some point … Read more
Because the HIPAA Privacy Rule defines students as members of a Covered Entity´s workforce, HIPAA training for students should be the same as that for employees. However, in many cases, students may require additional HIPAA training in order to avoid unintentional violations of HIPAA attributable to a lack of knowledge and experience. When medical students … Read more
Health app developer Ravkoo and Auburndale, FL-based digital pharmacy and has begun alerting 105,000 clients that a portion of their sensitive personal data may have been breached and possibly obtained by someone who was not authorized to do so. The portal on which Ravkoo hosts its online prescription portal on Amazon Web Services (AWS), was … Read more
The protected health information (PHI) of 40,000 people has been exposed following a recent cyberattacks on three separate healthcare providers which focused on employee email accounts. The attacks were as follows: 1. Boulder Neurosurgical and Spine Associates it was discovered that a corporate email account was breached on September 21, 2021. Once the breach was … Read more
Tt has been revealed that the University of Houston College of Optometry had its databases infiltrated when an unauthorized person obtained access to the network of an affiliated eye clinic and stole information that was being held in the clinic’s database. The access took place at a location outside of the United States. UH College … Read more
Five financial penalties related to HIPAA Right of Access breaches have been sanctioned by the HHS’ Office for Civil Rights (OCR), in line with its current focus on heightened compliance enforcement. This current campaign began in the second half of 2019 following a spike in reports from patients that were not given adequate access to … Read more
An individual, a former healthcare worker at New York’s Huntington Hospital, who illegally accessed the PHI in 13,000 patient records is facing a potential criminal conviction. The person in question was employed to work on the late night shift at the Huntington Hospital when the breach occurred. At different points in time from October 2018 … Read more
A cyberattack on the Southern Ohio Medical Center (SOMC) in Portsmouth, OH, resulter in the healthcare facility diverting ambulances to alternative healthcare centers. In addition to this the hospital was forced to cancel some medical appointments and services that were to be provided to outpatients. The cyberattack in question was carried out in the early … Read more
It has been revealed that illegal access of the databases of Baywood Medical Associates, operating as Desert Pain Institute (DPI) in Mesa, AZ, has taken place. Additionally, it was discovered that some of the parts of the network that were open to access were holding the protected health information of patients of the healthcare group. … Read more
It has been discovered by the University Hospital Newark (NY) that the PHI of thousands of patients has been stolen by a former member of staff who accessed the private data for more than 12 months with official permission. After obtaining the information illegally it was then shared with other people who did not have … Read more
ReproSource Fertility Diagnostics a Malborough, MA-based clinic has experienced a ransomware attack that allowed cybercriminals to illegally gain access to databases that were holding the PHI of approximately 350,000 patients. ReproSource is a large laboratory that services reproductive health clinics and is operated by Quest Diagnostics. ReproSource first noticed the ransomware infiltration on August 10, … Read more
It has been revealed that the U.S. Vision Inc. subsidiary, USV Optical Inc. suffered a security breach when cybercriminals were able to obtain access to a range of databases that were holding patients’ protected health information (PHI). This breach was initially noticed on May 12, 2021 and resulted in an in depth forensic investigation which … Read more
Following a highly sophisticated cyberattack, believe to have been managed by a nation state threat actor, the Alaska Department of Health and Social Services (DHSS) has initiated a correspondence project to inform all state citizens that there PHI may have been infiltrated in the data breach. This breach was initially discovered on May 2, 2021, … Read more
Due to a a January 2021 cyberattack, USA Waste-Management Resources, LLC has begun getting in touch with a range of internal members of staff and their dependents, as well as those of certain former employees, to make them aware that its self-administered health plan has been impacted as part of the incident in question. Waste-Management … Read more
It has been confirmed that an unauthorized third party was able to access the network of UNM Health, possibly obtaining access to and downloading files that included patients’ protected health information (PHI) . Following the initial identification of the breach on June 4 2021 and a review of the UNM Health databases was begun in … Read more
A security breach that occurred during June 2021 at Electromed Inc. that involved unauthorized people obtaining access to the groups databases. The New Prague, Michigan developer and producer of airway clearance devices, revealed that the breach was initially discovered on June 16, 2021. Once this discovery was made the group quickly moved to mitigate any … Read more
On June 4, 2021 it was discovered by Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. that unauthorized people had obtained access to its databases which included private and confidential employee and patient data. The impacted databases were quickly made inactive to stop additional unauthorized access and a review was initiated to ascertain … Read more
On June 4, 2021 Forefront Management, LLC and Forefront Dermatology, S.C. discovered that unauthorized access had been obtained to its databases which could have resulted in private and confidential employee and patient information being infiltrated. The impacted databases were swiftly removed from the network so as to stop any additional unauthorized access taking place and … Read more
A class action lawsuit filed by those impacted in a 2.96 million-record data breach, discovered in 2019, against Dominion National has resulted in a settlement offer being proposed by the defendant. After the official investigation into the data breach came to and end in April 2019, the Virginia-based insurer, health plan administrator, and administrator of … Read more
Service Employees International Union 775 (SEIU 775) Benefits Group, a benefits administrator for home healthcare and nursing home staff, has been infiltrated by a hacking group who managed to remove a range of sensitive data. An investigation, carried out by IT staff, discovered a variety of anomalies present on SEIU 775’s data systems at different … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed that a HIPAA breach settlement has been agreed with Peachstate Health Management, LLC, dba AEON Clinical Laboratories to settle a range of different violations of the HIPAA Security Rule. A CLIA-certified laboratory, Peachstate offers a variety of services to its clients … Read more
Recently there has been a lot of discussion in relation to employers asking their staff if they have had their COVID-19 vaccine and whether enquiring about this is actually a breach of HIPAA. Included provisions of the Health Insurance Portability and Accountability Act (HIPAA) that deal with privacy and sharing protected health information (PHI) can … Read more
Health Plan of San Joaquin (HPSJ) has revealed that an unauthorized actor obtained access to its email databases and may have been able to infiltrate private data. The breach was first suspected close to October 12, 2020 when suspicious behaviour was noticed on the email system. HPSJ – A non-profit Medi-Cal managed care provider based … Read more
It has been discovered that a contractor used by a former vendor of Doctors Medical Center of Modesto (DCM) in California mistakenly breached patient data online. DCM had hired the services of SaaS platform provider Medifies to conduct virtual waiting room services. However, on April 2, 2021, DCM became aware that the data of a … Read more
Following a cyberattack in which protected health information was stolen, CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is alerting its impacted clients. Previously known as Trusted Health Plans, CHPDC first identified a that a breach had taken place on its computer databases systems on January 28, 2021. The Washington D.C-based health plan … Read more
Ridgewood, NJ-based Village Plastic Surgery has reached a HIPAA settlement agreement with the HHS’ Office for Civil Rights to resolve possible violations of the HIPAA Right of Access. Village Plastic Surgery has agreed to hand over $30,000 penalty and implement a range of corrective measures linked to access to protected health information (PHI). OCR will … Read more
A historic data breach which impacted the protected health information (PHI) of 79,100 clients Gore Medical Management, a medical practice firm located in Griffin, GA, has been discovered. The breach happened during in 2017 and impacts clients of Family Medical Center in Thomaston, which an entity within the Upson Regional Medical Center group. During November … Read more
The past 12 months were very year for ransomware attacks on the healthcare sector. One of the worst of these was suffered by the King of Prussia, PA-based Fortune 500 healthcare system, Universal Health Services (UHS). UHS, which manages 400 hospitals and behavioral health clinics in the United States and United Kingdom, was impacted by … Read more
A ransomware attack took place on the Sierra Vista, the Arizona-based ophthalmology and optometry supplier Cochise Eye and Laser on January 13, 2021. This attack lead to the encryption of its patient scheduling and billing solutions. The attack stopped Cochise Eye and Laser from using any data in its scheduling system. Eye care services were … Read more
It has been discovered that an unauthorized individual gained access to the email account of an employee at Grand River Medical Group in Dubuque in Ohio, resulting in the possibility that someone could have viewed or obtained the protected health information of 34,000 patients. After uncovering the breach, a password reset was carried out … Read more
In Ramsey County, MN the County Manager’s Office has begun issuing alerts to 8,687 clients of its Family Health Division ro make them aware that a portion of their personal information may have been illegally accessed by cybercriminals in a ransomware attack on one of its vendors. St. Cloud-based Netgain Technology LLC is a technology … Read more
University of Michigan associate professor Kevin Fu has been appointed by the U.S. Food and Drug Administration (FDA) as its first director of medical device security. Mr Fu will be acting director of medical device security at the FDA’s Center for Devices and Radiological Health (CDRH) and the recently created Digital Health Center of Excellence … Read more
Health insurer provider Excellus Health Plan has agreed to pay a $5.1m penalty with the Department of Health and Human Services’ Office for Civil Rights OCR in order to settle a HIPAA breach arising from a 2015 data breach that impacted 9.3m people. In 2015 the breach was identified by Excellus, the group that operates as … Read more
In relation to policing compliance with the Health Insurance Portability and Accountability Act Rules state Attorneys General play a major part. State attorneys general have been given the power to initiate civil proceeding on behalf of state residents who have been affected by breaches of the HIPAA Privacy and Security Rules in the Health Information … Read more
In the latter half of 2020 the joint CISA, FBI, and HHS cybersecurity advisory issued an alert for the healthcare and public health sectors as a result of a recorded increase in ransomware attacks. It revealed that these sectors were being concentrated on by ransomware operators and many cyber criminal groups had increased their level … Read more
The Department of Health and Human Services’ Office for Civil Rights has released new information in relation to the Health Insurance Portability and Accountability Act (HIPAA) Rules governing the sharing of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). An HIE is classified … Read more
60,545 subscribers to Tufts Health Plan have had their protected health information infiltrated as result of a phishing attack on the vision benefits management firm EyeMed. The phishing attack happened in June 2020 and was identified by EyeMed on July 1, 2020. Access to the breached account was shut down the same day. EyeMed alerted … Read more
Dental Care Alliance, LLC, a dental support group with over 320 affiliated dental practices spread across 20 states, has been hacked and the protected health information of more than a million individuals has possibly been infiltrated. The breach happened on September 18, 2020, was detected on October 11, and was closed off on October 13. … Read more
Hackers using Ragnar Locker ransomware have increased up their activity and have been focusing on companies and groups in a number of different sectors, according to a recent private sector alert released by the Federal Bureau of Investigation (FBI). Ragnar Locker ransomware was first discovered by security experts during April 2019, with the first identified … Read more
An update on ransomware activity targeting the healthcare and public health sectors has been released by the HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) saying, “At this time, we consider the threat to be credible, ongoing, and persistent.” Last month, a joint alert was released by the Cybersecurity and Infrastructure Security … Read more
An additional two hospitals have been impacted by ransomware attacks that have resulted in their computer networks being offline and medics having to use pen and paper to record patient details. These ransomware attacks took place on Tuesday, October 27, 2020 at Sky Lakes Medical Center in Klamath Falls, OR and St. Lawrence Health System … Read more
Universal Health Services has revealed the every one of its 250 United States based hospitals are 100% back in action following a suspected ransomware attack. The attack in question took down its systems for a period of three weeks. The attack began some time around September 27, 2020. All systems were back online by October … Read more
PrairieVille is a Magnolia Pediatrics based in LA and is now notifying 12,861 of its patients that a ransomware attack has potentially compromised some of their protected health information around March 26th, 2020. This sudden attack was first investigated by the companies IT vendor, LaCompuTech, which figured that only its master boot record had been … Read more
A new version of the Security Risk Assessment (SRA) Tool has been released by the Department of Health and Human Services’ Office for Civil Rights. The SRA tool was created by the Office of the National Coordinator for Health Information Technology (ONC) in collaboration with OCR to assist small- to medium-sized healthcare providers comply with … Read more
Bronx, New York based Montefiore Medical Center has dismissed a member of staff in relation to the alleged theft of the protected health information of what is estimated to be 4,000 clients. The Montefiore Medical Center discovered a possible internal HIPAA data breach back in July of this year. The organization then moved quickly to … Read more
The update to the Security Risk Assessment (SRA) Tool of the Department of Health and Human Services’ Office for Civil Rights (OCR) has been updated and made available this week. Initially developed by the Office of the National Coordinator for Health Information Technology (ONC) – in collaboration with OCR – this tool assists small-to-medium sized … Read more
The discovery of a security flaw IoT device components could allow cybercriminals to illegally obtain valuable private data or use the devices in further cyberattacks. More than 30,000 businesses use Thales components in products that perform a number of different functions in sectors including energy, telecommunications, and healthcare. The flaw is present in the Cinterion … Read more
Long Island City, NY-located Boyce Technologies Inc, which produces transport communication systems and recently changed its production facilities to provide ventilators for hospitals during the pandemic, has been targeted with DoppelPaymer ransomware. Data was illegally taken before file encryption and a sample of the stolen data has been published on the threat actor’s blog. The … Read more
In Washington, the House of Representatives has voted to remove the ban on the Department of Health and Human Services using federal funds to create a national patient identifier system. The Health Insurance Portability and Accountability Act (HIPAA) called for the creation of a national patient identifier system. As the name suggests, a national patient … Read more
The HHS’ Office for Civil Rights has sanctioned a $1,040,000 HIPAA fine on Lifespan Health System Affiliated Covered Entity (Lifespan ACE) following the discovery of systemic noncompliance with the HIPAA legislation. Lifespan is a not-for-profit health system located in Rhode Island that has many healthcare supplier affiliates in the State. On April 21, 2017, a … Read more
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of the HIPAA Security Rule. Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that supplies integrated medical, dental, behavioral health & pharmacy services for adults and children. … Read more
The HHS’ Office for Civil Rights (OCR) has revealed that a $25,000 settlement has been agreed with Metropolitan Community Health Services to settle breaches of the HIPAA Security Rule. Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that supplies integrated medical, dental, behavioral health & pharmacy services for adults and children. … Read more
The Senate Health, Education, Labor, and Pensions (HELP) Committee is pondering which of the 31 recent amendments to telehealth policies should remain in place when the COVID-19 national public health emergency concludes. The temporary changes to policies on telehealth have acted to expand access during the COVID-19 public health emergency. These changes were required to … Read more
When patients suffer from an infectious respiratory disease like COVID-19, the immune system creates antibodies that put in place protection if the pathogen is another time. These antibodies, in the blood of patients who recover from such an illness, are invaluable as they have the ability to provide protection for the patient and also for … Read more
Healthcare provider Aveanna Healthcare is facing a potential class action lawsuit in relation to a data breach that took place during 2019 which impacted 166,000 patients. Aveanna Healthcare is a supplier of healthcare services to adults and children in 23 states and is the biggest provider of pediatric home care in the United States. In … Read more
In separate incident employees based in Michigan and Illinois have been fired from their positions due to their involvement in HIPAA violations. At Ann & Robert H. Lurie Children’s Hospital of Chicago an employee was fired for improperly accessing the medical records of patients without authorization during a time period of 15 months. The privacy … Read more
Management and Network Services (MNS), LLC, a Dublin, OH-located supplier of administrative support services to post-acute healthcare providers, has revealed that the email accounts of some of its employees have been infiltrated. In a May 4, 2020 breach notification letter, MNS said that it became aware sometime around August 21, 2019 that a number of … Read more
The Fortune 500 company Magellan Health has announced it experienced a ransomware attack in April that resulted in the encryption of files and theft of some employee information. The ransomware attack was detected by Magellan Health on April 11, 2020 when files were encrypted on its systems. The investigation into the attack revealed the attacker … Read more
The protected health information of more than 10,000 patients has been impacted in a phishing attack no the Onamia, MN-based Mille Lacs Health System Phishing emails were shared to a number of its employees that included directing them to a website that requested their email details. A small number of employees were tricked by the … Read more
The most recent Patient Record Scorecard Report from Ciitizen has shown that there has been a welcome improvement in compliance with the HIPAA Right of Access. In gathering data for the report, Ciitizen survueyed 820 healthcare providers to assess how well each responded to patient requests for copies of their healthcare data. A wide spectrum … Read more
Connecticut -based Saint Francis Healthcare Partners is contacting 38,529 patients to make them aware that some of their protected health information may have been obtained by cybercriminals due to a “sophisticated cybersecurity incident” that allowed an unauthorized person to gain access to its email system. The attack took place on December 30, 2019 but it … Read more
The HHS’ Office for Civil Rights (OCR) has released guidance to healthcare providers to reinforce the point that the HIPAA Privacy Rule forbids media and film crews entering healthcare facilities where patients’ protected health information is accessible unless prior written authorization has been obtained from the patients who may be involved. A public health emergency … Read more
On February Patch Tuesday, 2020, Microsoft made available a patch for a critical flaw the impacts Microsoft Exchange Servers which could possibly be targeted by hackers to take full control of a vulnerable system. Despite Microsoft warning that the flaw would be attractive to hackers, patching has not been a quick process. An analysis carried … Read more
The Sparks, NV orthodontics practice, Andrews Braces suffered a ransomware attack on February 14, leading to the encryption of patient data. A resulting investigation determining the ransomware was placed on their systems the previous day. The practice brought in a third-party forensic investigator to assess the scope and extent of the attack and determine whether … Read more
Stockdale Radiology in California has revealed that patient data has been impacted due to a ransomware attack thsat occurred on January 17, 2020. An internal review confirmed that the hackers obtained access to patients’ first and last names, addresses, refund logs, and personal health information, including doctor’s notes. Stockdale Radiology said a small number of … Read more
Washington University School of Medicine making 14,795 oncology patients aware that some of their PHI may have been impacted in a phishing attacking during January 2020.A hacker obtained access to the email account of a research supervisor in the Division of Oncology during January after a reply was sent to a phishing email. The group … Read more
The McHenry County Health Department in Illinois has been refusing to hand over the names of COVID-19 patients to 911 dispatchers to safeguard the privacy of patients, as is the case with patients that have contracted other infectious diseases including HIV and hepatitis. The Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule allows sharing … Read more
The HHS has released a Notice of Enforcement Discretion covering healthcare suppliers and business associates that participate in the operation of COVID-19 community-based testing centers. Under the terms of the Notice of Enforcement discretion, the HHS will not apply penalties in connection with good faith participation in the operation of COVID-19 community-based testing centers. The … Read more