HIPAA News

MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of…

The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on…

Raley’s Pharmacy is notifying about 10,000 patients about the potential compromise of some of their protected health information (PHI). The incident on September 24, 2018…

The U.S. Food and Drug Administration (FDA) along with the Department of Homeland Security (DHS) presented a memorandum of agreement to make use of a…

The email accounts of two employees of the Children’s Hospital of Philadelphia (CHOP) were compromised after the successful phishing attacks launched on August 23 and…

The Department of Health and Human Services’ Office of Inspector General (OIG) issued a new report stating that most Medicaid data breaches are rather minor…

A health insurance system connected to the HealthCare.gov website was hacked according to the Centers for Medicaid & Medicare Services (CMS). The sensitive data of…

Aetna committed two mailing errors in 2017, which caused the impermissible disclosure of the protected health information (PHI) of its members. Because of the data…

OCR has issued a settlement fine to Anthem for potential HIPAA violations that led to a 78.8 million records breach in 2015. Anthem paid $16…

According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by…

Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks….

The ECRI Institute, a non-profit firm that researches new methods to improve patient care, has recently released an annual listing of the top 10 Health…

There were two phishing attacks on the Minnesota Department of Human Services (DHS) that impacted 21,000 persons provided with medical assistance. DHS already mailed the…

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare sector to have increased awareness…

Under the HIPAA Privacy Rule, patients have the right to get a copy of their health records from healthcare providers. When requested, copies of health…

Michigan Medicine is informing over 3,600 patients that some of their protected health information (PHI) was impermissibly disclosed. The Michigan Medicine Development Office had a…

Lambda Legal filed a lawsuit on behalf of 93 data breach victims who are lower-income HIV positive persons whose highly sensitive protected health information (PHI)…

On October 1, 2018, the U.S. Food and Drug Administration presented a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook created to assist healthcare…

Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users….

The National Institute of Standards and Technology (NIST) produced a draft of the guidance that is made to support federal agencies and other firms understand…

Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access…

Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative…

Claxton-Hepburn Medical Center is a not-for-profit community hospital located in Ogdensburg, NY. A number of its employees were terminated from work for accessing patient medical…

Three hospitals paid the Department of Health and Human Services’ Office for Civil Rights (OCR) a fine of $999,000 to settle their HIPAA violation. Because…

Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email…

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is notifying 1,567 plan members about the impermissible disclosure of their protected health information (PHI) by…

The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed…

Independence Blue Cross in Philadelphia is sending notifications to thousands of its plan members because of the potential exposure of their protected health information (PHI)…

Hopebridge is a network of 28 autism treatment centers located all over the Midwest. It experienced a phishing attack, which potentially resulted in the access…

Acadiana Computer Services Inc., which provides the healthcare industry in Lafayette, LA with software and business solutions, discovered that an unauthorized person accessed an employee’s…

After the European Union’s General Data Protection Regulation (GDPR) was enforced on May 25, 2018, there is a remarkable drop in the number of daily…

Reliable Respiratory, which is a respiratory care provider in Norwood, MA experienced a phishing attack that impacted 21,311 patients. A suspected cyberattack was noted on…

Arc of Erie County Pays $200,000 for Security BreachThe New York Attorney General penalized the Arc of Erie County with $200,000 for HIPAA Rules violation…

The final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in healthcare delivery organizations prepared by the National Cybersecurity Center of…

There is a code vulnerability discovered in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS). A threat actor could remotely exploit the vulnerability to acquire administrator…

Reuters Institute at the University of Oxford did a research and discovered that there was a 22% decline in the number of tracking cookies on…

Th BD Alaris Plus medical syringe pumps has a crucial wirelessly exploitable vulnerability. When linked to a terminal server through the serial port, the medical…

Consent management platform Quantcast Choice released a report recently that pointed out that European Union (EU) domains obtain on average a consent rating of above…

Ovum performed a survey lately for analytics company FICO, which showed there was a significant increase in businesses getting cybersecurity insurance, yet the healthcare sector…

Legacy Health found an unauthorized person has obtained access to its email system as well as the protected health information (PHI) of about 38,000 patients….

Anthem Inc. offered a $115 million settlement deal in 2017 to take care of the class action legal cases submitted by the victims of a…

The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out….

Three Democrat legislators accused the Oklahoma Department of Veteran Affairs of breaking Health Insurance Portability and Accountability Act (HIPAA) Rules. They have likewise called for…

MedSpring Urgent Care is a group of critical care clinics established in Atlanta, Austin, Chicago, Fort Worth, Dallas, and Houston, which identified an unauthorized individual…

Approximately 300,000 patients from SSM Health St. Mary’s Hospital based in Jefferson City, Missouri were advised about the exposure of some of their protected health…

The HIPAA Security Rule mandates covered entities to consistently safeguard the confidentiality, integrity and availability of protected health information (PHI). The duties of healthcare companies…

This is a summing up of healthcare data breaches shared as of late to the press and the Department of Health and Human Services’ Office…

A survey conducted by the healthcare marketing agency SCOUT revealed that consumers are not as much concerned about the privacy and safety of their medical…

The protected health information (PHI) of more than 19,000 patients was compromised as a result of a mistake that a transcription service vendor made while…

A data security breach took place at Confluence Health, which is a non-profit health system operating Wenatchee Valley Hospital, Central Washington Hospital and other satellite…

According to the healthcare data breach report for June 2018, healthcare data breaches increased by 13.8% from last month. However the data breaches were not…

Two healthcare providers sent in reports of phishing attacks that granted cyber criminals access to patients’ protected health information (PHI). The attackers in both incidents…

The Golden Heart Administrative Professionals located in Fairbanks, AK serves as a business associate to local healthcare providers by providing invoicing as a service. It…

LabCorp is a clinical laboratory in the United States that had encountered a cyberattack allowing hackers to possibly view or copy the protected health information…

The email account of doctors at UMC Physicians located in Texas was attacked by hackers which brought about the likely compromise of certain protected health…

As per a report publicized in Tennessean, one of Metro Health’s personnel made a mistake causing the exposure of the protected health information (PHI) of…

Law enforcement investigated the involvement of an employee at Arkansas Children’s Hospital in the theft and improper use of patients’ protected health information (PHI). According…

Manitowoc County in Wisconsin suffered a phishing attack which resulted to protected health information (PHI) being stolen. The phishing attack most likely took place on…

The American Hospital Association (AHA) members are concerned about the proposed rule by HHS — Centers for Medicare and Medicaid Services’ hospital inpatient prospective payment…

ICS-CERT has given an announcement concerning two vulnerabilities recently discovered in Medtronic MyCareLink patient monitors. Patients who have implantable cardiac devices use these devices to…

A breach involving physical protected health information (PHI) was reported by the Associated Dermatology & Skin Cancer Clinic of Helena, MT. The PHI of 1,254…

The objective of the Overdose Prevention and Patient Safety Act (H.R. 6082) is to ease limitations on the disclosure of medical records of patients suffering…

Covered entities reported a total of 41 healthcare data breaches in April and 29 in May. Even though the healthcare data breaches decline by 29.27%…

Patients of two HIPAA-covered entities got notification letters that their protected health information (PHI) had been compromised because of burglaries. The first breach incident happened…

When healthcare companies treat patients located in the European Union and gather information from EU locals, they should follow the General Data Protection Regulation (GDPR)….

Apple presented an application programming interface (API) which app developers could use to make health apps combining patients’ EHR data. Using the Apple Health Records…

Healthcare companies could implement DMARC, the Domain-based Message Authentication, Reporting and Conformance Standard, to identify email spoofing and prevent it. The thing is only some…

Steward Healthcare System in Boston terminated Psychiatrist Alexander Lipin for purportedly violating HIPAA rules. But, Lipin rejected the accusation and professed that his dismissal was…

Carolina Insurance Data Security Act on May 14, 2018. The law is comparable to the Insurance Data Security Model law which the National Association of…

There is a provision in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act that HIPAA violations and data breaches victims are…

April was an awful month as the healthcare market got a greater number of health data breaches and individuals affected compared to March 2018. The…

The Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published notices concerning the vulnerabilities in certain medical products manufactured…

The Government Accountability Office (GAO) lately performed an audit which revealed that patients continue to face many difficulties in obtaining copies of their health records….

On March 10, 2018, Cerebral Palsy Research Foundation of Kansas (CPRF) found out that the security defense of one of its databases was disabled for…

Capital Digestive Care, gastroenterology group based in Silver Spring, Maryland, found out the mistake made by its business associate. It seems that the BA uploaded…

The Protenus’ quarterly breach barometer report is a collection of data breach info supplied by Databreaches.net and the artificial intelligence program created by Protenus.  The…

Florida Hospital uses three websites that had been infected with malware. Because of the malware attack, the threat actors potentially had access to the protected…

Wombat Security recently published Beyond the Phish Report, which revealed the lack of understanding healthcare employees on common security threats. The report was a compilation…

Patients of the Center for Orthopaedic Specialists are being notified because unauthorized individuals potentially accessed some of their protected health information (PHI) when ransomware was…

Healthcare organizations easily become victims of cyberattacks because of continually using outdated software and not patching vulnerabilities promptly. This problem is evident in the WannaCry…

The medical devices that have come out in the market have increased in the past few years. The devices have been very helpful in allowing…

  The protected health information of 582,174 patients of the California Department of Developmental Services (DDS) was potentially compromised. Thieves broke into the legal and…

Chief U.S. District Judge Gina M. Groh sentenced Angela Dawn Roberts, a former employee at Berkeley Medical Center, to 5 years’ probation for being involved…

Provider group Texas Health Resources based in Arlington is notifying approximately 4,000 patients that an unauthorized person accessed some of their sensitive information. The security…

The number of SamSam ransomware attacks on government and healthcare organization increased in recent months. These incidents prompted the Department of Health and Human Service’s…

There were 10 SamSam ransomware attacks since December 2017. The attacks were mostly on government and healthcare providers in the United States. There were other…

A group of 112 hackers, penetration testers and incident responders were surveyed to find out how fast they can access a targeted system. The survey…

The Department of Health and Human Services filed a motion to dismiss the lawsuit filed by Ciox Health for lack of standing. Early this year,…

Ponemon Institute conducted a study on behalf of Merlin International involving 627 healthcare executives in the United States and found that healthcare organizations are failing…

Oregon state governor Kate Brown just signed Senate Bill (SB 1551) last month to update several regulations including Oregon’s Breach Notification Law (O.R.S. 646A.604) and…

JAMA recently published a study that highlighted the frequent improper disposal of PHI. Although the study was based in Canada, which is a location not…

Finger Lakes Health in Geneva, NY had a ransomware attack that made its computer system inaccessible. The health system did not stop its operations but…

Anomali and the National Health Information Sharing and Analysis Center (NH-ISAC) have partnered to provide threat intelligence to healthcare organizations. Anomali can help in several…

Ponemon Institute conducted a survey sponsored by Merlin International which revealed that 62% of healthcare organizations experienced data breaches in the past year resulting to…

PhishMe, which is now called Cofense, received five 2018 Cybersecurity Excellence Awards for its products that provide phishing defense solutions. Cybersecurity Insiders together with the…

The Federal Bureau of Investigation (FBI) warned businesses, educational institutions and healthcare organizations regarding the significant increase in phishing attacks on payroll employees. The phishing…

Health Net California, a provider of government employees’ benefits, has been marked as not willing to undergo security audits as per the Flash Audit Alert…

A long-time hacker was able to access medical records of close to 1,900 patients of the University of Virginia Healthcare System using malware infection. How…

The January 2018 Healthcare Data Breach report is now available. Based on the healthcare security incidents reported to the Department of Health and Human Services’…

Ayal Hassidim, MD of Hadassah Hebrew University Medical Center in Jerusalem conducted a research in collaboration with researchers from Harvard Medical School, Duke University and…