HIPAA News

The Treasury Department released statistics that show a continual increase of business email compromise (BEC) attacks throughout the last two years. The number of reported…

June is a better month than the last two months in terms of data breaches reported. Compared to the 1.5 healthcare data breaches per day…

More healthcare providers have confirmed that they were affected by American Medical Collection Agency (AMCA) data breach over the last few days. To date, there…

Ransomware attacks increased in the Q2 of 2019, according to Coveware’s new report. Coveware is a ransomware recovery service provider, which helps businesses recover their…

St. Croix Hospice, provides hospice care across the Midwest, discovered that an unauthorized person accessed an employee’s email account and could have viewed patient data….

Clinical Pathology Laboratories based in Texas recently learned that the data breach at American Medical Collection Agency (AMCA) affected its 2.2 million patients potentially compromising…

Premera Blue Cross consented to pay $10 million to resolve a multi-state data breach lawsuit. The 2014 breach impacting 10.4 million records was allegedly due…

An improper authentication vulnerability was found in the devices GE Aestiva and Aespire Anesthesia. Many hospitals all across American generally use these devices. The CVE-2019-10966…

Vitagene is a health tech firm based in San Francisco, CA that offers services of direct-to-consumer DNA-testing. Vitagene accidentally exposed the private and genealogy data…

Adirondack Health in Vermont is informing roughly 25,000 patients about the potential access of some of their protected health information (PHI) by a hacker. The…

Compliancy Group is conducting a webinar for healthcare professionals covering the major threats that the healthcare industry is facing. Compliance experts are going to discuss…

A medical university student filed a legal case against Cabell Huntington Hospital and Marshall University because of the impermissible disclosure of some of his protected…

Several patients of Pardee UNC Health Care are being notified about the potential exposure of their protected health information (PHI) as a result of a…

A Government Accountability Office (GAO) audit recently conducted showed that the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) uses…

Some Sandia National Laboratories researchers discovered that the open software utilized by genomic researchers had a vulnerability. If an attacker exploits this vulnerability, he could…

Summa Health in Akron, Ohio discovered an unauthorized person had accessed four employee email accounts that contain the protected health information (PHI) of patients. Summa…

A data security incident at Dominion National involved the personal data of their clients. Dominion National is an insurance provider, health plan administrator, and administrator…

A patient care coordinator who worked at the University of Pittsburgh Medical Center (UPMC) in the past was sentenced to a one-year jail term for…

The Senate Health, Education, Labor and Pensions (HELP) Committee has okayed a very important bill to HIPAA-covered entities – the Lower Health Care Costs (LHCC)…

The personal data of approximately 5 million people contained in a MongoDB database were exposed on the web. MedicareSupplement.com owns the database containing personal and…

The Department of Health and Human Services’ Office for Civil Rights published new HIPAA guidance for health plans about the proper sharing of protected health…

Franciscan Health based in Mishawaka, IN learned that a former employee accessed the protected health information (PHI) of about 2,200 patients without authorization. During a…

A former staff at a healthcare provider located in Germantown, MD allegedly accessed the protected health information (PHI) of roughly 16,542 patients. The data was…

April had more healthcare data breaches reported when compared with any other month so far. May continued to have a high number of data breaches,…

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health…

A potential breach at Meditab Software Inc. affects two healthcare companies in Maryland. Meditab is a business associate of the two companies providing EMR and…

Statewide Collection Service is a company providing a full-service accounts receivable management and risk assessment to the healthcare sector. The company recently concluded the Compliancy…

Becton Dickinson (BD) discovered two vulnerabilities in some of its infusion pumps. One vulnerability is rated critical severity with a maximum CVSS v3 rating of…

Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., encountered a phishing attack, which caused the protected health information (PHI) of 87,000 plan members…

Amy Pertuit from Alabama received $300,000 in damages for the illegal access and disclosure of her protected health information (PHI) to a third party by…

The Government Accountability Office (GAO) just published the results of an audit involving all federal government systems running on legacy operating systems. The purpose of…

Healthcare Cyber Heists in 2019 had compiled information from 20 industry leading CISOs, which include the cyberattacks they experienced in the past year, the strategies…

Since the news about the huge data breach at American Medical Collection Agency (AMCA) went out, there is now over a dozen lawsuits filed by…

Mercy Health found out that some of its patient data were uploaded to a private server used for online appointment scheduling, electronic doctor’s office check-ins…

The American Medical Collections Agency (AMCA) data breach victims has now gone over 20 million with the confirmation of another healthcare organization that it was…

An updated Oregon breach notification laws had been approved. The update included the following: expanded definition of consumer data, modified the meaning of covered entity,…

Coffey Health System agreed to settle alleged violations of the False Claims and HITECH Acts by paying $250,000 to the U.S. Department of Justice. The…

There have been massive data breaches recently including the 11.9 million records breach at Quest Diagnostics and the 7.7 million records breach at LabCorp. Now,…

A hacker accessed the systems of American Medical Collection Agency (AMCA) based in Elmsford, NY, a billing collections company. The breach may have resulted to…

A phishing attack on Health Quest resulted to the exposure of the protected health information (PHI) of some patients. The affiliates of Health Quest, namely…

Microsoft issued a patch to correct a critical, wormable flaw found in Remote Desktop Services about two weaks earlier. Yet approximately 1 million devices are…

There are six security advisories involving Siemens Healthineers products. The vulnerabilities have a CVSS v3 score of 9.8 out of 10 and may be linked…

TriHealth, a health system based in Cincinnati, is notifying 2,433 patients because their protected health information (PHI) was impermissibly disclosed to a student mentee. A…

Medford Patients’ PHI Exposed Medford, a Hematology Oncology Associates located in Oregon, had a phishing attack, which caused the email accounts of several Medford employees…

Health records of Today’s Vision patients and employees were found in boxes abandoned in a Texas public dumpster. The documents include highly sensitive information. The…

A recent report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC) revealed that even though majority of hospitals and doctors…

Inmediata, a clearinghouse service provider to healthcare organizations, notified some of its patients in April that their protected health information (PHI) were exposed on the…

Siemens has identified one critical vulnerability and a number of high-severity vulnerabilities in the direct access point of Scalance W1750D. Attackers with a low level…

Cancer Treatment Centers of America (CTCA) experienced another breach of the email account of an employee belonging to its Southeastern Regional Medical Center after responding…

A phishing attack on American Medical Response, a provider of emergency and patient relocation services in Greenwood Village, CO resulted to the access by an…

The sensitive data of 24 female HIV patients were accessed by unauthorized individuals. Even if it’s been over 7 months since the breach was discovered,…

On May 14, 2019, Microsoft issued a patch to correct a ‘wormable’ vulnerability in Windows, which is identical to the vulnerability that attackers exploited in…

Facebook is implementing a few changes to Facebook Group Communities talking about medical conditions. This decision was deemed necessary considering the complaint on Facebook Groups…

The second Senate HELP Committee hearing this week was about the proposed rules for the implementation of the electronic health records provisions of the 21st…

The U.S. Department of Justice charged two Chinese nationals for allegedly instigating the 2015 hacking of Anthem Inc. Fujie Wang, 32 years old, and an…

This is the second time in two months that Spectrum Health Lakeland announced the occurrence of a breach exposing some patients’ protected health information (PHI)….

A former employee of American Indian Health & Services violated HIPAA rules by forwarding to a personal email account the email messages that contain the…

The National institute of Standards and Technology (NIST) announced a request for information (RFI) to get industry stakeholders’ comments regarding the formation of new criteria…

The owner of Bodybuilding.com, a website on bodybuilding and personal fitness, announced a security incident that potentially resulted in the access of customer and employees…

After the breach at Inmediata that resulted to PHI exposure, the provider mailed notification letters to the affected people. But a number of folks submitted…

A February 2019 phishing attack on Baystate Health led to the compromise of the protected health information (PHI) of 12,000 patients. On April 11 Attorney…

A man from Arizona sued Costco for a privacy violation. The lawsuit was dismissed by the trial court but the Court of Appeals overturned the…

A vulnerability was discovered in the Philips Tasy EMR information system. An attacker could exploit the vulnerability and send to the system unexpected data that…

Webpage Misconfiguration Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure…

The medical billing services provider, Doctors’ Management Service Inc. based in Massachusetts, found out on December 24, 2018 the download of malicious software to its…

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information…

Three scientists of MD Anderson Cancer Center, the top cancer research center in the world, were recently fired because of espionage fears after the National…

There were two vulnerabilities found in Fujifilm computed radiography cassette readers. An attacker could exploit these vulnerabilities and access the operating system, implement arbitrary code,…

The King County Superior Court recently approved a $4.7 million settlement to repay people who suffered theft of their personal data from Washington State University…

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees…

A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On…

Centrelake Medical Group, which has 8 medical imaging and oncology centers located in California, is sending notifications to some patients about the exposure of some…

The U.S. Department of Health and Human Services (HHS) is quite slow in implementing the recommendations of the Government Accountability Office (GAO). There are 392…

At the Dublin Tech Summit in Ireland recently, the chief technology officer of Amazon Web Services, Werner Vogels, dispelled security issues concerning cloud computing. After the…

In 2018, the HHS’ Office for Civil Rights (OCR) issued a $4,348,000 civil monetary penalty (CMP) to University of Texas MD Anderson Cancer Center after…

A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems. The cyberattack began on the evening of…

Burrell Behavioral Health notified 67,493 patients regarding the accidental compromise of their healthcare information because of an error at an unnamed business associate in August…

Amazon not long ago introduced a new system that can mark included protected health information (PHI) in medical photos and redact the PHI automatically to…

A phishing attack on Main Line Endoscopy Centers, a group of outpatient endoscopy facilities located in the Bala Cynwyd, Malvern and Media regions of Pennsylvania…

It’s very common to see the use of mobile health apps nowadays. These apps track health metrics to promote healthdul living and so record a…

Sharp HealthCare and Sharp Grossmont Hospital were charged with a lawsuit alleging that the hospital covertly took a video of female patients while undressing and…

The eHealth Initiative Foundation and Manatt Health gave a brief that requires introducing a values framework in order to efficiently protect health data that is…

The HHS’ Centers for Medicare and Medicaid Services (CMS) introduced a compliance review program for assessing the compliance of HIPAA covered entities with the HIPAA…

A class action lawsuit has been filed against the University of Connecticut and UConn Health in behalf of patients for the exposure of their protected…

In the past few days, there were three reports of email system breaches that resulted in the unauthorized access of email accounts that contain protected…

A phishing attack on the Oregon Department of Human Services (ODHS) potentially resulted to the viewing or access of the protected health information (PHI) of…

Gina Graziano, a patient of Northwestern Medicine Regional Medical Group, is suing the medical group for the disclosure of sensitive medial information on Twitter and…

Security researcher Jeremiah Fowler discovered an unsecured healthcare database containing about 37,000 records on March 1, 2019. A brief review of the database revealed that…

Meditab Software Inc., a medical software provider based in Sacramento, CA, and MedPharm Services, its affiliate based in San Juan, PR, had an enormous breach…

U.S. Sens. Cory Gardner (R-CO) and Mark R. Warner (D-VA) are co-chairs of the Senate Cybersecurity Caucus, and Sens. Steve Daines (R-MT) and Maggie Hassan…

Rave Mobile Safety based in Framingham, MA released the findings of its yearly workplace safety and preparedness survey. According to the report, emergency preparedness was…

Check Point researchers demonstrated how it is possible to quickly access IoT medical devices. It serves as a warning not to ignore the security risks…

Audits performed by the HHS’ Office of Inspector General (OIG) showed the HHS Operating Divisions (OPDIVs) to have several safety vulnerabilities. From 2016 to 2017,…

Michigan Attorney General Dana Nessel issued an alert regarding the potential impact of the ransomware attack on Wolverine Solutions Group in Detroit to over 600,000…

Pasquotank-Camden Emergency Medical Services (PCEMS) found out that hackers gained access to its server where its billing system is located. The protected health information (PHI)…

Emerson Hospital located in Concord, MA, is notifying 6,300 patients about the exposure of some of their protected health information (PHI) because of a security…

The most recent Beazley Breach Insights Report states that healthcare is the industry sector most hit by breach incidents. About 41% of all breach reports…

According to the new Moody’s Investors Service Report, four industry sectors face considerable financial risks from cyberattacks. These include the hospitals, market infrastructure providers, banks…

Columbia Surgical Specialists of Spokane located in Washington encountered a ransomware attack, which resulted to the potential access of unauthorized persons to the protected health…

Rush University Medical Center is informing roughly 45,000 patients about the exposure of their protected health information (PHI) because of a data incident that happened…