NIST’s New Mobile Device Security Guidance for Corporately-Owned Personally-Enabled (COPE) Devices

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released a draft of a mobile device security guidance that aims to help companies strengthen the security of corporately-owned personally-enabled (COPE) mobile gadgets and lower network security risks that may arise because of the devices. Modern businesses need mobile gadgets to … Read more

$70,000 Ransom Paid by Kentucky Community Health Center to Recover Encrypted Data

Park DuValle Community Health Center in Louisville, KY encountered a ransomware attack on June 7, 2019. The hackers successfully accessed its network and installed ransomware so that the center’s appointment scheduling platform and medical record system became inaccessible. The non-profit health center offers healthcare services to low-income patients in the western Louisville area who have … Read more

Losses Due to BEC Attacks Reach $301 Million Per Month

The Treasury Department released statistics that show a continual increase of business email compromise (BEC) attacks throughout the last two years. The number of reported successful BEC attacks in 2018 is more than double the number in 2016. Losses in operations and breach responses as a result of these scams are soaring. Business email compromise … Read more

18 Healthcare Providers Affected by AMCA Breach Resulting to Over 25 Million Records Exposed

More healthcare providers have confirmed that they were affected by American Medical Collection Agency (AMCA) data breach over the last few days. To date, there are 18 healthcare providers who were affected and over 25 million were considered victims. Retrieval Masters Credit Bureau (RMCB), AMCA’s parent company, discovered the AMCA breach on March 21, 2019. … Read more

Coveware Study Shows Increasing Ransomware Attacks and Ransom Payments

Ransomware attacks increased in the Q2 of 2019, according to Coveware’s new report. Coveware is a ransomware recovery service provider, which helps businesses recover their data in the event of a ransomware attack. The method used to recover their data may be through free remediation or through negotiation with the attackers. Coveware analyzed anonymized information … Read more

Cyberattacks on St. Croix Hospice and Hunt Regional Healthcare

St. Croix Hospice, provides hospice care across the Midwest, discovered that an unauthorized person accessed an employee’s email account and could have viewed patient data. The hospice detected the breach on May 10, 2019 upon seeing suspicious email activity in the account. Investigation went underway with the help of a third-party computer forensics company. It … Read more

AMCA Breach Also Impacts 2.2 Million of Clinical Pathology Laboratories Patients

Clinical Pathology Laboratories based in Texas recently learned that the data breach at American Medical Collection Agency (AMCA) affected its 2.2 million patients potentially compromising their protected health information (PHI). AMCA is a company that provides a lot of healthcare companies with debt collection services. As a provider of this service, AMCA receives the PHI … Read more

Discovered Vulnerability in GE Aestiva and Aespire Anesthesia Devices

An improper authentication vulnerability was found in the devices GE Aestiva and Aespire Anesthesia. Many hospitals all across American generally use these devices. The CVE-2019-10966 vulnerability could make it possible for an attacker to remotely alter the parameters of a vulnerable device and silence the alarms. Possible changes include adjusting the parameters of gas composition … Read more

Patient Records of Direct-to-Consumer DNA Testing Company Exposed Online

Vitagene is a health tech firm based in San Francisco, CA that offers services of direct-to-consumer DNA-testing. Vitagene accidentally exposed the private and genealogy data of a large number of its customers because of unauthorized access on the web. The Vitagene DNA testing service is one componenet of a DNA-based individualized health and wellness program. … Read more

PHI of 25,000 Adirondack Health Patients Potentially Exposed Due to Email Account Hack

Adirondack Health in Vermont is informing roughly 25,000 patients about the potential access of some of their protected health information (PHI) by a hacker. The information that were potentially compromised include the names of patients, birth dates, Medicare ID numbers or medical insurance member numbers, and some information on treatment and/or clinical results. The Social … Read more

GAO Audit Pointed Out CMS’ Weak ID Verification System

A Government Accountability Office (GAO) audit recently conducted showed that the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) uses a remote ID verification process that is poor and outdated. Consequently, it likely gives limited security against fraud. The CMS site can help users find government financial assistance that is … Read more

Researchers Found Critical Vulnerability in Burrow-Wheeler Aligner Genomics Mapping Software

Some Sandia National Laboratories researchers discovered that the open software utilized by genomic researchers had a vulnerability. If an attacker exploits this vulnerability, he could access and modify sensitive genetic data. There are two steps involved in DNA screening. The first step is the sequencing of a patient’s DNA and the mapping of their genome. … Read more

PHI of 10,893 Summa Health Patients and 5,400 Community Physicians Group Patients Potentially Compromised in Phishing Attack

Summa Health in Akron, Ohio discovered an unauthorized person had accessed four employee email accounts that contain the protected health information (PHI) of patients. Summa Health knew about the breach on May 1, 2019 and started an investigation showing the breach of 2 email accounts in August 2018, and the breach of two more accounts … Read more

9-Year PHI Breach at Dominion National Impacted 2.9 Million Members

A data security incident at Dominion National involved the personal data of their clients. Dominion National is an insurance provider, health plan administrator, and administrator of dental and vision benefits primarily based in Virginia. Hackers initially accessed the provider’s servers in 2010. Dominion National started an internal investigation after being alerted about the incident and … Read more

HELP Committee Passes Lower Health Care Costs Act

The Senate Health, Education, Labor and Pensions (HELP) Committee has okayed a very important bill to HIPAA-covered entities – the Lower Health Care Costs (LHCC) Act of 2019. One key objective of the bill is to enhance the transparency of medical care costs and quality of service. The bill is meant to stop surprise medical … Read more

5 Million-Records Breach of MedicareSupplement.com and Summa Health Data Breach

The personal data of approximately 5 million people contained in a MongoDB database were exposed on the web. MedicareSupplement.com owns the database containing personal and health data. TZ Insurance Solutions operates the website and use it for helping people look for a Medigap insurance plan. People in search of coverage could go to the website … Read more

New OCR Guidance on Allowable Uses and Disclosures by Health Plans for Patient Care Coordination and Continuity of Care

The Department of Health and Human Services’ Office for Civil Rights published new HIPAA guidance for health plans about the proper sharing of protected health information to assist patient care coordination and continuity of patient care. The guidance is written in the format of an FAQ. It answers two questions that health plans frequently ask: … Read more

2,200 Franciscan Health Patients PHI Exposed Due to Unauthorized Access and Boxes of Medical Records Abandoned in Chatham Chicago

Franciscan Health based in Mishawaka, IN learned that a former employee accessed the protected health information (PHI) of about 2,200 patients without authorization. During a scheduled privacy audit, Franciscan Health discovered the privacy breach. On May 24, 2019, it was confirmed that Franciscan Health that an employee assigned in the quality research department accessed patients’ … Read more

A Nurse Terminated and 10,970 Patient PHI Exposed Due to Breaches at Takai, Hoover & Hsu and Navicent Health

A former staff at a healthcare provider located in Germantown, MD allegedly accessed the protected health information (PHI) of roughly 16,542 patients. The data was purportedly provided to a third party and utilized for bogus transactions. On April 10, 2019, County and state law enforcement informed Takai, Hoover & Hsu, P.A., the owner of THH … Read more

May 2019 Healthcare Data Breach Report

April had more healthcare data breaches reported when compared with any other month so far. May continued to have a high number of data breaches, with 44 breaches reported. The number of exposed records in May, which is 1,988,376 healthcare records, increased by 186% compared to April. The average number of healthcare data breaches reported … Read more

Ransomware Attacks on Illinois and California Clinics Reported

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health information (PHI) because of a ransomware attack in April 2019. An unauthorized person accessed Quantum systems on April 18, 2019 and installed ransomware, which encrypted files. The information contained in … Read more

Meditab Software Breach Impacts Capitol Cardiology Associates (CCA) and Southern Maryland Medical Group (SMMG) Patients

A potential breach at Meditab Software Inc. affects two healthcare companies in Maryland. Meditab is a business associate of the two companies providing EMR and practice management software. As such, its systems include patient protected health information (PHI). Meditab discovered in March 2019 that some PHI were left unsecured. Meditab had developed a website to … Read more

Becton Dickinson Discovered High and Critical Severity Vulnerabilities in Alaris Gateway Workstations

Becton Dickinson (BD) discovered two vulnerabilities in some of its infusion pumps. One vulnerability is rated critical severity with a maximum CVSS v3 rating of 10 of 10. BD is known for proactively searching vulnerabilities, responding to cybersecurity concerns, and announcing specifics of vulnerabilities promptly. BD readily announced the two vulnerabilities and discussed information about … Read more

PHI of 87,400 Plan Members Exposed Due to Union Labor Life Insurance Phishing Attack

Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., encountered a phishing attack, which caused the protected health information (PHI) of 87,000 plan members to be exposed. A ULLI employee responded to a phishing email believing it was a legitimate request by a business partner. The email contained a hyperlink, which the employee clicked. … Read more

Lawsuits Filed and Investigations Launched Over AMCA Breach

Since the news about the huge data breach at American Medical Collection Agency (AMCA) went out, there is now over a dozen lawsuits filed by breach victims. Quest Diagnostics officially announced the breach on June 3, 2019 via a 8-K filing with the Securities and Exchange Commission (SEC). LabCorp followed with a SEC filing on … Read more

PHI of 978 Patients of Mercy Health Exposed

Mercy Health found out that some of its patient data were uploaded to a private server used for online appointment scheduling, electronic doctor’s office check-ins and other online activities. Because of this, unauthorized people could have accessed the patient information. Mercy Health already corrected the issue and secured all patient data on March 25, 2019. … Read more

AMCA Data Breach Victims Now Over 20 Million as BioReference Laboratories Confirmed Breach Impact

The American Medical Collections Agency (AMCA) data breach victims has now gone over 20 million with the confirmation of another healthcare organization that it was affected by the incident. BioReference Laboratories, a laboratory and clinical testing company based in New Jersey, lately confirmed the exposure of roughly 422,600 of its clients’ personal information because of … Read more

New Update to Oregon Data Breach Notification Law Now Covers Vendors of Covered Entities

An updated Oregon breach notification laws had been approved. The update included the following: expanded definition of consumer data, modified the meaning of covered entity, and extended the law to include vendors. Senate Bill 684 changed the name of The Oregon Consumer Identity Theft Protection Act to The Oregon Consumer Information Protection Act and its … Read more

More Than 1.68 Million Records Exposed Due to Misconfigured University of Chicago Medicine ElasticSearch Instance

There have been massive data breaches recently including the 11.9 million records breach at Quest Diagnostics and the 7.7 million records breach at LabCorp. Now, University of Chicago Medicine reported the exposure of over 1.68 million records. The ElasticSearch server that store the records was misconfigured removing protections by mistake and giving anyone unauthenticated access … Read more

12 Million Quest Diagnostics Patients Affected by AMCA Data Breach

A hacker accessed the systems of American Medical Collection Agency (AMCA) based in Elmsford, NY, a billing collections company. The breach may have resulted to the viewing and copying of the protected health information (PHI) of 11.9 million Quest Diagnostics patients. Quest Diagnostics is a large blood testing laboratory in America that uses AMCA services. … Read more

Microsoft BlueKeep RDS Flaw May Still Impact 1 Million Vulnerable Windows Devices

Microsoft issued a patch to correct a critical, wormable flaw found in Remote Desktop Services about two weaks earlier. Yet approximately 1 million devices are still vulnerable because of not applying the patch nor the recommended mitigations to decrease the threat of exploitation. The CVE-2019-0708 flaw could be remotely exploited with no need of user … Read more

Siemens Healthineers Products At Risk to Microsoft BlueKeep Wormable Vulnerability

There are six security advisories involving Siemens Healthineers products. The vulnerabilities have a CVSS v3 score of 9.8 out of 10 and may be linked to CVE-2019-0708, the Microsoft BlueKeep RDS vulnerability. The vulnerability CVE-2019-0708 may be remotely exploited without user interaction. An attacker can exploit the vulnerability and take control of a vulnerable device … Read more

Almost 10,000 Health Plan Patients Affected by Data Breaches at TriHealth and Centura Health

TriHealth, a health system based in Cincinnati, is notifying 2,433 patients because their protected health information (PHI) was impermissibly disclosed to a student mentee. A former TriHealth doctor was supervising the student, who accessed patient data for a prospective research project. On June 8 to June 9, 2018, the student obtained patient information such as … Read more

PHI Exposed Because of a Phishing Attack on Medford and Insider Breach at Penn Medicine

Medford Patients’ PHI Exposed Medford, a Hematology Oncology Associates located in Oregon, had a phishing attack, which caused the email accounts of several Medford employees to be compromised. The first time an email account was breached happened on December 18, 2018. The attacker accessed the other accounts until February 22, 2019. Medford became aware of … Read more

Inmediata Breach Exposed the PHI of 1.5 Million People Online

Inmediata, a clearinghouse service provider to healthcare organizations, notified some of its patients in April that their protected health information (PHI) were exposed on the web because of a misconfiguration of an internal webpage. The Department of Health and Human Services’ Office for Civil Rights already received the breach report, which indicated that the PHI … Read more

Vulnerabilities Identified in Siemens Scalence Access Points

Siemens has identified one critical vulnerability and a number of high-severity vulnerabilities in the direct access point of Scalance W1750D. Attackers with a low level of skill could exploit the vulnerabilities remotely. An attacker exploiting the vulnerability could access the W1750D device to execute arbitrary code in its base operating system, access sensitive data, do … Read more

Microsoft Patches Released to Fix Critical Flaw That Could Result to WannaCry-Type Malware Attacks

On May 14, 2019, Microsoft issued a patch to correct a ‘wormable’ vulnerability in Windows, which is identical to the vulnerability that attackers exploited in the May 2017 WannaCry ransomware attacks. The vulnerability involved a remote code execution in Remote Desktop Services – previously Terminal Services – that could be exploited through RDP. The CVE-2019-0708 … Read more

Facebook Changes to Be Implemented to Protect the Privacy of Health Support Group Members

Facebook is implementing a few changes to Facebook Group Communities talking about medical conditions. This decision was deemed necessary considering the complaint on Facebook Groups that even though it is being presented as an exclusive and confidential community, third parties are able to access the information of health group members and use it for advertising. … Read more

Alleged Anthem Hackers in 2015 Cyberattack and Theft of 78.8 Million Records Indicted

The U.S. Department of Justice charged two Chinese nationals for allegedly instigating the 2015 hacking of Anthem Inc. Fujie Wang, 32 years old, and an unnamed guy were charged in a 4-count indictment in connection with the Anthem cyberattack, where in 78.8 million health insurance records were stolen, and three more cyberattacks on U.S. businesses … Read more

PHI of 1,100 Spectrum Health Lakeland Patients Potentially Exposed Due to Phishing Attack

This is the second time in two months that Spectrum Health Lakeland announced the occurrence of a breach exposing some patients’ protected health information (PHI). The last breach happened at business associate Wolverine Services Group affecting approximately 60,000 patients. The most recent breach involved the access of an email account by an unauthorized person because … Read more

Insider Breaches at American Indian Health & Services and Madison Parish Hospital

A former employee of American Indian Health & Services violated HIPAA rules by forwarding to a personal email account the email messages that contain the sensitive information of some employees, patients, and vendors. American Indian Health & Services operates a community health clinic in Santa Barbara, CA. American Indian Health & Services discovered the incident … Read more

NIST is Accepting Feedback for the Creation of AI Standards and Tools

The National institute of Standards and Technology (NIST) announced a request for information (RFI) to get industry stakeholders’ comments regarding the formation of new criteria and tools for systems employing artificial intelligence (AI) technologies. An Executive Order on Maintaining American Leadership in Artificial Intelligence calls for NIST to set up a plan for technical criteria … Read more

Bodybuilding.com Data Breach Impacted PHI of 3,193 Employees and Dependents

The owner of Bodybuilding.com, a website on bodybuilding and personal fitness, announced a security incident that potentially resulted in the access of customer and employees information by unauthorized people. Under HIPAA, this type of breach affecting customers is not a reportable ıncident. But HIPAA actually covers group health plans. Therefore, bodybuilding.com had to report the … Read more

Inmediata Breach Notification Letters Sent to Wrong Addresses Due to Mailing Error

After the breach at Inmediata that resulted to PHI exposure, the provider mailed notification letters to the affected people. But a number of folks submitted reports of getting notification letters that were addressed to another person. The breach at Inmediata involved a webpage that company employees used internally, which was accidentally configured to allow its … Read more

Arizona Court of Appeals Permits Patient to File Negligence Claim Against Costco Based on HIPAA Violation

A man from Arizona sued Costco for a privacy violation. The lawsuit was dismissed by the trial court but the Court of Appeals overturned the decision overturned. The Court of Appeals’ ruling allowed the patient to sue the pharmacy for negligence based on a Health Insurance Portability and Accountability Act (HIPAA) violation. The privacy violation … Read more

Philips Tasy EMR Vulnerability Identified

A vulnerability was discovered in the Philips Tasy EMR information system. An attacker could exploit the vulnerability and send to the system unexpected data that could potentially permit an arbitrary code to be executed, change information flow, influence system integrity, and allow the attacker to have unauthorized access of patient data. Security researcher Rafael Honorato … Read more

PHI Exposed Due to a Webpage Misconfiguration and a Server Ransomware Attack

Webpage Misconfiguration Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure of their medical data online. Inmediata discovered in January 2019 the misconfiguration of a webpage that employees use internally, thus allowing search engines to find and index the webpage. There … Read more

Ransomware Attack on Medical Billing Service Provider After an Earlier Computer Breach

The medical billing services provider, Doctors’ Management Service Inc. based in Massachusetts, found out on December 24, 2018 the download of malicious software to its network thus preventing file access. The investigators of the incident discovered that the ransomware GandCrab was used in the attack. Using backups, the provider recovered the files and did not … Read more

Deadline for Commenting on the Proposed Rules to Improve ePHI Interoperability Extended

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information technology and electronic protected health information (ePHI) to June 3, 2019. The Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) … Read more

Three Scientists of MD Anderson Cancer Center Fired Over Issues of Research Data Theft

Three scientists of MD Anderson Cancer Center, the top cancer research center in the world, were recently fired because of espionage fears after the National Institutes of Health (NiH) alerted the center of irregularities relating to grant recipients. Federal officials had instructed NiH, the biggest public funder of biomedical research in the U.S., to investigate … Read more

Fujifilm Computed Radiography Cassette Readers Vulnerabilities Identified

There were two vulnerabilities found in Fujifilm computed radiography cassette readers. An attacker could exploit these vulnerabilities and access the operating system, implement arbitrary code, make the devices inoperable, change functionality, and bring about loss of images. The following Fujifilm computed radiography cassette readers have been found with the vulnerabilities: CR-IR 357 FCR XC-2 CR-IR … Read more

Washington State University Agreed to $4.7 Million Settlement of Class Action Data Breach Lawsuit

The King County Superior Court recently approved a $4.7 million settlement to repay people who suffered theft of their personal data from Washington State University in April 2017. Copies of the personal information of 1,193,190 individuals were stored on portable hard drives and Washington State University kept them in a safe in a self-storage locker. … Read more

About 14,000 People Affected by Klaussner Furniture Industries and Vetern Health Administration Breaches

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees as well as a number of the employees’ dependents. Klaussner Furniture discovered that unauthorized individuals accessed its computers in February 2019. A top rated cybersecurity company helped carry out a … Read more

Breaches at Oregon Endodontic Group and Humana Web Portal Resulted to PHI Compromise

A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On November 13, 2018, the group became aware of suspicious actions in the email account and started an investigation. A third -party forensic firm helped investigate the nature and severity of … Read more

HHS’ Sluggish Implementation of GAO Health IT and Cybersecurity Recommendations

The U.S. Department of Health and Human Services (HHS) is quite slow in implementing the recommendations of the Government Accountability Office (GAO). There are 392 recommendations currently not yet addressed. That includes 42 recommendations rated as high priority by GAO. In the last four years, HHS only addressed 75% of GAO’s recommendations. The poor implementation … Read more

Fears about Cloud Security and the Big Potential of Alexa Voice Technology

At the Dublin Tech Summit in Ireland recently, the chief technology officer of Amazon Web Services, Werner Vogels, dispelled security issues concerning cloud computing. After the news about the exposure of 540 million Facebook records stored on AWS, people have become concerned about the security of information stored in the cloud. Under the General Data Protection … Read more

MD Anderson Cancer Center Contests $4,348,000 HIPAA Civil Monetary Penalty

In 2018, the HHS’ Office for Civil Rights (OCR) issued a $4,348,000 civil monetary penalty (CMP) to University of Texas MD Anderson Cancer Center after discovering several alleged HIPAA violations that resulted to three data breaches in 2012 and 2013. OCR investigated the breaches and found an impermissible disclosure of 34,883 patients’ electronic protected health … Read more

Cyberattack on Hardin Memorial Health Caused EHR Downtime

A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems. The cyberattack began on the evening of April 5. According to spokesperson Troutt of Hardin Memorial Health, IT systems were interrupted because of a security breach. The details of the cyberattack was not provided yet, so it … Read more

Business Associate Error Impacted Burrell Behavioral Health Patients’ PHI

Burrell Behavioral Health notified 67,493 patients regarding the accidental compromise of their healthcare information because of an error at an unnamed business associate in August 2018 . The business associate stored images that include the protected health information (PHI) of some patients at Burrell Behavioral Health. Because the internet-facing portal used by the business associate … Read more

Amazon’s New System for De-identifiying Medical Images

Amazon not long ago introduced a new system that can mark included protected health information (PHI) in medical photos and redact the PHI automatically to make patient no longer identifiable from the images. Medical images typically contain the PHI of patients like names, birth dates, and related details. The PHI appears as plain text in … Read more

PHI of 14,305 Main Line Endoscopy Centers Patients Exposed Due to a Phishing Attack

A phishing attack on Main Line Endoscopy Centers, a group of outpatient endoscopy facilities located in the Bala Cynwyd, Malvern and Media regions of Pennsylvania led to the access of its employee’s email account by an unauthorized individual. The breach occurred after the employee responded to a phishing email. The exact date when the breach … Read more

Health Apps Share User Data Without Users Knowledge

It’s very common to see the use of mobile health apps nowadays. These apps track health metrics to promote healthdul living and so record a variety of sensitive health data. But consumers may have no idea how their data is used and who has access to the information. Any data recorded by an app is … Read more

Lawsuit Filed Against Sharp Grossmont Hospital For Video Recordings of Patients During Gynecology Operations

Sharp HealthCare and Sharp Grossmont Hospital were charged with a lawsuit alleging that the hospital covertly took a video of female patients while undressing and while undergoing gynecological examinations. As per the lawsuit, the hospital had video cameras installed on drug carts in three operating rooms at its facility on Grossmont Center Drive in El … Read more

Issues on Sharing Health Data with Non-HIPAA Covered Entities Using Apps and Consumer Devices

The eHealth Initiative Foundation and Manatt Health gave a brief that requires introducing a values framework in order to efficiently protect health data that is gathered, stored, and utilized by organizations that the law does not require to conform to the Health Insurance Portability and Accountability Act (HIPAA) Rules. Medical information is being collected more … Read more

HIPAA Administrative Simplification Rules Compliance Review Program Launched By CMS

The HHS’ Centers for Medicare and Medicaid Services (CMS) introduced a compliance review program for assessing the compliance of HIPAA covered entities with the HIPAA Administrative Simplification Rules for electronic healthcare transactions. The compliance reviews are going to start in April 2019. Why Adopt the HIPAA Administrative Simplification Rules The goal for introducing the HIPAA … Read more

Three Email Security Incidents Exposed PHI

In the past few days, there were three reports of email system breaches that resulted in the unauthorized access of email accounts that contain protected health information (PHI). Navicent Health based in Macon, GA is notifying patients regarding the potential compromise of some of their PHI because of a phishing attack on its email system. … Read more

Phishing Attack on Oregon Department of Human Services Impacts 350,000 People

A phishing attack on the Oregon Department of Human Services (ODHS) potentially resulted to the viewing or access of the protected health information (PHI) of over 350,000 people by unauthorized individuals. ODHS found out on January 28, 2019 that unauthorized persons accessed email accounts that contain the personal information of its clients. The forensics specialists … Read more

A Patient Sues Northwestern Medicine Over Medical Information Disclosure on Social Media

Gina Graziano, a patient of Northwestern Medicine Regional Medical Group, is suing the medical group for the disclosure of sensitive medial information on Twitter and Facebook. She discovered that a number of of her sensitive medical data were disclosed on social media platforms and made a complaint to Northwestern Medicine about the privacy breach. Upon … Read more

Breach of Patient Data at New Jersey Healthcare Provider Found Due to Unprotected Data Server

Security researcher Jeremiah Fowler discovered an unsecured healthcare database containing about 37,000 records on March 1, 2019. A brief review of the database revealed that the records belonged to Home Health Radiology Services LLC, a healthcare provider in New Jersey. The database comprised highly sensitive patient data including names, addresses, telephone numbers, and birth dates … Read more

Potentially Massive Breach of PHI Due to Unprotected Fax Server

Meditab Software Inc., a medical software provider based in Sacramento, CA, and MedPharm Services, its affiliate based in San Juan, PR, had an enormous breach of protected health information (PHI). Meditab provides hospitals, doctor’s clinics, and pharmacies with electronic medical record (EMR) and practice management software. The company website claims that it has over 2,200 … Read more

Internet of Things Improvement Act Requires Federal Government to Buy IoT Devices Meeting Minimum Security Standards

U.S. Sens. Cory Gardner (R-CO) and Mark R. Warner (D-VA) are co-chairs of the Senate Cybersecurity Caucus, and Sens. Steve Daines (R-MT) and Maggie Hassan (D-NH) introduced The Internet of Things Improvement Act. This Act calls for the U.S. government to buy only IoT devices that satisfy minimum security requirements. Reps. Will Hurd (R-TX) and … Read more

Workplace Safety Survey Shows Healthcare Employees Lack Awareness of Emergency Plans

Rave Mobile Safety based in Framingham, MA released the findings of its yearly workplace safety and preparedness survey. According to the report, emergency preparedness was better this year than in 2017, but there is still much to be improved, particularly in the healthcare and education sectors. The survey involved the participation of 540 full time … Read more

Check Point Explains the Security Risks of Medical Devices

Check Point researchers demonstrated how it is possible to quickly access IoT medical devices. It serves as a warning not to ignore the security risks of medical devices. There were big technological developments in the last few years that led to the creation of new medical equipment. However, the IT settings where the devices are … Read more

21,000 Patients Affected by Breaches at Pasquotank-Camden Emergency Medical Services and Oklahoma Heart Hospital

Pasquotank-Camden Emergency Medical Services (PCEMS) found out that hackers gained access to its server where its billing system is located. The protected health information (PHI) of 20,420 patients are contained in this location. Because of the attack, the hackers possibly accessed the highly sensitive data of persons who acquired healthcare services from PCEMS in the … Read more

Hacking and Malware Incidents in Healthcare Increased According to Beazley Report

The most recent Beazley Breach Insights Report states that healthcare is the industry sector most hit by breach incidents. About 41% of all breach reports received by Beazley Breach Response (BBR) Services were from the healthcare industry. Throughout all industry sectors, the following statistics show the causes of the breaches: #1 hacking and malware attacks … Read more

Hospitals Have High Risk Exposure to Devastating Cyberattack

According to the new Moody’s Investors Service Report, four industry sectors face considerable financial risks from cyberattacks. These include the hospitals, market infrastructure providers, banks and securities companies. Those four sectors were identified to have high cyber risk exposure because they are very much dependent on technology for everyday operations, content distribution and customer engagement. … Read more

400,000 Patients of Columbia Surgical Specialists of Spokane Affected by Ransomware Attack

Columbia Surgical Specialists of Spokane located in Washington encountered a ransomware attack, which resulted to the potential access of unauthorized persons to the protected health information (PHI) of around 400,000 patients. The Department of Health and Human Services’ Office for Civil Rights received the security breach report on February 18, 2019 and posted the incident … Read more

Rush University Medical Center Data Breach Impacts PHI of 45,000 Patients

Rush University Medical Center is informing roughly 45,000 patients about the exposure of their protected health information (PHI) because of a data incident that happened at a financial services vendor. Rush knew about the incident on January 22, 2019. It was discovered that one of the financial services vendor’s employee disclosed a document that contains … Read more