HIPAA News

The U.S. Department of Justice charged two Chinese nationals for allegedly instigating the 2015 hacking of Anthem Inc. Fujie Wang, 32 years old, and an…

This is the second time in two months that Spectrum Health Lakeland announced the occurrence of a breach exposing some patients’ protected health information (PHI)….

A former employee of American Indian Health & Services violated HIPAA rules by forwarding to a personal email account the email messages that contain the…

The National institute of Standards and Technology (NIST) announced a request for information (RFI) to get industry stakeholders’ comments regarding the formation of new criteria…

The owner of Bodybuilding.com, a website on bodybuilding and personal fitness, announced a security incident that potentially resulted in the access of customer and employees…

After the breach at Inmediata that resulted to PHI exposure, the provider mailed notification letters to the affected people. But a number of folks submitted…

A February 2019 phishing attack on Baystate Health led to the compromise of the protected health information (PHI) of 12,000 patients. On April 11 Attorney…

A man from Arizona sued Costco for a privacy violation. The lawsuit was dismissed by the trial court but the Court of Appeals overturned the…

A vulnerability was discovered in the Philips Tasy EMR information system. An attacker could exploit the vulnerability and send to the system unexpected data that…

Webpage Misconfiguration Inmediata Health Group Corp, a clearinghouse, software program, and business process solutions provider, notified some of its clients’ patients about the accidental exposure…

The medical billing services provider, Doctors’ Management Service Inc. based in Massachusetts, found out on December 24, 2018 the download of malicious software to its…

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information…

Three scientists of MD Anderson Cancer Center, the top cancer research center in the world, were recently fired because of espionage fears after the National…

There were two vulnerabilities found in Fujifilm computed radiography cassette readers. An attacker could exploit these vulnerabilities and access the operating system, implement arbitrary code,…

The King County Superior Court recently approved a $4.7 million settlement to repay people who suffered theft of their personal data from Washington State University…

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees…

A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On…

Centrelake Medical Group, which has 8 medical imaging and oncology centers located in California, is sending notifications to some patients about the exposure of some…

The U.S. Department of Health and Human Services (HHS) is quite slow in implementing the recommendations of the Government Accountability Office (GAO). There are 392…

At the Dublin Tech Summit in Ireland recently, the chief technology officer of Amazon Web Services, Werner Vogels, dispelled security issues concerning cloud computing. After the…

In 2018, the HHS’ Office for Civil Rights (OCR) issued a $4,348,000 civil monetary penalty (CMP) to University of Texas MD Anderson Cancer Center after…

A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems. The cyberattack began on the evening of…

Burrell Behavioral Health notified 67,493 patients regarding the accidental compromise of their healthcare information because of an error at an unnamed business associate in August…

Amazon not long ago introduced a new system that can mark included protected health information (PHI) in medical photos and redact the PHI automatically to…

A phishing attack on Main Line Endoscopy Centers, a group of outpatient endoscopy facilities located in the Bala Cynwyd, Malvern and Media regions of Pennsylvania…

It’s very common to see the use of mobile health apps nowadays. These apps track health metrics to promote healthdul living and so record a…

Sharp HealthCare and Sharp Grossmont Hospital were charged with a lawsuit alleging that the hospital covertly took a video of female patients while undressing and…

The eHealth Initiative Foundation and Manatt Health gave a brief that requires introducing a values framework in order to efficiently protect health data that is…

The HHS’ Centers for Medicare and Medicaid Services (CMS) introduced a compliance review program for assessing the compliance of HIPAA covered entities with the HIPAA…

A class action lawsuit has been filed against the University of Connecticut and UConn Health in behalf of patients for the exposure of their protected…

In the past few days, there were three reports of email system breaches that resulted in the unauthorized access of email accounts that contain protected…

A phishing attack on the Oregon Department of Human Services (ODHS) potentially resulted to the viewing or access of the protected health information (PHI) of…

Gina Graziano, a patient of Northwestern Medicine Regional Medical Group, is suing the medical group for the disclosure of sensitive medial information on Twitter and…

Security researcher Jeremiah Fowler discovered an unsecured healthcare database containing about 37,000 records on March 1, 2019. A brief review of the database revealed that…

Meditab Software Inc., a medical software provider based in Sacramento, CA, and MedPharm Services, its affiliate based in San Juan, PR, had an enormous breach…

U.S. Sens. Cory Gardner (R-CO) and Mark R. Warner (D-VA) are co-chairs of the Senate Cybersecurity Caucus, and Sens. Steve Daines (R-MT) and Maggie Hassan…

Rave Mobile Safety based in Framingham, MA released the findings of its yearly workplace safety and preparedness survey. According to the report, emergency preparedness was…

Check Point researchers demonstrated how it is possible to quickly access IoT medical devices. It serves as a warning not to ignore the security risks…

Audits performed by the HHS’ Office of Inspector General (OIG) showed the HHS Operating Divisions (OPDIVs) to have several safety vulnerabilities. From 2016 to 2017,…

Michigan Attorney General Dana Nessel issued an alert regarding the potential impact of the ransomware attack on Wolverine Solutions Group in Detroit to over 600,000…

Pasquotank-Camden Emergency Medical Services (PCEMS) found out that hackers gained access to its server where its billing system is located. The protected health information (PHI)…

Emerson Hospital located in Concord, MA, is notifying 6,300 patients about the exposure of some of their protected health information (PHI) because of a security…

The most recent Beazley Breach Insights Report states that healthcare is the industry sector most hit by breach incidents. About 41% of all breach reports…

According to the new Moody’s Investors Service Report, four industry sectors face considerable financial risks from cyberattacks. These include the hospitals, market infrastructure providers, banks…

Columbia Surgical Specialists of Spokane located in Washington encountered a ransomware attack, which resulted to the potential access of unauthorized persons to the protected health…

Rush University Medical Center is informing roughly 45,000 patients about the exposure of their protected health information (PHI) because of a data incident that happened…

From March 20, 2019, insurance firms based in Ohio will need to follow Senate Bill 273. This new law requires insurance companies to create and…

UConn Health is informing around 326,000 patients regarding the exposure of some of their personal data because of a phishing attack on several of UConn…

Rutland Regional Medical Center (RRMC) located in Rutland City is the biggest community hospital in the Vermont state. It was discovered that hackers accessed nine…

The FTC received a complaint that was submitted concerning Facebook’s misleading practices. The complaint claims that health-related information disclosed in closed, purportedly anonymous and non-public…

Because businesses and hospitals in Maryland had suffered a large number of ransomware attacks, the new Senate Bill 151 was introduced to increase ransomware attacks…

March 1, 2019 is the deadline for sending the Department of Health and Human Services’ Office for Civil Rights all 2018 data breach reports for…

Paper documents containing patient data was stolen from the vehicle of an employee of Anesthesia Associates of Kansas City on December 14, 2018. A bag…

The United Hospital District based in Blue Earth, MN discovered the exposure of patient information and its potential access by an unauthorized person due to…

An attacker got access to an EyeSouth Partners employee’s email account resulting to the potential viewing or theft of the protected health information (ePHI) of…

Amazon Alexa can be used in the healthcare industry but it is limited because of its non-HIPAA compliance. Although that may change in the near…

Wyoming is looking at repealing the Hospital Records Act of 1991, which was passed to ensure that hospitals are taking steps to protect patient data…

Community Health Systems’ (CHS) is offering compensation to its patients for the theft of their protected health information (PHI) during a cyberattack in 2014. Community…

The Reproductive Medicine and Infertility Associates network was infected by malware, according to an infertility clinic in Woodbury, MN. Although there’s no proof found that…

Roper St. Francis Healthcare based in Charleston, SC experienced a large-scale phishing attack, which allowed the attackers to access 13 employees’ email accounts. Roper St….

The Oregon Health Information Property Act is a proposal that allows patients to give consent to their healthcare providers to sell their health information and…

Becton, Dickinson and Company (BD) has discovered an access control flaw in its BD FACSLyric flow cytometry solution. If an attacker exploits vulnerability, access to…

Verity Health System is a network of 6 hospitals based in Redwood City, California. It has encountered a phishing attack on November 27, 2018 resulting…

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued an emergency alert concerning DNS hijacking attacks. CISA instructed all government agencies…

Seven prominent hospital associations, such as the American Hospital Association (AHA), are striving to have better data sharing throughout the healthcare industry. A new report…

A General Data Protection Regulation (GDPR) breach involving the Marriott Hotels group was investigated and the results revealed that less people were actually impacted than…

The U.S. Department of Health and Human Services’ Office for Civil Rights is looking for someone to fill in the position of a permanent Deputy…

Centerstone Insurance and Financial Services, also known as BenefitMall, started informing around 111,000 individuals about the possible compromise and theft of some protected health information…

An unencrypted laptop was stolen from the Phoenix, Arizona clinic of Solis Mammography, otherwise known as Ben-Ora, Hansen, Vanesian Imaging Ltd. Solis Mammography learned of…

Sacred Heart Rehabilitation Center located in Memphis, MI offers to HIV/AIDS patients substance abuse treatment and care services. The center learned that an unauthorized individual…

On October 28, 2018, a cyber attacker initiated a targeted phishing attack on Kent County Community Mental Health Authority, dba Network180. The employees were not…

The National Counterintelligence and Security Center (NCSC) started a new campaign – the “Know the Risk, Raise your Shield” campaign for the Office of the…

An Irish Data protection Commission (DPC) representative recently shared in an interview that the agency will enforce the General Data Protection Regulation (GDPR) much more…

The Managed Health Services based in Indianapolis, IN, which runs the Hoosier Care Connect Medicaid and Hoosier Healthwise programs, announced to 31,876 plan members on…

A phishing attack on Chaplaincy Health Care, a not-for-profit healthcare provider located in Richland, WA caused the exposure of the protected health information (PHI) of…

Choice Rehabilitation of Creve Coeur, MO learned that an unauthorized person accessed an employee’s email account and set up a mail forwarder, which sent email…

The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) published a notification regarding increased Chinese malicious cyber activity focusing on IT…

Humana-owned Family Physicians Group in Orlando notified 8,400 patients that a number of their protected health information (PHI) were potentially compromised because of a phishing…

Clearwater identified the most typical security flaws in the healthcare industry using the data analyses of IRM done during the last 6 years. There were…

Blue Cross Blue Shield of Michigan informed about 15,000 clients that some of their personal information kept on a laptop was compromised as the laptop…

A serious phishing attack on the San Diego School District resulted to the compromise of the private data, including health data, of around 500,000 students…

Massachusetts Attorney General Maura Healey issued to McLean Hospital a HIPAA violation fine amounting to $75,000 in relation to a data breach in 2015 that…

A vulnerability (CVE-2018-8340) was discovered in Microsoft’s Active Directory Federation Services (ADFS) which can permit an attacker to very easily circumvent multi-factor authentication (MFA). ADFS…

The Irish Data Protection Commission (DPC) is investigating one more prospective General Data Protection Regulation (GDPR) violation by Facebook, following the admission of the company…

An unauthorized person accessed the email account of a nurse at CCRM Dallas Fort Worth. CCRM discovered the breach on October 4, 2018, following the…

Based on a new Kaspersky Lab report, Cyber Pulse: The State of Cybersecurity in Healthcare, 27% of healthcare workers reported their company had encountered at…

About 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital received notifications that some of their protected health information (PHI) were compromised…

Google has announced their final decision to make a few modifications to its terms of service and privacy policy. The major change is the naming…

A request for information (RFI) issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) is striving to get feedback from…

The University of Maryland Medical System found the unauthorized installation of a malware on its system on December 9, 2018. Because of the speedy response…

The latest study by Insights, an enterprise threat management platform provider, unveiled a startling number of healthcare information is openly accessible on the internet due…

New Jersey state attorney general’s office penalized the health insurance provider EmblemHealth the amount of $100,000 for a data breach in 2016 that compromised the…

At the end of November, the Department of Justice charged two Iranians in connection with the SamSam ransomware attacks. However, the attacks are unlikely to…

The HHS’ Office for Civil Rights (OCR) investigated an incident of impermissible PHI disclosure by a business associate of a HIPAA-covered entity and found major…

Medical Informatics Engineering and NoMoreClipboard was charged with multi-state federal lawsuit over the 2015 data breach exposing the information of 3.9 million people. Indiana Attorney…

Georgia Spine and Orthopaedics of Atlanta (GSOA) is informing a number o its patients concerning a phishing attack that caused the possible theft and exposure…

Healthcare billing services provider, AccuDoc Solutions Inc, reported a data breach that caused the compromise of the protected health information (PHI) of 2,650,000 Atrium Health…

Mercy Medical Center North Iowa found out that an old employee possibly accessed patients’ healthcare records without appropriate authorization for over 12 months. The medical…

The United Kingdom’s Information Commissioner’s Office (ICO) discovered that the options for the Washington Post online subscription are not General Data Protection Regulation (GDPR) compliant….

A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information…