HIPAA News

From March 20, 2019, insurance firms based in Ohio will need to follow Senate Bill 273. This new law requires insurance companies to create and…

UConn Health is informing around 326,000 patients regarding the exposure of some of their personal data because of a phishing attack on several of UConn…

Rutland Regional Medical Center (RRMC) located in Rutland City is the biggest community hospital in the Vermont state. It was discovered that hackers accessed nine…

The FTC received a complaint that was submitted concerning Facebook’s misleading practices. The complaint claims that health-related information disclosed in closed, purportedly anonymous and non-public…

Because businesses and hospitals in Maryland had suffered a large number of ransomware attacks, the new Senate Bill 151 was introduced to increase ransomware attacks…

March 1, 2019 is the deadline for sending the Department of Health and Human Services’ Office for Civil Rights all 2018 data breach reports for…

Paper documents containing patient data was stolen from the vehicle of an employee of Anesthesia Associates of Kansas City on December 14, 2018. A bag…

The United Hospital District based in Blue Earth, MN discovered the exposure of patient information and its potential access by an unauthorized person due to…

An attacker got access to an EyeSouth Partners employee’s email account resulting to the potential viewing or theft of the protected health information (ePHI) of…

Amazon Alexa can be used in the healthcare industry but it is limited because of its non-HIPAA compliance. Although that may change in the near…

Wyoming is looking at repealing the Hospital Records Act of 1991, which was passed to ensure that hospitals are taking steps to protect patient data…

Community Health Systems’ (CHS) is offering compensation to its patients for the theft of their protected health information (PHI) during a cyberattack in 2014. Community…

The Reproductive Medicine and Infertility Associates network was infected by malware, according to an infertility clinic in Woodbury, MN. Although there’s no proof found that…

Roper St. Francis Healthcare based in Charleston, SC experienced a large-scale phishing attack, which allowed the attackers to access 13 employees’ email accounts. Roper St….

The Oregon Health Information Property Act is a proposal that allows patients to give consent to their healthcare providers to sell their health information and…

Becton, Dickinson and Company (BD) has discovered an access control flaw in its BD FACSLyric flow cytometry solution. If an attacker exploits vulnerability, access to…

Verity Health System is a network of 6 hospitals based in Redwood City, California. It has encountered a phishing attack on November 27, 2018 resulting…

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued an emergency alert concerning DNS hijacking attacks. CISA instructed all government agencies…

Seven prominent hospital associations, such as the American Hospital Association (AHA), are striving to have better data sharing throughout the healthcare industry. A new report…

A General Data Protection Regulation (GDPR) breach involving the Marriott Hotels group was investigated and the results revealed that less people were actually impacted than…

The U.S. Department of Health and Human Services’ Office for Civil Rights is looking for someone to fill in the position of a permanent Deputy…

Centerstone Insurance and Financial Services, also known as BenefitMall, started informing around 111,000 individuals about the possible compromise and theft of some protected health information…

An unencrypted laptop was stolen from the Phoenix, Arizona clinic of Solis Mammography, otherwise known as Ben-Ora, Hansen, Vanesian Imaging Ltd. Solis Mammography learned of…

Sacred Heart Rehabilitation Center located in Memphis, MI offers to HIV/AIDS patients substance abuse treatment and care services. The center learned that an unauthorized individual…

On October 28, 2018, a cyber attacker initiated a targeted phishing attack on Kent County Community Mental Health Authority, dba Network180. The employees were not…

The National Counterintelligence and Security Center (NCSC) started a new campaign – the “Know the Risk, Raise your Shield” campaign for the Office of the…

An Irish Data protection Commission (DPC) representative recently shared in an interview that the agency will enforce the General Data Protection Regulation (GDPR) much more…

The Managed Health Services based in Indianapolis, IN, which runs the Hoosier Care Connect Medicaid and Hoosier Healthwise programs, announced to 31,876 plan members on…

A phishing attack on Chaplaincy Health Care, a not-for-profit healthcare provider located in Richland, WA caused the exposure of the protected health information (PHI) of…

Choice Rehabilitation of Creve Coeur, MO learned that an unauthorized person accessed an employee’s email account and set up a mail forwarder, which sent email…

The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) published a notification regarding increased Chinese malicious cyber activity focusing on IT…

Humana-owned Family Physicians Group in Orlando notified 8,400 patients that a number of their protected health information (PHI) were potentially compromised because of a phishing…

Clearwater identified the most typical security flaws in the healthcare industry using the data analyses of IRM done during the last 6 years. There were…

Blue Cross Blue Shield of Michigan informed about 15,000 clients that some of their personal information kept on a laptop was compromised as the laptop…

A serious phishing attack on the San Diego School District resulted to the compromise of the private data, including health data, of around 500,000 students…

Massachusetts Attorney General Maura Healey issued to McLean Hospital a HIPAA violation fine amounting to $75,000 in relation to a data breach in 2015 that…

A vulnerability (CVE-2018-8340) was discovered in Microsoft’s Active Directory Federation Services (ADFS) which can permit an attacker to very easily circumvent multi-factor authentication (MFA). ADFS…

The Irish Data Protection Commission (DPC) is investigating one more prospective General Data Protection Regulation (GDPR) violation by Facebook, following the admission of the company…

An unauthorized person accessed the email account of a nurse at CCRM Dallas Fort Worth. CCRM discovered the breach on October 4, 2018, following the…

Based on a new Kaspersky Lab report, Cyber Pulse: The State of Cybersecurity in Healthcare, 27% of healthcare workers reported their company had encountered at…

About 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital received notifications that some of their protected health information (PHI) were compromised…

Google has announced their final decision to make a few modifications to its terms of service and privacy policy. The major change is the naming…

A request for information (RFI) issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) is striving to get feedback from…

The University of Maryland Medical System found the unauthorized installation of a malware on its system on December 9, 2018. Because of the speedy response…

The latest study by Insights, an enterprise threat management platform provider, unveiled a startling number of healthcare information is openly accessible on the internet due…

New Jersey state attorney general’s office penalized the health insurance provider EmblemHealth the amount of $100,000 for a data breach in 2016 that compromised the…

At the end of November, the Department of Justice charged two Iranians in connection with the SamSam ransomware attacks. However, the attacks are unlikely to…

The HHS’ Office for Civil Rights (OCR) investigated an incident of impermissible PHI disclosure by a business associate of a HIPAA-covered entity and found major…

Medical Informatics Engineering and NoMoreClipboard was charged with multi-state federal lawsuit over the 2015 data breach exposing the information of 3.9 million people. Indiana Attorney…

Georgia Spine and Orthopaedics of Atlanta (GSOA) is informing a number o its patients concerning a phishing attack that caused the possible theft and exposure…

Healthcare billing services provider, AccuDoc Solutions Inc, reported a data breach that caused the compromise of the protected health information (PHI) of 2,650,000 Atrium Health…

Mercy Medical Center North Iowa found out that an old employee possibly accessed patients’ healthcare records without appropriate authorization for over 12 months. The medical…

The United Kingdom’s Information Commissioner’s Office (ICO) discovered that the options for the Washington Post online subscription are not General Data Protection Regulation (GDPR) compliant….

A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information…

St. John’s Episcopal Hospital and Episcopal Health Services located in New York have informed former and current patients about the potential compromise of their protected…

Microsoft Office is under review by Dutch investigators due to complaints of the EU’s General Data Protection Regulations (GDPR) violation. Allegedly, Microsoft’s software is gathering…

A phishing attack on New York Oncology Hematology in Albany, New York resulted to the compromise of 15 employee email accounts and gave the hackers…

HealthEquity is informing 190,000 people about the exposure of some of their protected health information (PHI) because of a phishing attack. HealthEquity is a company…

The operators of the WordPress content management platform gave an advisory to users regarding the need to refresh the WP GDPR Compliance plug-in immediately because…

Inova Health System in Virginia began notifying its 12,331 patients regarding the unauthorized access of some of their protected health information (PHI). On September 5,…

A phishing attack on Metrocare Services, the biggest mental health services provider in North Texas, resulted in the compromise of the protected health information (PHI)…

Upstate University Hospital located in Syracuse, NY notified 1,216 of its patients regarding the impermissible access of a former personnel to some of their protected…

Altus Hospital located in Baytown, Texas had been attacked by ransomware, which encrypted much of the hospital data records. The attack did not have an…

Facebook is confronted with the wrath of EU’s General Data Protection Regulation (GDPR) once more after the UK Information Commissioner Office (ICO) made a complaint…

Accessing of patient information by healthcare employees who are not authorized to do so is clearly a violation of the Health Insurance Portability and Accountability…

Apple CEO Tim Cook was guest speaker at the 40th edition of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels and…

The protected health information (PHI) of around 40,000 patients of the Jones Eye Clinic and its associate surgery center, CJ Elmwood Partners, L.P, located in…

Catawba Valley Medical Center (CVMC) based in Hickory, NC discovered on August 13, 2018 the access of an unauthorized person to the email account of…

There is a flaw in the Employees Retirement System of Texas (ERS) OnLine portal. It was discovered when a number of people entered the portal…

In August 2018, BDO USA conducted a survey as part of the BDO 2018 Cyber Governance Survey. It was participated by 145 U.S. company board…

MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of…

The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on…

Raley’s Pharmacy is notifying about 10,000 patients about the potential compromise of some of their protected health information (PHI). The incident on September 24, 2018…

The U.S. Food and Drug Administration (FDA) along with the Department of Homeland Security (DHS) presented a memorandum of agreement to make use of a…

The email accounts of two employees of the Children’s Hospital of Philadelphia (CHOP) were compromised after the successful phishing attacks launched on August 23 and…

The Department of Health and Human Services’ Office of Inspector General (OIG) issued a new report stating that most Medicaid data breaches are rather minor…

A health insurance system connected to the HealthCare.gov website was hacked according to the Centers for Medicaid & Medicare Services (CMS). The sensitive data of…

Aetna committed two mailing errors in 2017, which caused the impermissible disclosure of the protected health information (PHI) of its members. Because of the data…

OCR has issued a settlement fine to Anthem for potential HIPAA violations that led to a 78.8 million records breach in 2015. Anthem paid $16…

According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by…

Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks….

The ECRI Institute, a non-profit firm that researches new methods to improve patient care, has recently released an annual listing of the top 10 Health…

There were two phishing attacks on the Minnesota Department of Human Services (DHS) that impacted 21,000 persons provided with medical assistance. DHS already mailed the…

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare sector to have increased awareness…

Under the HIPAA Privacy Rule, patients have the right to get a copy of their health records from healthcare providers. When requested, copies of health…

Michigan Medicine is informing over 3,600 patients that some of their protected health information (PHI) was impermissibly disclosed. The Michigan Medicine Development Office had a…

Lambda Legal filed a lawsuit on behalf of 93 data breach victims who are lower-income HIV positive persons whose highly sensitive protected health information (PHI)…

On October 1, 2018, the U.S. Food and Drug Administration presented a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook created to assist healthcare…

Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users….

The National Institute of Standards and Technology (NIST) produced a draft of the guidance that is made to support federal agencies and other firms understand…

Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access…

Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative…

Claxton-Hepburn Medical Center is a not-for-profit community hospital located in Ogdensburg, NY. A number of its employees were terminated from work for accessing patient medical…

Three hospitals paid the Department of Health and Human Services’ Office for Civil Rights (OCR) a fine of $999,000 to settle their HIPAA violation. Because…

Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email…

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is notifying 1,567 plan members about the impermissible disclosure of their protected health information (PHI) by…

The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed…

Independence Blue Cross in Philadelphia is sending notifications to thousands of its plan members because of the potential exposure of their protected health information (PHI)…

Hopebridge is a network of 28 autism treatment centers located all over the Midwest. It experienced a phishing attack, which potentially resulted in the access…

Acadiana Computer Services Inc., which provides the healthcare industry in Lafayette, LA with software and business solutions, discovered that an unauthorized person accessed an employee’s…