UConn Health is informing around 326,000 patients regarding the exposure of some of their personal data because of a phishing attack on several of UConn Health employees. UConn Health discovered the phishing attack on December 24, 2018 and secured all email accounts. An internal investigation confirmed that the breach involved the access of several email … Read more
Rutland Regional Medical Center (RRMC) located in Rutland City is the biggest community hospital in the Vermont state. It was discovered that hackers accessed nine employees’ email accounts and possibly viewed or acquired the protected health information (PHI) of patients. On December 21, 2018, an employee of RRMC discovered that a lot of spam emails … Read more
The FTC received a complaint that was submitted concerning Facebook’s misleading practices. The complaint claims that health-related information disclosed in closed, purportedly anonymous and non-public Facebook groups has been compromised. Congress is asking Facebook to give answers regarding the purported privacy violations concerning the Facebook PHR (Groups) system. The House Committee on Energy & Commerce … Read more
Because businesses and hospitals in Maryland had suffered a large number of ransomware attacks, the new Senate Bill 151 was introduced to increase ransomware attacks penalties. Hopefully, the higher ransomware attacks penalties would dissuade people from doing ransomware attacks in the state. As per the bill, ransomware refers to computer or data contaminant, lock or … Read more
March 1, 2019 is the deadline for sending the Department of Health and Human Services’ Office for Civil Rights all 2018 data breach reports for breaches which affected less than 500 people. The HIPAA Breach Notification Rule calls for all HIPAA-covered entities and business associates to file data breaches with 500 and up healthcare records … Read more
Paper documents containing patient data was stolen from the vehicle of an employee of Anesthesia Associates of Kansas City on December 14, 2018. A bag that contain patient schedules was left by the employee in his car. Information such as names, dates of birth, surgery dates, types of surgical operations and names of surgeons were … Read more
The United Hospital District based in Blue Earth, MN discovered the exposure of patient information and its potential access by an unauthorized person due to a phishing attack in June 2018. One email account was compromised because of the phishing incident. The attacker got the credentials of the email account because an employee responded to … Read more
An attacker got access to an EyeSouth Partners employee’s email account resulting to the potential viewing or theft of the protected health information (ePHI) of about 24,000 patients. EyeSouth Partners, a business associate of Cobb Eye Center, Georgia Ophthalmology Associates, South Georgia Eye Partners and Georgia Eye Associates, knew about the breach of data on … Read more
Amazon Alexa can be used in the healthcare industry but it is limited because of its non-HIPAA compliance. Although that may change in the near future. At this time, AWS, Amazon’s cloud platform, supports HIPAA compliance. Amazon’s voice recognition technology may also be used much more extensively in healthcare. However, before Alexa could reach its … Read more
Wyoming is looking at repealing the Hospital Records Act of 1991, which was passed to ensure that hospitals are taking steps to protect patient data privacy. The law was enacted five years prior to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. It mandated hospitals to employ privacy and security measures that were … Read more
Community Health Systems’ (CHS) is offering compensation to its patients for the theft of their protected health information (PHI) during a cyberattack in 2014. Community Health Systems Tennessee is one of the biggest healthcare systems managing more than 200 hospitals in the U.S. In 2014, CHS found that malware was installed on its systems, which … Read more
The Reproductive Medicine and Infertility Associates network was infected by malware, according to an infertility clinic in Woodbury, MN. Although there’s no proof found that suggest access to or exfiltration of any patient information by the malware. it cannot be ruled out that there’s no data breach. The clinic detected the malware attack on December … Read more
Roper St. Francis Healthcare based in Charleston, SC experienced a large-scale phishing attack, which allowed the attackers to access 13 employees’ email accounts. Roper St. Francis Healthcare discovered the phishing attack on November 30, 2018 and blocked the access to a company email account. Upon investigation, it was found that more email accounts were compromised. … Read more
The Oregon Health Information Property Act is a proposal that allows patients to give consent to their healthcare providers to sell their health information and to get payment in return for permitting third parties to use their data. At present, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule the allowable uses and disclosures … Read more
Becton, Dickinson and Company (BD) has discovered an access control flaw in its BD FACSLyric flow cytometry solution. If an attacker exploits vulnerability, access to administrative level privileges can be gained on a vulnerable workstation and deploy commands. A low-level skilled attacker can exploit the vulnerability. BD thoroughly checks its software for possible vulnerabilities and … Read more
Verity Health System is a network of 6 hospitals based in Redwood City, California. It has encountered a phishing attack on November 27, 2018 resulting in the potential compromise of the protected health information (PHI) of some patients. A hacker was able to obtain a Verity Health employee’s Office 365 credentials as a consequence of … Read more
The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued an emergency alert concerning DNS hijacking attacks. CISA instructed all government agencies to audit their DNS configurations within 10 days. CISA’s information claimed that hackers were eyeing on government agencies and changing their Domain Name System (DNS) records. DNS records identify the … Read more
Seven prominent hospital associations, such as the American Hospital Association (AHA), are striving to have better data sharing throughout the healthcare industry. A new report called “Sharing data, Saving Lives: The Hospital Agenda for Interoperability” tries to enlist and broaden the support of the public and private stakeholder to speed up interoperability and help get … Read more
The U.S. Department of Health and Human Services’ Office for Civil Rights is looking for someone to fill in the position of a permanent Deputy Director for Health Information Privacy. The details of the advertisement was posted on January 14, 2019 on USAJOBS. Deven McGraw was the previous permanent Deputy Director. He decided to leave … Read more
Centerstone Insurance and Financial Services, also known as BenefitMall, started informing around 111,000 individuals about the possible compromise and theft of some protected health information (PHI) because of an email security incident lately. BenefitMall located in Dallas, TX is a business that offer HR, employee benefits, salaries and employer services. It has around 20,000 consultants, … Read more
An unencrypted laptop was stolen from the Phoenix, Arizona clinic of Solis Mammography, otherwise known as Ben-Ora, Hansen, Vanesian Imaging Ltd. Solis Mammography learned of the incident on October 17, 2018 and informed law enforcement immediately but the laptop hasn’t been retrieved up to now. A computer forensics company is assisting Solis Mammography in rebuilding … Read more
Sacred Heart Rehabilitation Center located in Memphis, MI offers to HIV/AIDS patients substance abuse treatment and care services. The center learned that an unauthorized individual accessed an employee’s email account because of the phishing email the employee responded to. The email-related breach took place between April 5 and April 7, 2018. It is not known … Read more
On October 28, 2018, a cyber attacker initiated a targeted phishing attack on Kent County Community Mental Health Authority, dba Network180. The employees were not able to identify the phishing emails sent to them because they seemed to come from a reputable source. In the period covering November 2 to 13, three employees responded to … Read more
The National Counterintelligence and Security Center (NCSC) started a new campaign – the “Know the Risk, Raise your Shield” campaign for the Office of the Director of National Intelligence. Its purpose is to boost public awareness regarding cyber threats and to have companies in all industries to improve their data security processes and cyber defenses. … Read more
The Managed Health Services based in Indianapolis, IN, which runs the Hoosier Care Connect Medicaid and Hoosier Healthwise programs, announced to 31,876 plan members on December 2018 that their protected health information (PHI) were potentially disclosed in two different breaches. The first breach was the result of a phishing attack on a Manage Health Services’ … Read more
A phishing attack on Chaplaincy Health Care, a not-for-profit healthcare provider located in Richland, WA caused the exposure of the protected health information (PHI) of 1,080 patients. The phishing attack happened on November 20, 2018 and it was quickly identified within 4 hours. Chaplaincy Health care immediately took action to prevent unauthorized access. A third-party … Read more
Choice Rehabilitation of Creve Coeur, MO learned that an unauthorized person accessed an employee’s email account and set up a mail forwarder, which sent email messages to a personal email account. This mail forwarder was active from July 1, 2018 to September 30, 2018. After a complete analysis of the email account, it was confirmed … Read more
The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) published a notification regarding increased Chinese malicious cyber activity focusing on IT service providers for instance Managed Security Service Providers (MSSPs), Managed Service Provider (MSPs), Cloud Service Providers (CSPs) and their clients. The attacks exploit trust relationships between customers and IT service … Read more
Humana-owned Family Physicians Group in Orlando notified 8,400 patients that a number of their protected health information (PHI) were potentially compromised because of a phishing attack. Family Physicians Group is one of the biggest companies providing healthcare for Medicare and Medicaid beneficiaries situated in Central Florida and manages 22 clinics in the area. The investigation … Read more
Clearwater identified the most typical security flaws in the healthcare industry using the data analyses of IRM done during the last 6 years. There were millions of risk reports examined from hospitals, Integrated Delivery Networks, and business associates of entities to pinpoint the most prevalent security weaknesses in the healthcare industry. According to the data … Read more
Blue Cross Blue Shield of Michigan informed about 15,000 clients that some of their personal information kept on a laptop was compromised as the laptop computer was stolen from a personnel of a business associate of a subsidiary. The laptop was compromised on October 26, 2018. Blue Cross Blue Shield of Michigan became aware about … Read more
A serious phishing attack on the San Diego School District resulted to the compromise of the private data, including health data, of around 500,000 students and staff. The school district became aware of the phishing attack just in October 2018; though, the breach investigators pointed out that the hacker had accessed the network since January … Read more
Massachusetts Attorney General Maura Healey issued to McLean Hospital a HIPAA violation fine amounting to $75,000 in relation to a data breach in 2015 that exposed about 1,500 patients’ protected health information (PHI). McLean Hospital is a psychiatric hospital situated in Belmont, MA, which allowed an employee to bring home 8 backup tapes frequently. In … Read more
A vulnerability (CVE-2018-8340) was discovered in Microsoft’s Active Directory Federation Services (ADFS) which can permit an attacker to very easily circumvent multi-factor authentication (MFA). ADFS is employed by a lot of firms to secure accounts by employing a second factor to a password to protect accounts, such as vendors SecureAuth, Okta and RSA. It was … Read more
The Irish Data Protection Commission (DPC) is investigating one more prospective General Data Protection Regulation (GDPR) violation by Facebook, following the admission of the company that a glitch may have granted the access to the unposted pictures of around 6.8 million Facebook users by unauthorized people. The DPC is about to investigate the incident relating … Read more
An unauthorized person accessed the email account of a nurse at CCRM Dallas Fort Worth. CCRM discovered the breach on October 4, 2018, following the report of patients receiving spam emails originating from the nurse’s email account. CCRM Dallas-Fort Worth immediately deactivated the compromised email account and its IT vendor started to investigate the incident. … Read more
Based on a new Kaspersky Lab report, Cyber Pulse: The State of Cybersecurity in Healthcare, 27% of healthcare workers reported their company had encountered at least one ransomware attack in the last five years and 33% said their company had encountered several ransomware attacks. In its report, Kaspersky lab mentioned that until January 1, 2018, … Read more
About 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital received notifications that some of their protected health information (PHI) were compromised due to an email account breach. On October 18, 2018, Elizabethtown Community Hospital found out that an unauthorized person accessed the email account of an employee. Immediately, the password for … Read more
Google has announced their final decision to make a few modifications to its terms of service and privacy policy. The major change is the naming of Ireland as the location for its data services in Europe. Anne Rooney, Public Policy Manager for Google Ireland, announced in Google’s blog post the change in data controller location … Read more
A request for information (RFI) issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) is striving to get feedback from the public regarding prospective changes to the Health Insurance Portability and Accountability Act (HIPAA) Rules to boost coordinated, value-based medical care. OCR is collecting recommendations regarding adjustments to the HIPAA … Read more
The University of Maryland Medical System found the unauthorized installation of a malware on its system on December 9, 2018. Because of the speedy response of the UMMS IT department team, the malware infection of the computers were contained and no serious harm happened. Jon P. Burns, the senior VP and chief information officer of … Read more
The latest study by Insights, an enterprise threat management platform provider, unveiled a startling number of healthcare information is openly accessible on the internet due to open and misconfigured databases. Although loads of interest is being centered on the risk of cyberattacks on healthcare devices as well as ransomware attacks, a primary reason why hackers … Read more
New Jersey state attorney general’s office penalized the health insurance provider EmblemHealth the amount of $100,000 for a data breach in 2016 that compromised the protected health information (PHI) of over 6,000 New Jersey plan members. EmblemHealth mailed Medicare Part D Prescription Drug Plan Evidence of Coverage paperwork to its plan members on October 3, … Read more
At the end of November, the Department of Justice charged two Iranians in connection with the SamSam ransomware attacks. However, the attacks are unlikely to let up. Because of the high risk of persistent SamSam ransomware attacks in the USA, the Department of Homeland Security (DHS) and FBI issued a new advise to critical infrastructure … Read more
The HHS’ Office for Civil Rights (OCR) investigated an incident of impermissible PHI disclosure by a business associate of a HIPAA-covered entity and found major HIPAA violation issues, which called for financial charges. Advanced Care Hospitalists (ACH) is a contractor doctors’ group located in Lakeland, FL that deploys internal medicine physicians to hospitals and nursing … Read more
Medical Informatics Engineering and NoMoreClipboard was charged with multi-state federal lawsuit over the 2015 data breach exposing the information of 3.9 million people. Indiana Attorney General Curtis Hill is the lead attorney general of the lawsuit with 11 other participating states – Arizona, Arkansas, Iowa, Florida, Kentucky, Kansas, Louisiana, Minnesota, North Carolina, Nebraska and Wisconsin. … Read more
Georgia Spine and Orthopaedics of Atlanta (GSOA) is informing a number o its patients concerning a phishing attack that caused the possible theft and exposure of some of their protected health information (PHI). The investigation of the data breach showed that an unauthorized person got access to an email account after an employee of GSOA … Read more
Healthcare billing services provider, AccuDoc Solutions Inc, reported a data breach that caused the compromise of the protected health information (PHI) of 2,650,000 Atrium Health patients. AccuDoc Solutions in Morrisville, NC prepares the bills for Atrium Health’s patients. At the same, AccuDoc Solutions operates the online payment system utilized by Atrium Health and its network … Read more
Mercy Medical Center North Iowa found out that an old employee possibly accessed patients’ healthcare records without appropriate authorization for over 12 months. The medical center conducted an internal investigation of the incident which revealed that a past employee had wrongly accessed patient data from July 2017 to July 2018. The employee had access to … Read more
A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information (PHI) of 4,458 patients. The theft was reported right away to law enforcement, but the laptop hasn’t been found or recovered. By reconstructing the data stored on the missing laptop, … Read more
St. John’s Episcopal Hospital and Episcopal Health Services located in New York have informed former and current patients about the potential compromise of their protected health information (PHI). Episcopal Health Services found the occurrence of suspicious activity in several employees’ e-mail accounts on September 18, 2018. A third-party computer forensics firm quickly looked into the … Read more
A phishing attack on New York Oncology Hematology in Albany, New York resulted to the compromise of 15 employee email accounts and gave the hackers access to the sensitive information contained in the email accounts. A total of about 128,400 present and past patients and employees were affected by the breach. The phishing attack involved … Read more
HealthEquity is informing 190,000 people about the exposure of some of their protected health information (PHI) because of a phishing attack. HealthEquity is a company based in Utah that offers services to clients seeking to obtain tax advantages to counter healthcare expenses, either through employers or health plans. The company provides services such as health … Read more
Inova Health System in Virginia began notifying its 12,331 patients regarding the unauthorized access of some of their protected health information (PHI). On September 5, 2018, law enforcement got in touch with Inova Health System because of an alleged breach of patients’ billing details. A prominent computer forensics firm investigated the breach to find out … Read more
A phishing attack on Metrocare Services, the biggest mental health services provider in North Texas, resulted in the compromise of the protected health information (PHI) of 1,804 patients. A number of email accounts of employees were compromised during the phishing attack and the first breach of account occurred on August 2, 2018. Metrocare only became … Read more
Upstate University Hospital located in Syracuse, NY notified 1,216 of its patients regarding the impermissible access of a former personnel to some of their protected health information (PHI). The hospital became aware of the breach on September 12, 2018. Immediately, the breach was investigated to find out which patients were affected by the privacy violation. … Read more
Altus Hospital located in Baytown, Texas had been attacked by ransomware, which encrypted much of the hospital data records. The attack did not have an impact on the electronic medical record system of the hospital. But some patients’ protected health information (PHI) were contained in the encrypted files. The affected PHI included names, addresses, phone … Read more
Accessing of patient information by healthcare employees who are not authorized to do so is clearly a violation of the Health Insurance Portability and Accountability Act’s Privacy Rule. Are employers also accountable for the privacy breach caused by snooping employees under HIPAA ? A patient of Carilion Healthcare Corp’s Carilion Clinic based in Virginia with … Read more
The protected health information (PHI) of around 40,000 patients of the Jones Eye Clinic and its associate surgery center, CJ Elmwood Partners, L.P, located in Sioux City, IA was potentially compromised. The breach is caused by a ransomware attack that impacted the stored data in an information system employed for booking appointments and invoicing patients. … Read more
Catawba Valley Medical Center (CVMC) based in Hickory, NC discovered on August 13, 2018 the access of an unauthorized person to the email account of a CVMC employee. After knowing about the email breach, CVMC took steps to secure the email account and prevent continuing access. A third-party computer forensics firm helped investigate the email … Read more
There is a flaw in the Employees Retirement System of Texas (ERS) OnLine portal. It was discovered when a number of people entered the portal and saw the information of other ERS members. ERS explained that the coding error first came about on January 1, 2018, which affected the ERS OnLine system’s “Annual Out-of-Pocket Premium” … Read more
MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of cybersecurity best practices. The study finds out the employees’ vulnerability to various security threats and evaluates their ability to recognize the phishing threats, prospective malware infections, and hazards of cloud … Read more
The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on its system. The National Ambulatory Hernia Institute posted a breach notice on its website stating that the attackers possibly viewed 15,974 patients’ demographic information which were recorded prior to July … Read more
Raley’s Pharmacy is notifying about 10,000 patients about the potential compromise of some of their protected health information (PHI). The incident on September 24, 2018 involved the theft of a laptop computer from a Raley’s pharmacy, which possibly contained the PHI of some patients. Raley’s pharmacy had the incident investigated immediately to find out the … Read more
The U.S. Food and Drug Administration (FDA) along with the Department of Homeland Security (DHS) presented a memorandum of agreement to make use of a new system for better cooperation and improving coordination of their endeavors to increase healthcare device safety. The cybersecurity vulnerabilities in healthcare devices is a rising issue considering that hackers can … Read more
The email accounts of two employees of the Children’s Hospital of Philadelphia (CHOP) were compromised after the successful phishing attacks launched on August 23 and August 29, 2018. CHOP identified the accessing of email account of a doctor by an unauthorized person on August 24. According to investigations, the account was accessed even the day … Read more
The Department of Health and Human Services’ Office of Inspector General (OIG) issued a new report stating that most Medicaid data breaches are rather minor and just impact a very limited quantity of people. For the report, OIG looked at all the breaches that Medicaid agencies and their contractors reported in 2016. Based on the … Read more
A health insurance system connected to the HealthCare.gov website was hacked according to the Centers for Medicaid & Medicare Services (CMS). The sensitive data of about 75,000 people were potentially accessed by the hackers. A CMS personnel identified the anomalous activity going on in the Federally Facilitated Exchanges system and the Direct enrollment pathway that … Read more
Aetna committed two mailing errors in 2017, which caused the impermissible disclosure of the protected health information (PHI) of its members. Because of the data breach, the HIV statuses and AFib diagnoses of plan members were disclosed to the wrong people. A class action lawsuit was filed by the victims of the HIV status breach … Read more
OCR has issued a settlement fine to Anthem for potential HIPAA violations that led to a 78.8 million records breach in 2015. Anthem paid $16 million and took corrective action to resolve the compliance issues that OCR discovered during the breach investigation. Before this settlement, the largest HIPAA breach settlement was with Advocate Health Care … Read more
According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by the Data Protection Authority in Ireland for allegedly failing to disclose a bug that potentially affected as much as 500,000 accounts. Internal communications revealed that Google senior management knew about … Read more
Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks. The 2018 Cofense State of Phishing Defense Report gives information about the susceptibility or resiliency to phishing attacks and the responses to phishing emails. It also shows the seriousness of … Read more
The ECRI Institute, a non-profit firm that researches new methods to improve patient care, has recently released an annual listing of the top 10 Health Technology Hazards for 2019. The objective of creating this list is to help healthcare companies in discovering possible sources of danger or issues with technology that can possibly cause problems … Read more
There were two phishing attacks on the Minnesota Department of Human Services (DHS) that impacted 21,000 persons provided with medical assistance. DHS already mailed the patients notification letters regarding the possible breach of their protected health information (PHI). It was confirmed that two of DHS employees’ email accounts were compromised as a result of the … Read more
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare sector to have increased awareness of its work to combat cyberthreats. It is trying to increase the transparency of the department with regards to its activities for enforcing cybersecurity. One project is the new web … Read more
Under the HIPAA Privacy Rule, patients have the right to get a copy of their health records from healthcare providers. When requested, copies of health records must be given as quickly as possible or within 30 days from the day of submitting the request. This particular HIPAA Privacy Rule has been in effect since April … Read more
Michigan Medicine is informing over 3,600 patients that some of their protected health information (PHI) was impermissibly disclosed. The Michigan Medicine Development Office had a fundraising campaign and sent letters to many of its patients in early September 2018. The printing of the letters for mailing was done by a third-party vendor. Most of the … Read more
Lambda Legal filed a lawsuit on behalf of 93 data breach victims who are lower-income HIV positive persons whose highly sensitive protected health information (PHI) were stolen from the California AIDS Drug Assistance Program (ADAP) by unauthorized people. The previous administrator of ADAP, A.J. Boggs & Company, filed a motion to dismiss at the Superior … Read more
On October 1, 2018, the U.S. Food and Drug Administration presented a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook created to assist healthcare delivery organizations be prepared for and take steps to resolve medical device cybersecurity issues. The playbook is meant to guide healthcare delivery organizations in creating a readiness and response framework … Read more
Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users. At the same time, all user accounts were automatically signed out. If users would like to access their accounts, they had to log in once again. Facebook shares decreased by … Read more
The National Institute of Standards and Technology (NIST) produced a draft of the guidance that is made to support federal agencies and other firms understand the problems associated with securing Internet of Things (IoT) tools and dealing with the cybersecurity and privacy threats brought in by IoT devices. The first guidance document named Considerations for … Read more
Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access of the email account of one employee. Using the accessed email account, the attacker emailed 124 messages to a different email account. Many the sent messages contained the patients’ protected … Read more
Healthcare data breaches from 2010 to 2017 increased by 70% as per a study that two doctors at the Massachusetts General Hospital Center for Quantitative Health conducted. The study was publicized in the Journal of the American Medical Association on September 25 and reviewed 2,149 healthcare data breaches that were reported to the Department of … Read more
Claxton-Hepburn Medical Center is a not-for-profit community hospital located in Ogdensburg, NY. A number of its employees were terminated from work for accessing patient medical records even if they were not authorized to do so. The hospital became aware of the PHI breaches while doing an internal investigation. The report did not clearly say if … Read more
Three hospitals paid the Department of Health and Human Services’ Office for Civil Rights (OCR) a fine of $999,000 to settle their HIPAA violation. Because the hospitals allowed ABC film to record a video of patients for its Boston Med TV series and were not able to get the patients’ consent before letting other individuals … Read more
Brooklyn’s Kings County Hospital discovered that one of its former staff in the emergency department has allegedly stolen the protected health information (PHI) of about 100 people and shared the PHI to another guy by using an encrypted mobile phone app. 52-year old Orlando Jemmott was employed for 12 years at Kings County Hospital. Since … Read more
Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email accounts of a few of its employees. On July 10, 2018, Ohio Living identified the suspicious activity associated with one employee’s email account. It was investigated immediately with the help … Read more
Blue Cross and Blue Shield of Rhode Island (BCBSRI) is notifying 1,567 plan members about the impermissible disclosure of their protected health information (PHI) by one of its business associates. The business associate was a vendor contracted by BCBSRI to send explanation of benefits statements to its plan members. The explanation of benefits statements contain … Read more
The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed on a server and different types of files which include medical records were encrypted. FDIP appointed a top notch company to look into the breach and find out if the … Read more
Independence Blue Cross in Philadelphia is sending notifications to thousands of its plan members because of the potential exposure of their protected health information (PHI) online and unauthorized individuals may have accessed the data. The Independence Blue Cross privacy office got information about the exposed PHI on July 19. Immediately, a prominent forensics investigation company … Read more
Hopebridge is a network of 28 autism treatment centers located all over the Midwest. It experienced a phishing attack, which potentially resulted in the access of its patients’ protected health information (PHI) by an unauthorized individual. Hopebridge detected the security breach on July 19, 2018 and called in a third-party computer forensics company to investigate … Read more
A nurse working at a Texas children’s hospital was laid off for posting protected health information (PHI) on a social media site, which is a violation of the Health Insurance Portability and Accountability Act (HIPAA) Rules. The nurse worked in the pediatric ICU/ER unit of the Texas Children’s Hospital. Allegedly, the nurse posted comments on … Read more
Acadiana Computer Services Inc., which provides the healthcare industry in Lafayette, LA with software and business solutions, discovered that an unauthorized person accessed an employee’s email account. Upon detecting the security breach on July 6, 2018, Acadiana disabled external access to the email account and retained the services of an independent cybersecurity specialist to investigate … Read more
Reliable Respiratory, which is a respiratory care provider in Norwood, MA experienced a phishing attack that impacted 21,311 patients. A suspected cyberattack was noted on July 3, 2018 after seeing strange activity in the email account of an employee. The account was investigated and it was found that the employee was targeted by a phishing … Read more
There is a new development in the legal case that the Premera Blue Cross data breach 2015 victims filed. As per the victims, Premera Blue Cross intentionally ruined the proof showing the data theft. Premera Blue Cross experienced a cyberattack in 2015 that led to the access or theft of 11 million plan members’ protected … Read more
Arc of Erie County Pays $200,000 for Security BreachThe New York Attorney General penalized the Arc of Erie County with $200,000 for HIPAA Rules violation because of failing to protect its clients’ electronic protected health information (ePHI). The Arc of Erie County is a non-profit social services firm and one chapter of the Arc Of … Read more
The final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in healthcare delivery organizations prepared by the National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) is already released. Wireless infusion pumps today are not standalone devices. They could be linked to a variety of … Read more
There is a code vulnerability discovered in Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS). A threat actor could remotely exploit the vulnerability to acquire administrator level rights and remotely implement code. The Datacaptor Terminal Server of Qualcomm Life Capsule is a healthcare gateway device employed by numerous American hospitals to link their healthcare gadgets. The … Read more
Th BD Alaris Plus medical syringe pumps has a crucial wirelessly exploitable vulnerability. When linked to a terminal server through the serial port, the medical syringe pump could be exploited by a threat actor who can change the supposed work of the syringe pump. The vulnerability is an incorrect authentication flaw. The software program falls … Read more
Ovum performed a survey lately for analytics company FICO, which showed there was a significant increase in businesses getting cybersecurity insurance, yet the healthcare sector has been reluctant on the uptake. The last occasion the study was performed in 2017, half U.S. businesses said that they did not take out a cybersecurity insurance coverage. That … Read more