HIPAA News

The number of SamSam ransomware attacks on government and healthcare organization increased in recent months. These incidents prompted the Department of Health and Human Service’s…

There were 10 SamSam ransomware attacks since December 2017. The attacks were mostly on government and healthcare providers in the United States. There were other…

A group of 112 hackers, penetration testers and incident responders were surveyed to find out how fast they can access a targeted system. The survey…

The Department of Health and Human Services filed a motion to dismiss the lawsuit filed by Ciox Health for lack of standing. Early this year,…

Ponemon Institute conducted a study on behalf of Merlin International involving 627 healthcare executives in the United States and found that healthcare organizations are failing…

Oregon state governor Kate Brown just signed Senate Bill (SB 1551) last month to update several regulations including Oregon’s Breach Notification Law (O.R.S. 646A.604) and…

JAMA recently published a study that highlighted the frequent improper disposal of PHI. Although the study was based in Canada, which is a location not…

Finger Lakes Health in Geneva, NY had a ransomware attack that made its computer system inaccessible. The health system did not stop its operations but…

Anomali and the National Health Information Sharing and Analysis Center (NH-ISAC) have partnered to provide threat intelligence to healthcare organizations. Anomali can help in several…

Ponemon Institute conducted a survey sponsored by Merlin International which revealed that 62% of healthcare organizations experienced data breaches in the past year resulting to…

PhishMe, which is now called Cofense, received five 2018 Cybersecurity Excellence Awards for its products that provide phishing defense solutions. Cybersecurity Insiders together with the…

The Federal Bureau of Investigation (FBI) warned businesses, educational institutions and healthcare organizations regarding the significant increase in phishing attacks on payroll employees. The phishing…

Health Net California, a provider of government employees’ benefits, has been marked as not willing to undergo security audits as per the Flash Audit Alert…

A long-time hacker was able to access medical records of close to 1,900 patients of the University of Virginia Healthcare System using malware infection. How…

The January 2018 Healthcare Data Breach report is now available. Based on the healthcare security incidents reported to the Department of Health and Human Services’…

Ayal Hassidim, MD of Hadassah Hebrew University Medical Center in Jerusalem conducted a research in collaboration with researchers from Harvard Medical School, Duke University and…

The Cyber Incident & Breach Trends Report published by Online Trust Alliance considers 2017 as the worst year ever for cybersecurity incidents. The number of…

A bipartisan team of legislators in Colorado recommended modifying its privacy and data breach notification laws for Colorado residents to obtain better security. If approved,…

Nebraska lawmakers voted 34-0 during the first round of voting on a bill introduced by Senator Adam Morfield. The bill seeks to further protect Nebraska…

Aetna took legal action against Kurtzman Carson Consultants (KCC), the administrative support company that handled the July 2017 mailing for Aetna. That mailing project resulted…

The Department of Health & Human Services (HHS) released a proposed rule that helps small businesses and self-employed workers to get less expensive health coverage….

The Health Insurance Portability and Accountability Act has no private cause of action. Because of this, patients cannot sue healthcare providers for privacy violations. But…

The healthcare security breaches in Q4 of 2017 decreased by 13%. In Q3, there were 99 data breaches reported to the Department of Health and…

The healthcare data breaches in December 2017 significantly increased by 81% from the previous month.  Thirty-eight healthcare data breaches that impacted over 500 persons were…

The University of Phoenix College of Health Professions conducted a survey recently that involved 504 full time registered nurses (RNs) and administrative staff across the…

Kathryn Marchesini is the new appointed chief privacy officer at the Office of National Coordinator for Health IT (ONC). She replaced Acting Chief Privacy Officer…

The Agency for Health Care Administration in Florida discovered that an employee’s email account was accessed by an unauthorized person. The employee got a malicious…

The non-profit health system SSM Health based in St. Louis, MO discovered the unauthorized access of patient health records by a former employee. The former…

In the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) newsletter issued last December, travelling healthcare professionals were given recommendations to…

The University of Rochester Medicine’s Jones Memorial Hospital in Wellsville, New York experienced an unexpected downtime because of a cyberattack on December 27, 2017. The…

A serious WannaCry ransomware attack occurred in May 2017. The hackers exploited vulnerabilities in the UK’s National Health Service (NHS) systems. They installed their malicious…

Ponemon Institute conducted a study on current endpoint security trends. Two of the threats that need to be dealt with are ransomware and fileless malware…

Columbus Surgery Center, LLC and Eye Physicians, P.C in Columbus, Nebraska were attacked by ransomware resulting in the potential protected health information exposure of about…

NYU Langone Health System Data Breach A binder that contained a log of presurgical insurance authorizations from NYU Langone Health System was mistakenly recycled by…

Twenty one reports of healthcare data breaches with over 500 affected individuals were submitted to the U.S. Department of Health and Human Services’ Office for…

HIMSS Analytics conducted a study for email security firm Mimecast. The survey results showed that 78% of healthcare organizations had been attacked by ransomware or…

Chicago’s Sinai Health System was compromised when two of its employees’ email accounts were involved in a phishing attack. The phishing incident that took place…

The American Hospital Association (AHA) wrote a letter to the House Ways and Means Health Subcommittee concerning how the Congress can help lessen the regulatory…

As reported by cloud threat defense firm RedLock, the number of misconfigured cloud services is growing. Some of the incidents that had been reported include…

Much of the healthcare industry now use secure cloud storage services to store files of electronic protected health information (ePHI) and to host web applications….

Some physical files of medical records from Women’s Health Consultants in South Whitehall Township and Hanover Township, PA were dumped in a recycling center in…

Another unencrypted laptop got stolen from an employee of Rocky Mountain Health Care Services of Colorado Springs. This is the second time that a similar…

The protected health information of 1,200 UPMC Susquehanna patients has potentially been exposed to unauthorized persons. UPMC Susquehanna is a network of hospitals and medical…

The state of New York will introduce the SHIELD Act, which stands for Stop Hacks and Improve Electronic Data Security Act. This law requires all…

Patients of Cook County Health and Hospitals System received notification of a breach of their protected health information. Two hospitals and about a dozen community…

Earlier this month, the Secretary of the U.S. Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and penalties in…

Protenus-an organisation dedicated to patient privacy monitoring of electronic health records-has released its Breach Barometer report. The report shows there was a significant increase in…

Amida Care-a not-for-profit community healthcare service based in New York-has reported a HIPAA breach to the Office of Civil Rights (OCR). Their initial report reveals…

In the third quarter of 2017, Q3, 2017, HIPPA covered entities reported 99 breaches of healthcare data, each involving more than 500 records, reported to…

In January 2014, the Department of Health and Human Services proposed a new rule for certification of compliance for health plans to be introduced into…

TheDarkOverlord is a hacking group that has been involved in many high-profile cases in recent months, from allegedly accessing the British Royal family’s healthcare information…

In response to the devastating Hurricanes Harvey and Irma that hit the United States earlier this year, the U.S. Department of Health and Human Services…

The American Hospital Association (AHA) recently sent an open letter to the House Ways and Means Health Subcommittee, in which they suggested several steps that…

The Department of Health and Human Services has issued a waiver of sanctions and penalties for violations of HIPAA’s Privacy Rule in the Hurricane Harvey…

Delaware has amended its data breach notification law by introducing some of the strictest requirements of any state. It is the first time in a…

Senators Joe Manchin and Shelley Moore Capito, both of West Virginia, have announced that Jessie’s Law has been passed by the Senate. The legislation was…

In June 2017, the Department of Health and Human Services (HHS) confirmed it was contemplating updating its data breach portal. This section is commonly referred…

The Office for Civil Rights’ “Wall of Shame” was established in December 2009. This data portal contained summaries of healthcare data breaches published on the…

Earlier this month, the Mississippi Division of Medicaid (DOM) announced that over 5,000 Medicaid recipients have had some of their protected health information (PHI) exposed….

The Department of Health and Human Services has recently released data revealing the frequency of the most common types of HIPAA violations. The report concerned…

In addition to having their employment contract terminated, healthcare employees who have been identified as improperly accessing the medical records of patients are also likely…

The Health Information Trust Alliance (HITRUST) is the most widely adopted privacy and security framework in the United States. Earlier this month, it announced that…

On February 10, 2017, Tom Price was appointed as secretary of the Department of Health and Human Services on February. He has replaced Sylvia Matthews…

After calls from healthcare professionals to clear the ambiguity surrounding allowable disclosures of protected health information to spouses, relatives, and patients’ loved ones, the Department…