Legacy Health found an unauthorized person has obtained access to its email system as well as the protected health information (PHI) of about 38,000 patients. The Portland, Oregon-based health system manages two regional hospitals, seventy clinics and four local community hospitals in Oregon, Southwest Washington, and in the Mid-Willamette Valley. Legacy Health is the second … Read more
Anthem Inc. offered a $115 million settlement deal in 2017 to take care of the class action legal cases submitted by the victims of a 78.8 million-record security breach in 2015. The proposed settlement was eventually okayed on August 16. The Anthem cyberattack caused the stealing of plan members’ names, birth dates, medical insurance details, … Read more
The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out. The audit was carried out in line with the HHS OIG’s endeavors to supervise states’ usage of different Federal programs and to figure out if proper security regulations were enforced … Read more
Three Democrat legislators accused the Oklahoma Department of Veteran Affairs of breaking Health Insurance Portability and Accountability Act (HIPAA) Rules. They have likewise called for the termination of two leading Oklahoma VA officials as a result of the incident. The supposed HIPAA violation took place at the time of an appointed web outage. At that … Read more
MedSpring Urgent Care is a group of critical care clinics established in Atlanta, Austin, Chicago, Fort Worth, Dallas, and Houston, which identified an unauthorized individual acquired access to an email account as a consequence of an employee being misled by a phishing scam. The email account was hacked on May 8, 2018 nevertheless MedSpring Urgent … Read more
Approximately 300,000 patients from SSM Health St. Mary’s Hospital based in Jefferson City, Missouri were advised about the exposure of some of their protected health information (PHI) and the potential access of unauthorized individuals. St. Mary’s Hospital transferred to a new space on November 16, 2014. All the patient health records were also transported and … Read more
The HIPAA Security Rule mandates covered entities to consistently safeguard the confidentiality, integrity and availability of protected health information (PHI). The duties of healthcare companies entail maintaining patients’ wellness, safeguarding their personal privacy and not endangering their identities. To protect ePHI saved in web servers or desktop computer systems, there are administrative, physical and technical … Read more
This is a summing up of healthcare data breaches shared as of late to the press and the Department of Health and Human Services’ Office for Civil Rights Pennsylvania Department of Human Services learned that its Compass system seemed to have a system error in its Compass system enabling some persons to look at the … Read more
A survey conducted by the healthcare marketing agency SCOUT revealed that consumers are not as much concerned about the privacy and safety of their medical data as with the privacy and safety of financial information including credit card numbers. As part of a new study series named SCOUT Rare Insights, the Harris Poll survey was … Read more
The protected health information (PHI) of more than 19,000 patients was compromised as a result of a mistake that a transcription service vendor made while upgrading a software on a server. The patients of Orlando Orthopaedic Center in Orlando, Florida who availed healthcare services before January 2018 were impacted by the data breach. The software … Read more
A data security breach took place at Confluence Health, which is a non-profit health system operating Wenatchee Valley Hospital, Central Washington Hospital and other satellite clinics in North and Central Washington. The breach involved the email account of an employee resulting in the access of patients’ protected health information (PHI) by unauthorized individual. When the … Read more
According to the healthcare data breach report for June 2018, healthcare data breaches increased by 13.8% from last month. However the data breaches were not as serious with 42.48% less exposed or stolen healthcare records compared to in May 2018. There were 33 healthcare data breaches reported in June to the Department of Health and … Read more
Two healthcare providers sent in reports of phishing attacks that granted cyber criminals access to patients’ protected health information (PHI). The attackers in both incidents gained access to a couple of email accounts. Sunspire Health manages a national network of addiction treatment facilities. In the latest incident, several email accounts were accessed by unauthorized persons … Read more
The Golden Heart Administrative Professionals located in Fairbanks, AK serves as a business associate to local healthcare providers by providing invoicing as a service. It suffered a ransomware attack lately and is notifying 44,600 people that unauthorized people possibly accessed certain portions of their protected health information (PHI) due to the attack. The ransomware infected … Read more
LabCorp is a clinical laboratory in the United States that had encountered a cyberattack allowing hackers to possibly view or copy the protected health information (PHI) of patients; however it was affirmed later on that it wasn’t a cyberattack instead a ransomware attack hence data theft isn’t the likely intent of the attacker. The attack … Read more
The email account of doctors at UMC Physicians located in Texas was attacked by hackers which brought about the likely compromise of certain protected health information (PHI) of roughly 18,000 patients. The IT staff of UMC Physicians found out about the breach on May 18, 2015 although the hacking occurred on March 15. Consequently, the … Read more
As per a report publicized in Tennessean, one of Metro Health’s personnel made a mistake causing the exposure of the protected health information (PHI) of patients with HIV or AIDS. The employee copied the data held in a database and loaded it to a server giving all Nashville Metro Public Health Department personnel access to … Read more
Law enforcement investigated the involvement of an employee at Arkansas Children’s Hospital in the theft and improper use of patients’ protected health information (PHI). According to the breach report, the PHI of about 4,521 patients was potentially accessed and copied by the employee. The employee worked at Arkansas Children’s Hospital for 15 months from November 7, … Read more
Manitowoc County in Wisconsin suffered a phishing attack which resulted to protected health information (PHI) being stolen. The phishing attack most likely took place on January 14, 2018, however Manitowoc County just found out about the incident and security breach on April 24. Steps to secure the email account was quickly undertaken to keep the … Read more
The American Hospital Association (AHA) members are concerned about the proposed rule by HHS — Centers for Medicare and Medicaid Services’ hospital inpatient prospective payment system for fiscal year 2019. In relation to this, concern is raised on allowing health apps that a patient selects to link to the healthcare providers’ APIs. Mobile health applications … Read more
An ex-employee at the University of Pittsburgh Medical Center, who is the patient information coordinator, was charged by a federal grand jury with criminal violations of HIPAA policies, as stated in the Department of Justice declaration on June 29, 2018. Linda Sue Kalina, 61, who resides in Butler, Pennsylvania, was charged with a six-count indictment … Read more
ICS-CERT has given an announcement concerning two vulnerabilities recently discovered in Medtronic MyCareLink patient monitors. Patients who have implantable cardiac devices use these devices to send the data of their heart rhythm directly to their physicians. The patients monitors are built with safety controls and transfer data over a protected Web connection, however, there’s a … Read more
A breach involving physical protected health information (PHI) was reported by the Associated Dermatology & Skin Cancer Clinic of Helena, MT. The PHI of 1,254 patients was potentially compromised. The breach was due to the theft of a journal left in the vehicle of an employee of Associated Dermatology on May 26, 2018. The vehicle … Read more
The objective of the Overdose Prevention and Patient Safety Act (H.R. 6082) is to ease limitations on the disclosure of medical records of patients suffering from addictions. This Act aligns 42 CFR Part 2, the Confidentiality of Substance Use Disorder Patient Records, with the HIPAA. Presently, 42 CFR Part 2 only allows the sharing of … Read more
Covered entities reported a total of 41 healthcare data breaches in April and 29 in May. Even though the healthcare data breaches decline by 29.27% month-over-month, the breaches documented last May were equally serious as with April. The sum of compromised or stolen medical records in May was 838,587, which was 56,287 less compared to … Read more
Patients of two HIPAA-covered entities got notification letters that their protected health information (PHI) had been compromised because of burglaries. The first breach incident happened on April 16, 2018 affecting two Christus Spohn Hospitals in Corpus Christi. A Christus Spohn employee was burgled, resulting in the theft of PHI, which included the patients’ names, schedule … Read more
Apple presented an application programming interface (API) which app developers could use to make health apps combining patients’ EHR data. Using the Apple Health Records app, patients can add their EHR data, then they can share the data with third-party apps. The objective of the new API is to allow developers to make a variety … Read more
Healthcare companies could implement DMARC, the Domain-based Message Authentication, Reporting and Conformance Standard, to identify email spoofing and prevent it. The thing is only some healthcare companies use DMARC, as reported by Valimail, an email authentication vendor. DMARC operates by ensuring that a domain is being used only by authenticated senders. A company that is … Read more
Steward Healthcare System in Boston terminated Psychiatrist Alexander Lipin for purportedly violating HIPAA rules. But, Lipin rejected the accusation and professed that his dismissal was to get back at him for extending his disability leave. Dr. Lipin asked to extend his disability leave as a result of being infected with pneumonia. Steward Healthcare System granted … Read more
Carolina Insurance Data Security Act on May 14, 2018. The law is comparable to the Insurance Data Security Model law which the National Association of Insurance Commissioners (NAIC) created in 2017. South Carolina is the first state to enjoy a cybersecurity law which addresses the needs of the insurance market. The South Carolina Data Security … Read more
There is a provision in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act that HIPAA violations and data breaches victims are to be given a share of the HIPAA settlements received by the Department of Health and Human Services’ Office for Civil Rights. In May, OCR stated its intention to issue … Read more
April was an awful month as the healthcare market got a greater number of health data breaches and individuals affected compared to March 2018. The Department of Health and Human Services got 41 records of healthcare data breach incidents that had 894,874 healthcare data disclosed or stolen. Healthcare data breach incidents had grown month over … Read more
The Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published notices concerning the vulnerabilities in certain medical products manufactured by Silex, GE Healthcare and Phillips. Cyber criminals and unauthorized people could exploit the vulnerabilities and manipulate the devices. Phillips advised the National Cybersecurity and Communications Integration Center (NCCIC) concerning … Read more
The Government Accountability Office (GAO) lately performed an audit which revealed that patients continue to face many difficulties in obtaining copies of their health records. Healthcare companies and insurers are likewise unable to satisfy HIPAA requirements ending up in a breach of HIPAA rules sometimes. The 21st Century Cures Act required the audit to find … Read more
On March 10, 2018, Cerebral Palsy Research Foundation of Kansas (CPRF) found out that the security defense of one of its databases was disabled for 10 months. This vulnerability led to the compromise of 8,300 patients’ protected health information (PHI). After knowing about the unsecure demographic database, CPRF performed the necessary action to secure the … Read more
Capital Digestive Care, gastroenterology group based in Silver Spring, Maryland, found out the mistake made by its business associate. It seems that the BA uploaded data files to a commercial cloud server which does not have the necessary security setting. This lead to the exposure of 17,639 patients’ protected health information (PHI). Capital Digestive Care … Read more
The Protenus’ quarterly breach barometer report is a collection of data breach info supplied by Databreaches.net and the artificial intelligence program created by Protenus. The collected information enables healthcare organizations to monitor and evaluate employee EHR activities. The report this quarter offers an idea of the magnitude of insider HIPAA Rules violation as well as … Read more
Florida Hospital uses three websites that had been infected with malware. Because of the malware attack, the threat actors potentially had access to the protected health information (PHI) of patients. There is no confirmed report that suggests any PHI access or misuse of PHI. Florida Hospital has informed patients of the breach. Out of an … Read more
Wombat Security recently published Beyond the Phish Report, which revealed the lack of understanding healthcare employees on common security threats. The report was a compilation of data from customers and end users who answered about 85 million questions across 12 categories and 16 industries. The respondents of the Q&A were asked about the best security … Read more
Patients of the Center for Orthopaedic Specialists are being notified because unauthorized individuals potentially accessed some of their protected health information (PHI) when ransomware was installed on its network. The ransomware attack affected the three facilities of the Center for Orthopaedic Specialists located in Simi Valley, West Hills and Westlake Village in California. Databreaches.net reported … Read more
Healthcare organizations easily become victims of cyberattacks because of continually using outdated software and not patching vulnerabilities promptly. This problem is evident in the WannaCry ransomware attacks in May 2017. U.S. healthcare providers were lucky to have escaped unlike their counterparts in the U.K. Symantec recently talked about a threat group that has been attacking … Read more
The medical devices that have come out in the market have increased in the past few years. The devices have been very helpful in allowing healthcare providers manage the health of their patients. But there are concerns being raised on the issue of medical device cybersecurity. When patients use medical devices, sensitive information is … Read more
The protected health information of 582,174 patients of the California Department of Developmental Services (DDS) was potentially compromised. Thieves broke into the legal and audits offices of DDS in Sacramento, CA on February 11, 2018. They had potential access to the PHI of over half a million patients plus the sensitive information of about … Read more
Chief U.S. District Judge Gina M. Groh sentenced Angela Dawn Roberts, a former employee at Berkeley Medical Center, to 5 years’ probation for being involved in an identity theft scam. Aside from the probation, Angela Dawn Roberts of Stephenson, VA needs to settle a $22,000-restitution. Angela Dawn Lee (another name of Roberts) worked for WVU … Read more
Provider group Texas Health Resources based in Arlington is notifying approximately 4,000 patients that an unauthorized person accessed some of their sensitive information. The security breach happened on October 2017, but Texas Health Resources only knew about it on January 17, 2018 when law enforcement notified them. The attacker accessed the email accounts that contained … Read more
The number of SamSam ransomware attacks on government and healthcare organization increased in recent months. These incidents prompted the Department of Health and Human Service’s Healthcare Cybersecurity and Communications Integration Center or HCCIC to publish a report about the SamSam ransomware attacks. There are tips included in the report to spread awareness on what to … Read more
There were 10 SamSam ransomware attacks since December 2017. The attacks were mostly on government and healthcare providers in the United States. There were other attacks reported in India and Canada. One of the attacks occurred in January 2018 on AllScripts. Since the system of this EHR provider was down for several days, 1,500 medical … Read more
A group of 112 hackers, penetration testers and incident responders were surveyed to find out how fast they can access a targeted system. The survey revealed that majority (61%) of them can get access in less than 15 hours, 54% of the hackers can get access to a system in less than 5 hours, identify … Read more
The Department of Health and Human Services filed a motion to dismiss the lawsuit filed by Ciox Health for lack of standing. Early this year, healthcare information management company Ciox Health filed a lawsuit against HHS to challenge the changes to HIPAA in 2013 and the enforcement guidance they issued in 2016. Ciox Health questioned … Read more
Ponemon Institute conducted a study on behalf of Merlin International involving 627 healthcare executives in the United States and found that healthcare organizations are failing to train their employees on security awareness. About 52% of respondents confirm that lack of security awareness is the top reason why healthcare organizations are slow in improving their security … Read more
Oregon state governor Kate Brown just signed Senate Bill (SB 1551) last month to update several regulations including Oregon’s Breach Notification Law (O.R.S. 646A.604) and Information Security Law (O.R.S. 646A.622). The update in the law will take effect on June 2018. What are the updates in the recently signed bill? There were several definition updates. … Read more
JAMA recently published a study that highlighted the frequent improper disposal of PHI. Although the study was based in Canada, which is a location not covered by HIPAA, the findings show an important aspect of PHI security that is often ignored. The study was conducted by researchers at St. Michael’s Hospital in Toronto. They checked … Read more
Banner Health issued a financial report mentioning OCR’s investigation of the colossal 2016 Banner Health data breach. In the said breach incident, 27 Banner Health facilities located in Alaska, Arizona, Colorado, California, Nevada, Nebraska, and Wyoming were affected. The protected health information of 3.7 million patients was exposed. Sensitive information such as names, birth dates, … Read more
Finger Lakes Health in Geneva, NY had a ransomware attack that made its computer system inaccessible. The health system did not stop its operations but the staff had to use pen and paper while the IT team worked on removing the malware to restore access to electronic medical data. Finger Lakes Health was attacked on … Read more
Anomali and the National Health Information Sharing and Analysis Center (NH-ISAC) have partnered to provide threat intelligence to healthcare organizations. Anomali can help in several ways: It has the tools and infrastructure needed for collaboration and sharing threat intelligence to others. It can provide updated threat intelligence on old and new external threats that are … Read more
Ponemon Institute conducted a survey sponsored by Merlin International which revealed that 62% of healthcare organizations experienced data breaches in the past year resulting to data loss. The survey involved the participation of 627 leaders from hospitals and payer organizations. About 67% of the survey participants were from hospitals that have 100-500 beds and about … Read more
The Federal Bureau of Investigation (FBI) warned businesses, educational institutions and healthcare organizations regarding the significant increase in phishing attacks on payroll employees. The phishing attacks aim to copy the W-2 forms of employees and the hackers use the copied data for tax fraud and identity theft. There were also some cases reported that payroll … Read more
Health Net California, a provider of government employees’ benefits, has been marked as not willing to undergo security audits as per the Flash Audit Alert released by the U.S. Office of Personnel Management (OPM) Office of the Inspector General Office of Audits (OIG). Over the past 10 years OPM has been assigned to perform security … Read more
A long-time hacker was able to access medical records of close to 1,900 patients of the University of Virginia Healthcare System using malware infection. How it was done For over 19 months— from May 3, 2015 to December 27, 2016— the hacker was able to view medical records of 1,882 patients through a malware loaded … Read more
The January 2018 Healthcare Data Breach report is now available. Based on the healthcare security incidents reported to the Department of Health and Human Services’ Office for Civil Rights, there were 21 security breaches in January 2018. The number of incidents this January is lesser compared to December 2017 which recorded 39 incidents. The number … Read more
Ayal Hassidim, MD of Hadassah Hebrew University Medical Center in Jerusalem conducted a research in collaboration with researchers from Harvard Medical School, Duke University and Ben Gurion University of the Negev. The study involved the survey of 299 medical students, interns, medical residents and nurses regarding the practice of sharing EHR passwords. The results, which … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the first case of HIPAA settlement for 2018. For multiple potential HIPAA violations, Fresenius Medical Care North America (FMCNA) agreed to pay a settlement amount of $3.5 million to OCR. The violations involved five separate data breaches that happened way back in … Read more
The Cyber Incident & Breach Trends Report published by Online Trust Alliance considers 2017 as the worst year ever for cybersecurity incidents. The number of breach reports almost doubled in 2017 compared to the previous year. Aside from knowing the data, Online Trust Alliance also investigates the incidents to understand the trends and to know … Read more
A bipartisan team of legislators in Colorado recommended modifying its privacy and data breach notification laws for Colorado residents to obtain better security. If approved, there’ll be substantial adjustments in the existing state regulations. The proposed legislation is going to include these personally identifying information (PII) to the concept of PII. Full name or last … Read more
Nebraska lawmakers voted 34-0 during the first round of voting on a bill introduced by Senator Adam Morfield. The bill seeks to further protect Nebraska residents when their personal information is exposed during a data breach. It was introduced after the massive data breach at Equifax in 2014, which compromised the personal information of over … Read more
Aetna took legal action against Kurtzman Carson Consultants (KCC), the administrative support company that handled the July 2017 mailing for Aetna. That mailing project resulted in a data breach disclosing the details of HIV medications through the envelope’s clear plastic window because the letters inside the envelopes slipped. The Legal Action Center, AIDS Law Project … Read more
Documents containing the sensitive information of 842 patients at Western Washington Medical Group were compromised on November 13, 2017. Apparently, the documents were thrown away with regular trash by mistake. The sensitive documents in the shredding bins were supposed to be permanently destroyed in accordance with HIPAA Rules. However, instead of destroying them, the janitorial … Read more
The Department of Health & Human Services (HHS) released a proposed rule that helps small businesses and self-employed workers to get less expensive health coverage. The proposed rule broadens the criteria of the Employee Retirement Income Security Act (ERISA) by partly changing the definition of “employer” to include small businesses and self-employed workers who have … Read more
The Health Insurance Portability and Accountability Act has no private cause of action. Because of this, patients cannot sue healthcare providers for privacy violations. But a number of states, such as New York, Massachusetts and Missouri, have rulings that allow patients to file lawsuits against healthcare organizations for unauthorized disclosures of medical records. The Connecticut … Read more
The healthcare security breaches in Q4 of 2017 decreased by 13%. In Q3, there were 99 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights. In Q4, 86 security breaches were reported, which is 13 incidents less than the previous quarter. The number of healthcare security breaches reported per … Read more
The healthcare data breaches in December 2017 significantly increased by 81% from the previous month. Thirty-eight healthcare data breaches that impacted over 500 persons were reported. The number of exposed patient records in December also increased by 219% from the previous month. There were 341,621 records of patients that were exposed or stolen. The pattern … Read more
An unauthorized former nurse in Palomar Medical Center Escondido viewed the medical records of over 1,300 patients. The patient privacy violations happened in a period of 15 months from February 10, 2016 to May 7, 2017. It was discovered during an audit of access logs. The audit report showed a pattern of access that did … Read more
The University of Phoenix College of Health Professions conducted a survey recently that involved 504 full time registered nurses (RNs) and administrative staff across the United States The results show that RNs who had their position for at least two years are confident that their healthcare organization can prevent data breaches. 48% of RNs and … Read more
Kathryn Marchesini is the new appointed chief privacy officer at the Office of National Coordinator for Health IT (ONC). She replaced Acting Chief Privacy Officer Deven McGraw. The need for the ONC to appoint a Chief Privacy Officer is stated in the HITECH Act. The work of the CPO includes advising the National Coordinator on … Read more
The Agency for Health Care Administration in Florida discovered that an employee’s email account was accessed by an unauthorized person. The employee got a malicious phishing email on November 15, 2017. Unfortunately, he/she responded to the email and disclosed his/her login details so the hacker was able to remotely access the email account. The protected … Read more
The non-profit health system SSM Health based in St. Louis, MO discovered the unauthorized access of patient health records by a former employee. The former employee was part of SSM Health’s customer service call center. His access to information was limited to demographic, health and clinical information only. He did not have access to patients’ … Read more
In the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) newsletter issued last December, travelling healthcare professionals were given recommendations to avoid malware infections and potential exposure of patients’ protected health information. When healthcare professionals travel during the holidays, they could be taking work-issued devices, such as laptops, tablets and mobile … Read more
A former physician at the Emory Healthcare (EHC) took the protected health information of thousands of EHC patients without hospital authorization and knowledge. He uploaded the information to a Microsoft Office 365 OneDrive account, where other individuals could potentially access it. The former EMC physician now works at the University of Arizona (UA) College of … Read more
The University of Rochester Medicine’s Jones Memorial Hospital in Wellsville, New York experienced an unexpected downtime because of a cyberattack on December 27, 2017. The cyberattack disrupted some of the hospital’s information services. While the nature of the cyberattack was not disclosed, the public should know that only Jones Memorial Hospital was attacked and other … Read more
A serious WannaCry ransomware attack occurred in May 2017. The hackers exploited vulnerabilities in the UK’s National Health Service (NHS) systems. They installed their malicious payload into the systems and disrupted services at more than 50 NHS Trusts. The attack resulted in the cancellation of appointments and postponement of operations. It took some time to … Read more
Ponemon Institute conducted a study on current endpoint security trends. Two of the threats that need to be dealt with are ransomware and fileless malware attacks. The healthcare industry spends over $1 billion on endpoint attacks every year. The big money spent on mitigating attacks highlights the importance of endpoint security. Sad to say, healthcare … Read more
Columbus Surgery Center, LLC and Eye Physicians, P.C in Columbus, Nebraska were attacked by ransomware resulting in the potential protected health information exposure of about 10,000 patients. The ransomware attacked on October 7, 2017 and encrypted a range of files on some servers. The attackers demanded a ransom but no ransom was paid. The healthcare … Read more
NYU Langone Health System Data Breach A binder that contained a log of presurgical insurance authorizations from NYU Langone Health System was mistakenly recycled by a cleaning company in October 2017. The binder contained the information of about 2,000 patients’ names, dates of birth, dates of service, diagnosis codes, procedural terminology code, insurance ID numbers … Read more
Twenty one reports of healthcare data breaches with over 500 affected individuals were submitted to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) in November 2017. Of the 21 breach reports, seven impacted over 5,000 persons. The number of reported breaches decreased this month but the number of impacted individuals … Read more
HIMSS Analytics conducted a study for email security firm Mimecast. The survey results showed that 78% of healthcare organizations had been attacked by ransomware or malware in the past 12 months. Many of the survey respondents had more than 12 ransomware or malware attacks in the last 12 months. According to 37% of surveyed healthcare … Read more
The Multi-State Billing Services (MBS) based in New Hampshire experienced a data breach that resulted to a financial settlement of $100,000 with Massachusetts attorney general’s office. MBS is the provider of Medicaid processing services for 13 public school districts in Massachusetts. Allegedly, a password-protected, unencrypted laptop computer was stolen from an MBS employee in 2014. … Read more
Chicago’s Sinai Health System was compromised when two of its employees’ email accounts were involved in a phishing attack. The phishing incident that took place on October 2 was immediately discovered and mitigated. Hence, potential access of the compromised accounts was only for a few hours. Cybersecurity experts investigated the matter and believed that the … Read more
The American Hospital Association (AHA) wrote a letter to the House Ways and Means Health Subcommittee concerning how the Congress can help lessen the regulatory burden on hospitals and health systems. The increased regulatory activity on hospitals and health systems is counter-efficient and negatively affects patient care. For example, the Centers for Medicare & Medicaid … Read more
An unsealed complaint against 60 hospitals was filed in a U.S. District Court in Indiana in 2016 for violating the HITECH Act. The 60 hospitals allegedly received the HITECH Act meaningful use incentive payments for transitioning to an electronic health records system without actually satisfying the requirements of the HITECH Act. Before hospitals can receive … Read more
A man was sentenced to serve a three-year jail term for fraud and blackmail offenses. Nathan Wyatt, a 36-year old from Wellingborough, England was allegedly linked to TheDarkOverlord hacking group. But his offenses were not related to TheDarkOverlord gang’s cyberattacks or extortion attempts. Nathan, better known online as Crafty Cockney, pleaded guilty to 20 counts … Read more
As reported by cloud threat defense firm RedLock, the number of misconfigured cloud services is growing. Some of the incidents that had been reported include the widespread misconfigured MongoDB installations. When hackers discovered the misconfigured databases in January 2017, they plundered the databases, deleted the data and demanded ransom. The total number of hijacked MongoDB … Read more
Much of the healthcare industry now use secure cloud storage services to store files of electronic protected health information (ePHI) and to host web applications. But the cloud does not guarantee there won’t be any data breach. It also does not guarantee HIPAA-compliance even with a Business Associate Agreement. When cloud storage services are misconfigured, … Read more
A security breach at Baptist Health in Louisville, Kentucky was discovered on October 3, 2017. Potentially 880 patients had been notified that their sensitive information may have been accessed and stolen by unauthorized persons. According to the report, there was irregular activity detected in an employee’s email account. Prior to that, a third party sent … Read more
Some physical files of medical records from Women’s Health Consultants in South Whitehall Township and Hanover Township, PA were dumped in a recycling center in Allentown, Pennsylvania. The files contained names, medical histories of cancer and HIV patients and Social Security numbers. Women’s Health Consultants is no longer open for business. So, there’s probably no … Read more
Nurse Dianna Hereford’s employment contract was terminated after a patient of Norton Audubon Hospital complained of a nurse HIPAA violation. Hereford filed an action in the Jefferson Circuit Court against her employer for wrongful termination of her contract because she claimed that she always complied with HIPAA regulations. Here’s how the alleged improper disclosure of … Read more
Tangela Lawson-Brown, a former nurse in a Tallahassee nursing home from October 2011 to December 2012, was convicted of possession of unauthorized access devices, wire fraud, aggravated identity theft and theft of government funds by a court in Tallahassee. She stole the personal information of 26 patients while she was working in the nursing home. … Read more
The SAManage USA data breach in 2016 caused the online exposure of the Social Security numbers of 660 Vermont residents. The Vermont Attorney General required a settlement amount of $264,000 from SAManage USA for its violation of Vermont Security Breach Notice Act. SAManage USA provided business support services for Vermont Health Connect. The problem was … Read more
Another unencrypted laptop got stolen from an employee of Rocky Mountain Health Care Services of Colorado Springs. This is the second time that a similar incident happened in three months. The second theft, which was discovered on September 28, has been reported to law enforcement. The 909 patients whose protected health information has been compromised … Read more
The protected health information of 1,200 UPMC Susquehanna patients has potentially been exposed to unauthorized persons. UPMC Susquehanna is a network of hospitals and medical facilities in Muncy, Pennsylvania and Williamsport, Wellsboro. According to the report, an employee responded to a phishing email, which paved the way to unauthorized access of the PHI. No specific … Read more
The state of New York will introduce the SHIELD Act, which stands for Stop Hacks and Improve Electronic Data Security Act. This law requires all businesses that hold sensitive data of New Yorkers to adopt administrative, technical and physical security measures. This applies to all business even those that are not based in New York … Read more