Fitzgibbon Hospital, Christiana Spine Center, and Diskriter Encounter Ransomware Attacks

On June 25, 2022, a representative of a threat group known as DAIXIN Team shared details with regards to a ransomware attack and information theft incident that occurred at Fitzgibbon Hospital located in Marshall, Missouri. Stolen data was published to a dark web resource site. The published data consists of database tables taken from the … Read more

ONC and OCR Launch Modified Security Risk Assessment Tool

The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Security Rule calls for HIPAA-controlled entities to carry out a detailed, organization-wide risk … Read more

Santa Barbara County Department and Baptist Health Report Cyberattack

Medical Record Breach at Santa Barbara County Department of Behavioral Wellness Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, the department discovered unauthorized access when it applied a new security program for identifying unauthorized … Read more

OCR to Create Video on Recognized Security Practices in the HITECH Act

The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate OCR to look at recognized security practices that were set up for about 12 months … Read more

Atlassian Announces Fix for Maximum Severity Largely Exploited Vulnerability in Confluence Server and Data Center

Atlassian has developed a patch to resolve a critical zero-day vulnerability that has an effect on all supported models of Confluence Server and Data Center. The vulnerability, which is monitored as CVE-2022-26134 has the highest CVSS severity rating of 10. Unauthenticated attackers could take advantage of the vulnerability remotely to accomplish code execution. Security researchers … Read more

Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server

An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, from Downers Grove, IL, was employed at an IT organization that had an agreement with … Read more

Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Atlanta Perinatal Associates

Social Action Community Health System (SAC Health) has lately advised 149,940 patients regarding the theft of documents that contain their protected health information (PHI) in a break-in at an off-site storage place that keep patient records. SAC Health discovered the theft on March 4, 2022. The succeeding investigation affirmed on April 22, 2022 the theft … Read more

Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach

Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people take care of their diabetes, encountered a phishing attack that permitted unauthorized individuals to access … Read more

McKenzie Health System & Omnicell Report Cyberattacks

McKenzie Health System in Sandusky, MI, has just begun informing 25,318 individuals regarding the theft of some of their protected health information (PHI) due to a recent security incident that interrupted the operations of a number of its systems. The provider detected the suspicious activity inside its IT systems on March 11, 2022 and took … Read more

New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies

The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and patients. At this time, greater than 86 million Americans utilize a health or fitness application. … Read more

HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding insider threats. Insider Threats in Healthcare Cybercriminal gangs, nation-state hacking groups, and single hackers have … Read more

HHS Alerts the HPH Sector Regarding Hive Ransomware

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. HC3 has shown a study of the tactics, techniques, and procedures (TTPs) recognized to be … Read more

Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms

Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when Trezor, a cryptocurrency hardware wallet provider, looked into a phishing campaign targeting its clients that … Read more

Final Guidance on Effective Enterprise Patch Management Published by NCCoE

The National Cybersecurity Center of Excellence (NCCoE) has introduced the finalized versions of two Special Publications that offer guidance on business patch management practices to avoid taking advantage of vulnerabilities in IT solutions. Cybercriminals and nation-state threat actors exploit unpatched vulnerabilities in software programs, operating systems, and firmware to acquire access to business networks to … Read more

How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security

The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with 5 or fewer licensed providers and 129 large practices having six or more providers to fully grasp the security concerns … Read more

Dental Practices Penalized for Breach of HIPAA Rules

$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because a patient sent a complaint last November 2015 about unauthorized disclosure of his protected health information (PHI) related to a … Read more

Security Breaches Reported by Chelan Douglas Health District, Liberty of Oklahoma Corporation, and East Tennessee Children’s Hospital

Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. The breach notice posted on Chelan Douglas Health District site doesn’t mention when the breach was noticed, however, a third-party … Read more

OCR: HIPAA Security Rule Compliance Could Avert and Mitigate the Majority of Cyberattacks

Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking and also other IT incidents. A substantial percentage of those breaches might have been averted if HIPAA-regulated entities were completely … Read more

South Denver Cardiology Associates Reports Data Breach Impacting 287,000 Individuals

South Denver Cardiology Associates (SDCA) has recently reported that it experienced a cyberattack in January 2022 that led to the access and possible theft of files that contain patient data by attackers. Strange network activity was noticed on January 4, 2022, and SDCA quickly started its breach response process. Systems were separated from the network … Read more

DataHealth, JDC Healthcare Management, and Dr. Douglas C. Morrow Report Hacks and Ransomware Attacks

DataHealth DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the incident. DataHEALTH mentioned it found out on December 30, 2021, that the threat actors got … Read more

HIPAA Policies and Procedures

The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going to be uninformed of how they ought to perform their tasks that comply with HIPAA, how they ought to respond … Read more

Cyberattack Reported by Logan Health Medical Center and NHS Management

Logan Health Medical Center located in Kalispell, MT has recently commenced informing a number of patients that hackers obtained access to a file server that contained patient files in a highly sophisticated criminal attack. The medical center noticed the security breach of its information technology systems on November 22, 2021. The initial investigation confirmed that … Read more

Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach

Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 because information stolen during the attack was shared on the Marketo dark web leak page. … Read more

Deadline for Reporting 2021 PHI Breaches Affecting Fewer Than 500 People

The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit is 60 days since the discovery of the data breach, though notification letters ought to be sent “without unreasonable delay.” … Read more

Latest Phishing Kits Used to Bypass Multi-Factor Authentication

Phishing attacks make it possible for threat actors to get credentials, but with multi-factor authentication (MFA), it is tougher for phishing attacks to become successful. With MFA activated, aside from a username and password, an additional way of authentication is needed prior to approving account access. Microsoft has earlier mentioned multi-factor authentication prevents 99.9% of … Read more

Data Breaches Announced by Suncoast Skin Solutions, South City Hospital, The Colorado DHS and Raveco Medical

Suncoast Skin Solutions, a network comprised of 22 medical, surgical, and cosmetic dermatological care clinics based in Florida, lately commenced informing 57,730 patients regarding a ransomware attack it uncovered on July 14, 2021. Suncoast stated upon discovery of the attack, it took immediate action to avoid the encryption of its whole systems and hired a … Read more

Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022

The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of the Department of Health and Human Services (HHS). The survey will continue to be accessible … Read more

Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack

Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the hackers initially acquired access to organization servers on or approximately July 10, 2021, and put … Read more

The University of Arkansas for Medical Sciences and Sacramento County Reported Email Breaches

The University of Arkansas for Medical Sciences and Sacramento County recently reported email-related breaches of protected health information (PHI). HIPAA Violation by an Employee of the University of Arkansas for Medical Sciences (UAMS) The University of Arkansas for Medical Sciences (UAMS) has begun sending breach notification letters to patients to notify them about a HIPAA … Read more

What are the Penalties for HIPAA Violations?

The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and procedures that are according to the criteria specified by HIPAA. The Health Insurance Portability and … Read more

Millennium Eye Care and Duneland School Corporation Cyberattack

Data of Millennium Eye Care Patients Stolen by Ransomware Gang A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file encryption in an effort to extort cash from the healthcare provider. The breach notification letters … Read more

State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach

The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA mentioned in a breach notice posted on its web page that it identified and blocked … Read more

HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect

The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In emergency scenarios like disease outbreaks, HIPAA Rules stay effective and the demands of the HIPAA … Read more

Pharmacy Hospital and Dental Practice Report Hacking Cases Affecting Over 355,000 Individuals

An attacker acquired access to BioPlus Specialty Pharmacy Services, an IT network located in Altamonte Springs, FL. Files containing sensitive patient data were accessed by the attacker. The pharmacy discovered the attack on November 11, 2021, and took prompt action to get rid of the hacker from its system. A third-party computer forensics agency aided … Read more

OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk protection orders. In June 2021, the U.S. Department of Justice shared model legislation to give … Read more

New Jersey Penalizes Hackensack Healthcare Companies for HIPAA Violations

The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. Regional Cancer Care Associates located in Hackensack, NJ is a name for 3 healthcare companies that run healthcare services in … Read more

PHI of 750,000 Oregon Anesthesiology Patients Restored After the Ransomware Attack

On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information. Subsequent to the attack, its IT infrastructure was reconstructed and offline data backups were employed to quickly bring back the impacted … Read more

Email Account Breaches Impact PHI of 40,000 Individuals

Three healthcare providers have reported data breaches that affected the email accounts of employees. The occurrences potentially resulted in the exposure and likely theft of the protected health information (PHI) of around 40,000 people. Region IV Area Agency on Aging On or around September 30, 2021, Region IV Area Agency on Aging in Michigan (AAA4) … Read more

Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New Mexico on October 5, 2021. Steps had been taken immediately to secure its IT systems. … Read more

Lifting of Class Certification Order Associated With Data Breach Lawsuit Versus West Virginia University Health System

West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted the class certification order. The lawsuit is in connection with an insider data breach that took place in 2016. From … Read more

HC3 Alerts Healthcare Sector Concerning Threat of Zero-day Attacks

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a notification to the healthcare and public health industry concerning a rise in financially inspired zero-day attacks, teaching mitigation strategies that must be implemented to minimize risk to a low and tolerable level. A zero-day attack makes use of a vulnerability for which there isn’t … Read more

82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months

Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices being employed in healthcare has risen considerably in the past few years as connected health … Read more

PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches

The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Persons Exposed Because of the Sea Mar Community Health Centers Hacking Incident Sea Mar Community Health Centers is … Read more