Forefront Dermatology Negotiates $3.75 Million Settlement to Take Care of Ransomware Lawsuit

The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has associate practices in 21 states and Washington D.C. In May 2021, the Cuba ransomware group … Read more

Up to 1.5 Million Patients Affected by Adding a Tracking Code to the Community Health Network Website

Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based on the breach report sent to the HHS’ Office for Civil Rights, the PHI of … Read more

Data Exposed at Alta Forest Products, Hilario Marilao, M.D, and Three Rivers Provider Network

Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, and fast action was undertaken to protect its systems and stop continuing unauthorized access. The … Read more

Feds Publish Guidance on Responding and Lowering Impact of DDoS Attacks

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation of distributed Denial of Service (DDoS) attacks. These attacks are performed to overburden programs and sites with traffic, as a … Read more

2021 Data Breaches Reported by U.S. Vision Subsidiary and Florida Addiction Treatment Center

USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic investigation affirmed that unauthorized persons got access to its system for one month from April 20, 2021 to May 17, … Read more

Hacking Incidents and Improper Disposal Incidents Reported

Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health information of 38,751 patients. On October 6, 2022, strange activity was noticed in its computer … Read more

CISA Director Encourage All Healthcare Providers to Use FIDO Authentication

The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the steps they can dp to be safe on the web, and emphasizing the value of using multi-factor authentication on bank … Read more

EyeMed to Pay $4.5 Million Penalty for Phishing Attack and Data Breach of 2.1M-Record

The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance provider, which gathers and keeps sensitive consumer data as a business practice. The DFS investigated … Read more

Wisconsin Department of Health Services, Detroit Health Department, and Smith, Gambrell & Russell, LLP Announce Data Breaches

Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach notice, in April 2021, the DHS Children’s Long-Term Support Council got a presentation via email … Read more

Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital

FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. That investigation didn’t find any proof that indicates the purpose of the cyberattack was to … Read more

Data Breaches at Choice Health, Tessie Cleveland Community Services Corp and Easterseals-Goodwill Northern Rocky Mountain

Humana lately reported the potential compromise of the protected health information (PHI) of 22,767 persons in a security incident at Choice Health. This business associate is Humana’s vendor of its Medicare products. On May 18, 2022, Choice Health discovered that one of its databases can be accessed online. The investigation confirmed there was a misconfiguration … Read more

Henderson & Walton Women’s Center & Genesis Health Care Inc. Report Data Breaches

Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the forensic investigation into the data breach revealed the attacker didn’t access the email server and … Read more

Health-ISAC Releases Guidance to help CISOs Implement Zero Trust Security Architectures

Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has helped companies well in past times, it isn’t useful online where there’s no border to … Read more

2.65 Million Victims of OneTouchPoint Ransomware Attack

The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is Common Ground Healthcare Cooperative based in Brookfield, WI. The cyberattack affected 133,714 of the Cooperative’s … Read more

LastPass Data Breach Results in Source Code Theft

LastPass, the company offering the most widely used password management solution worldwide, reported a cyberattack and security breach. As per LastPass, there are close to 30 million users of its password manager tool globally, which include 85,000 business clients. Notifications were sent to users to advise them concerning the cyberattack and give reassurances that although … Read more

HC3 Advisory About Growing Vishing Attacks and the Risks of Social Engineering

The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people by malicious actors to advance their own agenda. It is a comprehensive term that includes many varied types of attacks, … Read more

Independent Case Management & Conifer Health Solutions Report Cyberattacks

Independent Case Management (ICM) based in Little Rock, AR, a provider offering home and community-based assistance for persons with mental and developmental handicaps, recently informed 3,307 persons about the potential theft of some of their protected health information (PHI) in a ransomware attack. As per the notification letters, the attack affected three servers, which were … Read more

Florida Orthopaedic Institute to Pay $4 Million to Settle Class Action Data Breach Lawsuit

Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired access to a server keeping patients’ protected health information (PHI) and employed ransomware for file … Read more

Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona

Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on June 1, 2022. A third-party cybersecurity company helped look into the incident. It was affirmed … Read more

55% of Healthcare Providers Encountered a Third-Party Data Breach in the Past Year

Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, because the attack is profitable. The threat actor could acquire access to the networks of … Read more

Data Breaches Announced by Allegheny Health Network, St. Luke’s Health System, & Goldsboro Podiatry

St. Luke’s Health System based in Boise, ID, has just submitted a data breach report to the HHS’ Office for Civil Rights that affected 31,579 patients. The breach happened in May 2022 at Kaye-Smith, which is a billing vendor of the health system. The patients billed that month were affected by the breach. Kaye-Smith discovered … Read more

Data Breaches Announced by Blue Cross and Blue Shield of Massachusetts and Blue Shield of California

Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has lately affirmed that a data breach at a business associate led to the compromise of the protected health information (PHI) of several of its health plan members. The breach took place at LifeWorks US Inc, which offers services connected to the management of the Retirement Income … Read more

$500,000 Ransom Payment Seized by the Department of Justice

The U.S Department of Justice made an announcement that it seized approximately $500,000 in Bitcoin from North Korean threat actors that used the Maui ransomware to attack healthcare companies in the U.S.A. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently released a security advisory about North Korean attackers … Read more

Cyber Safety Review Board Claims Log4j Vulnerabilities Very Prevalent and Will Remain for Years

The Cyber Safety Review Board (CSRB), started by President Biden last February 2022, has released a report about the Log4j vulnerability (CVE-2021-44228) as well as linked vulnerabilities that were identified at the end of 2021. The vulnerabilities have an impact on Log4j, the open source Java-based logging tool. CSRB says that they are very rampant … Read more

President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe

President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare about 50 years ago. President Biden stated that the government should not interfere with these … Read more

Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices

Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of allegations that the mental health applications offered by Talkspace and BetterHelp are acquiring, mining, and distributing private client data to … Read more

Fitzgibbon Hospital, Christiana Spine Center, and Diskriter Encounter Ransomware Attacks

On June 25, 2022, a representative of a threat group known as DAIXIN Team shared details with regards to a ransomware attack and information theft incident that occurred at Fitzgibbon Hospital located in Marshall, Missouri. Stolen data was published to a dark web resource site. The published data consists of database tables taken from the … Read more

ONC and OCR Launch Modified Security Risk Assessment Tool

The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Security Rule calls for HIPAA-controlled entities to carry out a detailed, organization-wide risk … Read more

Santa Barbara County Department and Baptist Health Report Cyberattack

Medical Record Breach at Santa Barbara County Department of Behavioral Wellness Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, the department discovered unauthorized access when it applied a new security program for identifying unauthorized … Read more

OCR to Create Video on Recognized Security Practices in the HITECH Act

The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate OCR to look at recognized security practices that were set up for about 12 months … Read more

Atlassian Announces Fix for Maximum Severity Largely Exploited Vulnerability in Confluence Server and Data Center

Atlassian has developed a patch to resolve a critical zero-day vulnerability that has an effect on all supported models of Confluence Server and Data Center. The vulnerability, which is monitored as CVE-2022-26134 has the highest CVSS severity rating of 10. Unauthenticated attackers could take advantage of the vulnerability remotely to accomplish code execution. Security researchers … Read more

Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server

An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, from Downers Grove, IL, was employed at an IT organization that had an agreement with … Read more

Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Atlanta Perinatal Associates

Social Action Community Health System (SAC Health) has lately advised 149,940 patients regarding the theft of documents that contain their protected health information (PHI) in a break-in at an off-site storage place that keep patient records. SAC Health discovered the theft on March 4, 2022. The succeeding investigation affirmed on April 22, 2022 the theft … Read more

Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach

Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people take care of their diabetes, encountered a phishing attack that permitted unauthorized individuals to access … Read more

McKenzie Health System & Omnicell Report Cyberattacks

McKenzie Health System in Sandusky, MI, has just begun informing 25,318 individuals regarding the theft of some of their protected health information (PHI) due to a recent security incident that interrupted the operations of a number of its systems. The provider detected the suspicious activity inside its IT systems on March 11, 2022 and took … Read more

New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies

The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and patients. At this time, greater than 86 million Americans utilize a health or fitness application. … Read more

HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding insider threats. Insider Threats in Healthcare Cybercriminal gangs, nation-state hacking groups, and single hackers have … Read more

HHS Alerts the HPH Sector Regarding Hive Ransomware

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. HC3 has shown a study of the tactics, techniques, and procedures (TTPs) recognized to be … Read more

Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms

Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when Trezor, a cryptocurrency hardware wallet provider, looked into a phishing campaign targeting its clients that … Read more