Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage

The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months where cyberattacks were reported at double that rate. The seriousness of cyberattacks has likewise become more intense and the cost … Read more

420,433 People Affected by Health Plan of San Joaquin Email Security Breach

Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely viewed or obtained sensitive data. HPSJ noticed a likely email breach on or approximately October 12, 2020 after identifying suspicious … Read more

Is it a HIPAA Violation to Require Confirmation of Vaccine Status?

There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence of being vaccinated against COVID-19 to cease using a face mask in the work area? The Health Insurance Portability and … Read more

Ransomware Gangs Use New Triple Extortion Tactics

After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and government institutions. A few well-known hacking forums are separating themselves from ransomware and have prohibited … Read more

President Biden Signs Expansive Executive Order to Enhance Federal Networks Cybersecurity

On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and present a cyber threat response playbook to speed up the response to incidents and their mitigation. The 34-page Executive Order … Read more

PHI Compromised Because of the University of Florida Health Shands, St. John’s Well Child and Family Center and St. Paul’s PACE Breaches

University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission. The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the worker’s access to medical documents pending an investigation. The investigation established that the worker had been accessing patient health records … Read more

NIST Wants Feedback on Designed Updates to HIPAA Security Rule Implementation Guidance

The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of the guidance that ought to be adjusted. NIST publicized the guidance – NIST Special Publication (SP) 800-66, Revision 1, An … Read more

Three Actively Exploited Zero-Day Vulnerabilities in SonicWall Email Security

Three zero-day vulnerabilities were found in SonicWall Email Security solutions are being actively exploited in the wild by one or more threat actors. The vulnerabilities may be chained to obtain admin access to enterprise systems and do code execution. SonicWall Email Security products are used as a physical machine, virtual appliance, as a hosted SaaS … Read more

Higher Ransom Payment Due to Accellion FTA Data Exfiltration Extortion Attacks

The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of 2021 were healthcare ransomware attacks, the same with the public sector attacks. Attacks on professional services companies accounted for 24.9% … Read more

Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare

The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ … Read more

Montefiore Medical Center Staff Laid Off and Belden Class Action Lawsuit

Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have accessed patient health records without any authorization for a period of 5 months in 2020, and another employee was identified … Read more

Hackers Stole the PHI of Over 200,000 Washington D.C. Health Plan Members

CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted Health Plans, discovered a breach of its computer networks on January 28, 2021. The health plan based in Washington D.C … Read more

What is Texas HB 300?

What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. What is Texas HB 300? The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation that requires healthcare companies, … Read more

Data Breaches at Mobile Anesthesiologists Patients, Haven Behavioral Healthcare and Heart of Texas Community Health Center

Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, and allowed public access of PHI like names, health insurance details, date of service, medical procedure, and dates of birth. … Read more

UPMC and Charles Hilton and Associates Charged With Class Action Lawsuit Due to 36,000-Record Breach

University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number … Read more

Data Breaches at California Department of State Hospitals and Eyemart Express

The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology job and got access to data servers that contain sensitive patient and staff information so as to perform work assignments. … Read more

Data Breaches at New London Hospital, Child Focus and Orlando Health South Lake Hospital

New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. A third-party cybersecurity agency helped investigate the incident and confirmed on February 16, 2021 that the person accessed the file … Read more

Phishing Attack on Saint Alphonsus Health System, Saint Agnes Medical Center and Southeastern Minnesota Center for Independent Living

Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus detected strange activity in the email account of an employee on January 6, 2021. The provider … Read more

Virginia Consumer Data Protection Act Approved

Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will be effective on January 1, 2023. The CDPA has similarities with a number of the privacy and security conditions of … Read more

PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management

Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to … Read more

Online Storage Vendor Pays Ransom to Retrieve Healthcare Data Stolen During Cyberattack

The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care services provider received notification on January 15, 2021 that cyber attackers acquired access to the computer network of its storage … Read more

100% of Screened mHealth Applications Prone to API Attacks

The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by cybersecurity agency Approov. Ethical hacker and researcher Allissa Knight carried out the study to discover how protected famous mHealth apps … Read more

$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case

The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of Access enforcement action. Renown Health, a Northern Nevada non-profit healthcare network, agreed to pay a … Read more

Ransomware Attacks on Ramsey County and Crisp Regional Health Services and Vulnerability in Vaccine Scheduling Application

The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a ransomware attack on its vendor Netgain Technology LLC. Netgain Technology LLC based in St. Cloud offers technology solutions to Ramsey … Read more

Brandywine Urology Consultants Data Breach Lawsuit Dismissed Because of Lacking Evidence of Harm

The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of the breach. Brandywine Urology Consultants encountered a ransomware attack on January 27, 2020 The attack was identified after two days … Read more

Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches

The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third parties. Philly Fighting COVID started out as a nonprofit company providing coronavirus screening and then … Read more

$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case

Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 million individuals. Excellus Health Plan uncovered the data breach in 2015, the same year when … Read more

Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network

Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late October 2020. The subsequent investigation confirmed the compromise of three email accounts from October 14 to October 29, 2020. An … Read more

Emisoft Reports No Less Than 560 Ransomware Attacks on U.S. Healthcare Facilities in 2020

Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 as per the most recent State of Ransomware report of Emsisoft, a cybersecurity company based … Read more

Twitter Paid $544,000 Penalty for its GDPR Data Breach Violations

Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last January 2019. On January 8, 2019, Twitter International Company sent to the DPC a breach notification letter. On January 22, … Read more

OCR to Have Enforcement Discretion in Relation to the Use of Internet or Cloud-based Scheduling Software for COVID-19 Vaccination Sessions

The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the event of HIPAA rules violations associated with the honest use of online or web-based scheduling applications (WBSAs) for booking individual … Read more

M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal

The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. Anderson Cancer Center. The Civil Monetary Penalty was charged to M.D. Anderson in 2018 after the investigation of three data … Read more

Advantages of Healthcare Text Messaging Emphasized by New Analysis

Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly … Read more

Highmark BCBS of Delaware Probes Data Break Impacting 19K People

Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of secrecy as well as information supervision, Karen Kane, released a statement stating 16 former and … Read more

$475K Settlement for Late HIPAA Break Notice

The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded health info. Presence Health, among the biggest healthcare systems serving people of Illinois, has consented … Read more

UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches

The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent program was set up on a computer terminal in the Center for Speech, Language, and … Read more

Seguin Dermatology Declares Ransomware Assault ePHI Access Possible

Texas-centered Seguin Dermatology has begun notifying patients of a ransomware assault that has likely led to electronic protected health information being wrongly accessed. The assault happened around or on September 12, 2016, and affected a computer network used by the Bureau of Robert J. Magnon, Doctor of Medicine. The ransomware encrypted many file varieties avoiding … Read more

Kaiser Permanente Alerts Members of ePHI Revelation

Kaiser Permanente is alerting a few of its associates of a website formation mistake that led to the revelation of a few of their safeguarded health information. Luckily, the mistake was swiftly known and ePHI was just revealed for about 2 hours. On October 12, 2016, an upgrading to the site, Kp.org was carried out … Read more

Operations Annulled After 3 UK Hospitals are Paralyzed by Computer Infection

Cyberattacks on healthcare suppliers in the U.S. are happening at a frightening speed; nevertheless, it’s not just U.S healthcare companies which are targeted by cybercriminals. During the weekend, a big security case was informed by a National Health Service Trust in the U.K. The case has led to computer systems taken offline and scheduled operations … Read more

Analysis Emphasizes Danger of PHI Revelation from Unencrypted Healthcare Pagers

Several healthcare suppliers have now changed from pagers to more safe types of communication. Safe text messaging platforms permit safeguarded health info to be communicated swiftly and efficiently between doctors and care team associates. Those platforms include the necessary safety features to make sure messages can’t be interrupted and seen by illegal people. However, pagers … Read more

St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case

The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement a corrective action plan (CAP) to bring procedures and policies up to the standard required … Read more

OCR Alerts of FTP Weaknesses in NAS Appliances

The Division of Health and Human Services OCR has released a notice to HIPAA protected bodies as well as their business associates of a surge in assaults on network attached storage (NAS) appliances. The appliances are being assaulted using a type of malware known as Mal/Miner-C, or else called PhotMiner. The assault uses File Transfer … Read more

Assistance on HIPAA as well as Cloud Computing Released by HHS

The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the usage of cloud service providers (CSPs). CSPs which are lawfully independent bodies from a HIPAA-covered … Read more

Main Ohio Urology Consortium Notifies 300K Patients of PHI Thievery

Patients of Central Ohio Urology Consortium whose safeguarded health information was thieved and displayed live in August have now been informed of the safety break. Although it’s not sure precisely when the hack happened, the data thieved in the cyberattack were put live on August 2, 2016. Hackers uploaded a wide variety of patient files to Google … Read more

$400K HIPAA Payment for BAA Failures

The Section of Human and Health Services’ OCR has stated it has concluded an agreement with Care New England Health System (CNE) to settle suspected breaches of the HIPAA. CNE should reimburse a financial fine of $400K and should implement a complete Corrective Action Plan (CAP) to tackle different parts of HIPAA defiance. Care New … Read more

New Review Indicates Data Break Cost is $200K for each Happening

A new review indicates the cost of deciding breaks of confidential information is much lower than earlier thought. The charges are so little that for several firms there is a slight inducement to finance more cash to expand cybersecurity protections. Examining the price of data breaks is a difficult matter. There are direct charges connected … Read more

Deficiency of Ransomware Defenses Might Breach FTC Law

The Division of Health and Human Services’ OCR has lately distributed guidance for HIPAA covered entities on ransomware to assist protected bodies trade with the enhanced danger of ransomware assaults. Recently the Federal Trade Commission (FTC) has cautioned companies that they should do more to cope with the ransomware danger. The failure to apply proper safeguards against … Read more