Latest Phishing Kits Used to Bypass Multi-Factor Authentication

Phishing attacks make it possible for threat actors to get credentials, but with multi-factor authentication (MFA), it is tougher for phishing attacks to become successful. With MFA activated, aside from a username and password, an additional way of authentication is needed prior to approving account access. Microsoft has earlier mentioned multi-factor authentication prevents 99.9% of … Read more

Data Breaches Announced by Suncoast Skin Solutions, South City Hospital, The Colorado DHS and Raveco Medical

Suncoast Skin Solutions, a network comprised of 22 medical, surgical, and cosmetic dermatological care clinics based in Florida, lately commenced informing 57,730 patients regarding a ransomware attack it uncovered on July 14, 2021. Suncoast stated upon discovery of the attack, it took immediate action to avoid the encryption of its whole systems and hired a … Read more

Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022

The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of the Department of Health and Human Services (HHS). The survey will continue to be accessible … Read more

Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack

Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the hackers initially acquired access to organization servers on or approximately July 10, 2021, and put … Read more

The University of Arkansas for Medical Sciences and Sacramento County Reported Email Breaches

The University of Arkansas for Medical Sciences and Sacramento County recently reported email-related breaches of protected health information (PHI). HIPAA Violation by an Employee of the University of Arkansas for Medical Sciences (UAMS) The University of Arkansas for Medical Sciences (UAMS) has begun sending breach notification letters to patients to notify them about a HIPAA … Read more

What are the Penalties for HIPAA Violations?

The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and procedures that are according to the criteria specified by HIPAA. The Health Insurance Portability and … Read more

Millennium Eye Care and Duneland School Corporation Cyberattack

Data of Millennium Eye Care Patients Stolen by Ransomware Gang A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file encryption in an effort to extort cash from the healthcare provider. The breach notification letters … Read more

State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach

The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA mentioned in a breach notice posted on its web page that it identified and blocked … Read more

HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect

The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In emergency scenarios like disease outbreaks, HIPAA Rules stay effective and the demands of the HIPAA … Read more

Pharmacy Hospital and Dental Practice Report Hacking Cases Affecting Over 355,000 Individuals

An attacker acquired access to BioPlus Specialty Pharmacy Services, an IT network located in Altamonte Springs, FL. Files containing sensitive patient data were accessed by the attacker. The pharmacy discovered the attack on November 11, 2021, and took prompt action to get rid of the hacker from its system. A third-party computer forensics agency aided … Read more

OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk protection orders. In June 2021, the U.S. Department of Justice shared model legislation to give … Read more

New Jersey Penalizes Hackensack Healthcare Companies for HIPAA Violations

The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. Regional Cancer Care Associates located in Hackensack, NJ is a name for 3 healthcare companies that run healthcare services in … Read more

PHI of 750,000 Oregon Anesthesiology Patients Restored After the Ransomware Attack

On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information. Subsequent to the attack, its IT infrastructure was reconstructed and offline data backups were employed to quickly bring back the impacted … Read more

Email Account Breaches Impact PHI of 40,000 Individuals

Three healthcare providers have reported data breaches that affected the email accounts of employees. The occurrences potentially resulted in the exposure and likely theft of the protected health information (PHI) of around 40,000 people. Region IV Area Agency on Aging On or around September 30, 2021, Region IV Area Agency on Aging in Michigan (AAA4) … Read more

Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New Mexico on October 5, 2021. Steps had been taken immediately to secure its IT systems. … Read more

Lifting of Class Certification Order Associated With Data Breach Lawsuit Versus West Virginia University Health System

West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted the class certification order. The lawsuit is in connection with an insider data breach that took place in 2016. From … Read more

HC3 Alerts Healthcare Sector Concerning Threat of Zero-day Attacks

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a notification to the healthcare and public health industry concerning a rise in financially inspired zero-day attacks, teaching mitigation strategies that must be implemented to minimize risk to a low and tolerable level. A zero-day attack makes use of a vulnerability for which there isn’t … Read more

82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months

Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices being employed in healthcare has risen considerably in the past few years as connected health … Read more

PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches

The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Persons Exposed Because of the Sea Mar Community Health Centers Hacking Incident Sea Mar Community Health Centers is … Read more

JEV Plastic Surgery & Medical Aesthetics and UNC Health Reported Data Breaches

JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has began sending notifications to 1,620 patients concerning the exposure of some of their protected health information (PHI) because of a security breach. Malware was discovered which granted an unauthorized individual to gain access to systems that held protected health information. A third-party forensic … Read more

Ransomware Attacks Reported by Victory Health Partners and Strategic Benefits Advisors

Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information and has possibly released them. When Victory Health Partners discovered the attack, it shut down … Read more

42% of Healthcare Companies Have Not Established an Incident Response Plan

Ransomware attacks, hacks, and other IT security problems are the cause of major data breach reports sent to the Department of Health and Human Services’ Office for Civil Rights, although data breaches concerning physical documents are likewise common. The Verizon Data Breach Investigations Report showed that exposed physical files made up 43% of all data … Read more

PHI Exposed in Tech Etch Ransomware Attack and UNC Hospitals Data Theft

Tech Etch located in Plymouth, MA makes precision-engineered thin metal pieces, versatile printed circuits, and EMI/RFI shielding. It has reported a ransomware attack that resulted in the potential compromise of the personal data and protected health information (PHI) of present and past workers. Firms like Tech Etch wouldn’t commonly be demanded to conform to HIPAA; … Read more

Highlighting the Importance of Cybersecurity This Cybersecurity Awareness Month

The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity Information for Businesses One research indicates 64% of firms all over the world have encountered some kind of cyberattack and … Read more

University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach

University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise not approved to view the details. Insider breaches like this are pretty common, though what … Read more

19,000 People Impacted by Ransomware Attack on Directions for Living

The non-profit behavioral health service provider Directions for Living based in Clearwater, FL experienced a ransomware attack last July 17, 2021. When Directions for Living found out about the attack, it let law enforcement and got third-party computer forensics experts investigating the scope of the cyberattack and help take care of remediation. The investigation into … Read more

New Jersey Infertility Clinic Settles HIPAA Violatioin and Diamond Data Breach

A New Jersey infertility clinic has reached a settlement with the state and will pay a $495,000 penalty fee for its violation of the HIPAA and New Jersey laws as it did not implement appropriate cybersecurity action. Diamond Institute for Infertility and Menopause, LLC (Diamond) in Millburn, NJ operates one healthcare facility in New Jersey, … Read more

CISA Released Insider Threat Self-Assessment Tool

Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to help end-users increase their knowledge about insider threats and create prevention and mitigation plans. In … Read more

What is a HIPAA Subpoena?

Lately, the U.S. Department of Justice has been pursuing healthcare criminal acts and investigations frequently entail the issuance of a HIPAA subpoena. The subpoena pressures HIPAA-regulated entities to give data including patient health records that they are not allowed to reveal because of Privacy Rule prohibitions on uses and disclosures. Under the HIPAA Privacy Rule, … Read more

Data Breaches at Horizon House and Samaritan Center of Puget Sound

Horizon House, Inc. based in Philadelphia, PA provides mental health and residential treatment services. It reported a hacking incident that affected its IT systems resulting in the potential compromise of the protected health information (PHI) of 27,823 people. Horizon House discovered suspicious activity in its computer systems last March 5, 2021. It started an investigation … Read more

Alaska DHSS Claims May 2021 Cyberattack Has Potential Effect on All Alaskans

The Alaska Department of Health and Social Services (DHSS) will commence sending notification letters to all people in the state informing them about the possible exposure of their personal and health data due to a highly advanced cyberattack performed by a nation-state attacker. The cyberattack was noticed on May 2, 2021 and the DHSS was … Read more

DuPage Medical Group Faces Lawsuit for July 2021 Ransomware Attack

Two DuPage Medical Group patients are filing a lawsuit against the healthcare company subsequent to a July 2021 ransomware attack whereby patients’ protected health information (PHI) was exposed. DuPage Medical Group encountered a ransomware attack in the middle of July. The forensic investigation confirmed unauthorized people had acquired access to its computer system between July … Read more

NCCoE Publishes Final Cybersecurity Practice Guide on Mobile Application Solo Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. Public safety and first responder (PSFR) staff need on-demand access to public safety information to … Read more

Unauthorized Individuals Accessed CareATC Email Accounts

Population health management firm CareATC based in Tulsa, OK, has learned that unauthorized people have accessed the email accounts of two workers and possibly acquired access to the personal data of patients and workers. CareATC started an investigation on June 29, 2021 upon detecting suspicious activity in the email account of a worker. Third-party forensics … Read more

SonicWall Threat Report Indicates Substantial Growth in Ransomware Attacks

SonicWall publicized a Cyber Threat Report update last July, which affirmed a significant rise in cyberattacks beginning 2020. From January to June of 2021, cryptojacking attacks went up by 23%, encrypted threats went up by 26%, IoT attacks increased by 59%, and ransomware attackers went up by 151% in comparison to the identical time period … Read more

UNM Health Data Breach Impacts Over 637,000 Individuals

UNM Health found out that an unauthorized third party acquired access to its system and possibly viewed and copied files from that included patients’ protected health information (PHI). The healthcare provider discovered the security incident on June 4, 2021 and immediately launched an investigation to determine the extent of the breach. UNM Health confirmed that … Read more

Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients

Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an unauthorized medical record access occurrence approximately January 24, 2020. LIJFH received a subpoena for records associated with an investigation by … Read more

Phishing Attacks at Academic HealthPlans and Wayne County Hospital

Academic HealthPlans, Inc. (AHP) learned that an unauthorized person has obtained access to the email accounts of two workers after they responded to phishing emails. AHP was informed of a potential breach upon detecting suspicious activity in its Microsoft Office 365 email account. The impacted accounts were made secure, and an investigation was started to … Read more

Record GDPR Penalty of $886 Million Issued to Amazon

The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, 2018, the GDPR has been in effect giving EU citizens legal rights regarding their personal data and put limitations on … Read more

Florida Heart Associates Serving at 50% Capacity for 2 Months Since a Ransomware Attack

Florida Heart Associates based in Fort Myers, FL encountered a ransomware attack on May 19, 2021 and has brought about significant and ongoing interruption to its services. Medical practice is just running at about 50% capacity for two months since the attack. Interruption is likely to proceed for various more weeks, as it’s not possible … Read more

CaptureRx Confronting Multiple Class Action Lawsuits Due to the Ransomware Attack Impacting 2.4 Million Patients

CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known as CaptureRx, offers IT assistance to hospitals to help them take care of their 340B drug discount packages. By means … Read more

Impact of Elekta Ransomware Attack on Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Confirmed

Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider. Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain access to patient data for cancer treatments. Cybercriminals obtained access to Elekta’s systems from April … Read more

Kaseya Security Update Resolves Vulnerabilities Exploited in KSA Ransomware Attack

Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers and their clients. The vulnerabilities taken advantage of in the attack were included in a group of seven flaws that … Read more

Healthcare Employees Took Legal Action Against Amazon Alleging Alexa Devices Violated HIPAA

Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen for words and phrases that awaken the devices and activates them to begin recording. Particularly, the devices listen to the … Read more

Exploit Available for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was called PrintNightmare and is monitored as CVE-2021-34527. The vulnerability is caused by the Windows Print Spooler service that incorrectly executes … Read more

Bill Requiring the Texas State AG to Publish Data Breach ‘Wall of Shame’ Gets Approval

The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General. The amendment of the Texas Business and Commerce Code § 521.053, now known as House … Read more

UofL Health and Jawonio Report Email Data Breaches

UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address. The healthcare system in Louisville, KY sent breach notification letters to impacted patients on June 7, 2021 instructing them concerning the compromise of some of their PHI. The owner of the … Read more