Florida Heart Associates based in Fort Myers, FL encountered a ransomware attack on May 19, 2021 and has brought about significant and ongoing interruption to its services. Medical practice is just running at about 50% capacity for two months since the attack. Interruption is likely to proceed for various more weeks, as it’s not possible … Read more
CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known as CaptureRx, offers IT assistance to hospitals to help them take care of their 340B drug discount packages. By means … Read more
Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider. Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain access to patient data for cancer treatments. Cybercriminals obtained access to Elekta’s systems from April … Read more
Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers and their clients. The vulnerabilities taken advantage of in the attack were included in a group of seven flaws that … Read more
Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen for words and phrases that awaken the devices and activates them to begin recording. Particularly, the devices listen to the … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was called PrintNightmare and is monitored as CVE-2021-34527. The vulnerability is caused by the Windows Print Spooler service that incorrectly executes … Read more
The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General. The amendment of the Texas Business and Commerce Code § 521.053, now known as House … Read more
UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address. The healthcare system in Louisville, KY sent breach notification letters to impacted patients on June 7, 2021 instructing them concerning the compromise of some of their PHI. The owner of the … Read more
A bipartisan group of senators has presented a federal data breach notification law- the Cyber Incident Notification Act of 2021 – that calls for all federal institutions, contractors, and companies that have command over critical infrastructure to report considerable cyber threats to the Cybersecurity and Infrastructure Security Agency (CISA) in 24 hours of knowing about … Read more
Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such as names, patient ID numbers, healthcare provider names, health insurance data, and treatment cost details … Read more
The Healthcare and Public Health Sector Coordinating Council (HSCC) has prompted President Biden to give more funds and support to strengthen the cybersecurity posture of the medical care industry to boost toughness against cyberattacks. In the latest letter given to President Biden and replicated to Senate and House party leaders, the HSCC requested additional money … Read more
Social media platforms including Facebook, Snapchat, Twitter, and Instagram allow healthcare companies to easily promote their services and earn new clients. Healthcare companies could utilize social media platforms to connect with patients, give announcements about their services, and get patients to take on a more dynamic part in their medical care. Although there are a … Read more
Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked a phishing email that imitated one of the business owners of Lafourche Medical Group and … Read more
The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months where cyberattacks were reported at double that rate. The seriousness of cyberattacks has likewise become more intense and the cost … Read more
Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely viewed or obtained sensitive data. HPSJ noticed a likely email breach on or approximately October 12, 2020 after identifying suspicious … Read more
There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence of being vaccinated against COVID-19 to cease using a face mask in the work area? The Health Insurance Portability and … Read more
After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and government institutions. A few well-known hacking forums are separating themselves from ransomware and have prohibited … Read more
On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and present a cyber threat response playbook to speed up the response to incidents and their mitigation. The 34-page Executive Order … Read more
University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission. The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the worker’s access to medical documents pending an investigation. The investigation established that the worker had been accessing patient health records … Read more
The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of the guidance that ought to be adjusted. NIST publicized the guidance – NIST Special Publication (SP) 800-66, Revision 1, An … Read more
Three zero-day vulnerabilities were found in SonicWall Email Security solutions are being actively exploited in the wild by one or more threat actors. The vulnerabilities may be chained to obtain admin access to enterprise systems and do code execution. SonicWall Email Security products are used as a physical machine, virtual appliance, as a hosted SaaS … Read more
The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of 2021 were healthcare ransomware attacks, the same with the public sector attacks. Attacks on professional services companies accounted for 24.9% … Read more
The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ … Read more
Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have accessed patient health records without any authorization for a period of 5 months in 2020, and another employee was identified … Read more
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted Health Plans, discovered a breach of its computer networks on January 28, 2021. The health plan based in Washington D.C … Read more
What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. What is Texas HB 300? The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation that requires healthcare companies, … Read more
A number of healthcare companies have lately affirmed they were impacted by the Accellion cyberattack last December 2020. The attack was connected to the Clop ransomware gang since its leak website had published parts of the stolen data from the attack, though it seems that no ransomware was used. Accellion used a file transfer solution … Read more
Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, and allowed public access of PHI like names, health insurance details, date of service, medical procedure, and dates of birth. … Read more
University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number … Read more
The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology job and got access to data servers that contain sensitive patient and staff information so as to perform work assignments. … Read more
New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. A third-party cybersecurity agency helped investigate the incident and confirmed on February 16, 2021 that the person accessed the file … Read more
Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus detected strange activity in the email account of an employee on January 6, 2021. The provider … Read more
Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will be effective on January 1, 2023. The CDPA has similarities with a number of the privacy and security conditions of … Read more
Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to … Read more
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care services provider received notification on January 15, 2021 that cyber attackers acquired access to the computer network of its storage … Read more
The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by cybersecurity agency Approov. Ethical hacker and researcher Allissa Knight carried out the study to discover how protected famous mHealth apps … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of Access enforcement action. Renown Health, a Northern Nevada non-profit healthcare network, agreed to pay a … Read more
The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a ransomware attack on its vendor Netgain Technology LLC. Netgain Technology LLC based in St. Cloud offers technology solutions to Ramsey … Read more
The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of the breach. Brandywine Urology Consultants encountered a ransomware attack on January 27, 2020 The attack was identified after two days … Read more
The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third parties. Philly Fighting COVID started out as a nonprofit company providing coronavirus screening and then … Read more
Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 million individuals. Excellus Health Plan uncovered the data breach in 2015, the same year when … Read more
Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late October 2020. The subsequent investigation confirmed the compromise of three email accounts from October 14 to October 29, 2020. An … Read more
Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 as per the most recent State of Ransomware report of Emsisoft, a cybersecurity company based … Read more
Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last January 2019. On January 8, 2019, Twitter International Company sent to the DPC a breach notification letter. On January 22, … Read more
The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the event of HIPAA rules violations associated with the honest use of online or web-based scheduling applications (WBSAs) for booking individual … Read more
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. Anderson Cancer Center. The Civil Monetary Penalty was charged to M.D. Anderson in 2018 after the investigation of three data … Read more
Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly … Read more
Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of secrecy as well as information supervision, Karen Kane, released a statement stating 16 former and … Read more
The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded health info. Presence Health, among the biggest healthcare systems serving people of Illinois, has consented … Read more
The County of Los Angeles took some time to publicize it was the sufferer of a big phishing attack, particularly bearing in mind the attack was found out within a day of the May, 2016 break. However, the announcement had to be postponed so as not to hamper with a “broad” criminal inquiry. The inquiry … Read more