Emma Taylor

Photo of author
Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on https://twitter.com/defensorum and contact Emma at emmataylor@defensorum.com.

HIPAA Encryption

HIPAA encryption is an addressable implementation specification of the Security Rule’s Technical Safeguards for Protected Health Information at rest (§164.312(a)) and in transit (§164.312(e)). Viable alternatives to HIPAA encryption are limited, may require a high level of technical skill to … Read more

What are the HIPAA Email Rules?

The HIPAA email rules are that email can only be used to send, receive, or store Protected Health Information (PHI) if the reason for PHI being disclosed is consistent with the Privacy Rule, and if safeguards are in place to … Read more

Pros and Cons of HIPAA

HIPAA has the advantage of safeguarding individuals’ medical information, ensuring their privacy, and promoting standardized electronic transactions in the healthcare industry, while its drawbacks include administrative burdens, potential barriers to efficient healthcare communication, and the risk of hindering certain forms … Read more

When must an individual be notified of a breach in their PHI?

Under the HIPAA Breach Notification Rule, covered entities must provide notification to affected individuals without unreasonable delay and in no case later than 60 days following the discovery of a breach of unsecured PHI. According to HIPAA, covered entities (such … Read more

When did HIPAA go into effect?

The HIPAA law, enacted by the United States Congress to modernize the flow of healthcare information, ensure the security and privacy of patient data, and set guidelines for the handling of electronic protected health information, went into effect on April … Read more

When you discover that a breach in PHI security has occurred to whom should you report it?

When a breach in PHI security has been discovered, you should initially report it internally within your organization, typically to your supervisor or the designated privacy officer, and if the breach occurred at a business associate, it should also be … Read more

When should you promote HIPAA awareness?

HIPAA awareness should be promoted on an ongoing basis to ensure compliance and foster a culture of privacy and security within organizations that handle Protected Health Information (PHI). HIPAA awareness should be promoted during employee onboarding, through regular training and … Read more

Why was HIPAA Created?

HIPAA was created to address several critical objectives in the healthcare sector, including enhancing health insurance portability, safeguarding the privacy and security of protected health information (PHI), improving healthcare administration efficiency, and combating fraud and abuse. Enacted by the U.S. … Read more

Which entity enforces HIPAA?

The enforcement of the HIPAA is carried out by the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS), with the OCR responsible for investigating HIPAA complaints, conducting compliance reviews, performing education and outreach … Read more

HITECH is an Acronym for what?

The acronym HITECH stands for the Health Information Technology for Economic and Clinical Health Act, a comprehensive legislation passed in 2009 as part of the American Recovery and Reinvestment Act (ARRA), which aimed to promote the widespread adoption and meaningful … Read more

Who enforces HIPAA in non-criminal cases?

In non-criminal cases, the enforcement of HIPAA is primarily handled by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS). The OCR plays a vital role in ensuring compliance with HIPAA regulations and … Read more

Why is HIPAA training important?

HIPAA training is important because it ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA), protects patient privacy and confidentiality, promotes data security and breach prevention, and fosters a culture of legal and ethical compliance in healthcare organizations. … Read more

Ransomware Attack Disables Campbell County Health Services

A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information.  Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 am on Friday, September 20, … Read more

Data Security Incident at SSCPG Affects 10,000 Patients

A data security incident at Shore Speciality Consultants Pulmonology Group (SSCPG) has potentially compromised the protected health information (PHI) of 10,000 patients.  SSCPG, based in New Jersey and part of the Shore Physicians Group, released a bulletin outlining the breach. … Read more

NCCoE Issues Guidance for Corporate-Owned Personally Enabled Devices

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices are now ubiquitous in the workforce due to the … Read more

Vulnerabilities Identified in Philips IntelliVue Firmware

Cybersecurity researchers have identified vulnerabilities in Philips IntelliVue WLAN firmware which could be exploited by hackers to install malware. Two vulnerabilities affect specific IntelliVue MP monitors. Hackers could use the vulnerabilities to install malicious firmware which could impact data flow … Read more

Phishing Attack at East Central Indiana School Trust Affects 3,200 Individuals

East Central Indiana School Trust (ECIST) is notifying more than 3,200 individuals that a phishing attack may have compromised their protected health information (PHI). On May 22, 2019, the organization noticed suspicious activity on an employee email account. ECIST immediately … Read more

Irish Internet Browser Claims Google is Operating GDPR ‘Workaround’

Irish Internet browser Brave has claimed that they have offered new information to the Data Protection Commission (DPC) in Ireland which proves that Google has been trying to bypass General Data Protection Regulation (GDPR) legislation.  Brave claims that Google has … Read more

Hurricane Dorian Triggers Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and the Carolinas

The Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian. On September 4, the Secretary, Alex Azar, … Read more

Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System

NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious email activity on its payroll … Read more

Software Vulnerability Identified in Change Healthcare Cardiology Devices

Cybersecurity researchers have identified a flaw in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. Locally authenticated users could exploit the flaw to insert files that could allow the attacker to execute arbitrary code on a vulnerable device. Alfonso … Read more

Swedish High School Issued GDPR Fine

A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was fined 200,000 SEK (€19,000/$21,000) for … Read more

Irish DPC Releases GDPR Breach Notification Guidance

The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications.  The Irish Data Protection Commission (DPC) has stated that the guidelines aim to help data controllers understand … Read more

Western Connecticut Health Network Patient Information Exposed in Mailing Incident

Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence.  On June 11, 2019, Western Connecticut Health Network (WCHN), now known as Nuvance Health, sent a … Read more

Kaspersky Lab Report Reveals Deficiencies in Healthcare Employee Cybersecurity Training

Kaspersky Labs has released a report revealing significant deficiencies in the cybersecurity training provided to healthcare employees.  The study was conducted by surveying 1,758 healthcare employees in the United States and Canada. Kaspersky Lab, a vendor of cybersecurity software, instigated … Read more

Monzo Contacts 500,000 Customers Following PIN Security Breach

Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year.  The incident, which may constitute a breach of the EU’s General Data Protection Regulation (GDPR) … Read more

Hackers Targeting US Utilities Sector with Spear Phishing Campaign

Hackers impersonating the US National Council of Examiners for Engineering and Surveying (NCEES) are targeting business in the US utility sector through a new phishing campaign.  Between July 19 and July 25 2019, the hackers sent phishing emails to three … Read more

Department of Veteran Affairs Office of Inspector General Uncovers Security Failings at Californian VA Center

The Department of Veteran Affairs Office of Inspector General (VA OIG) has discovered severe security failings at the Tibor Rubin VA Medical Center in Long Beach, California.  A recent inspection by the VA OIG uncovered security vulnerabilities related to medical device … Read more

Perry County Medical Center Notifying Patients Following Phishing Attack

Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised.  Perry Country Medical Center, a health care centre based in Linden, Tennessee, noticed … Read more

Presbyterian Healthcare Services Notifies 183,000 Patients Following Data Breach

Presbyterian Healthcare Services is notifying 183,000 patients that an unauthorised individual accessed their personal data.   The hackers gained access to the patient data after successfully fooling several employees into handing over their login credentials through a phishing campaign. The … Read more

Ransomware Attack at Imperial Health Affects 110,000 Patients

A ransomware attack at Imperial Health has compromised the protected health information of more than 116,000 patients.   On May 19, 2019, Imperial Health, a physicians’ network in Southwest Louisiana, discovered that an unauthorized party had installed ransomware onto the … Read more

Philadelphia DBHIDS Notifies Patients of Lost Laptop HIPAA Breach

The Philadelphia Department of Behavioral Health and Intellectual Disability Services (DBHIDS) is notifying 1,500 individuals that their private information may have been exposed after an employee lost an unencrypted laptop.  The employee has been carrying the laptop in a briefcase … Read more

Wise Health Phishing Attack Affects 36,000 Patients

Wise Health System is sending breach notification letters to 36,000 patients following a phishing attack on their system. Wise Health System is a health care system with over 1,900 employees based in Decatur, Texas. The breach occurred on March 14, … Read more

Phishing Attack at St. Croix Hospital Compromises PHI of 21,000 Patients

St. Croix Hospice is notifying 21,000 patients that their protected health information (PHI) may have been compromised in a phishing attack. St. Croix Hospice is a provider of hospice care in Minnesota and Wisconsin. On May 10, suspicious email activity … Read more

HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

In response to the Tropical Storm Barry that made landfall in Louisiana on July 13, the Secretary of the US Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and penalties. The HHS announced a … Read more

Marriott Fined £99 Million for Breach Affecting 7 Million UK Residents

The UK Information Commissioner’s Office has fined Marriott International Inc £99 million under GDPR for a data breach that affected seven million UK residents. The ICO released the statement for intention to fine Marriott on July 9, only a few … Read more

City of Griffin Officials Lose $800,000 Business Email Compromise Attack

The City of Griffin, Georgia, has revealed that it made two payments totalling $800,000 to scammers following a series of business email compromise attacks. BEC campaigns are a form of a phishing attack in which the cybercriminal impersonates a high-ranking … Read more

Microsoft July 2019 Patch Tuesday

Microsoft has issued patches for 77 vulnerabilities this Patch Tuesday. Of the vulnerabilities, 15 were rated critical and two were actively exploited zero day vulnerabilities.  Six of the vulnerabilities patched this month had been previously disclosed to the public. The … Read more

ICO Hits BA with £183.39 million GDPR Fine for 2018 Data Breach

British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of more than half a million … Read more

Dominion Health Data Breach Affects 3 Million Members

Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental and vision benefits based in … Read more

UChicago Faces Lawsuit for Sharing Patient Data with Google

UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed by Matt Dinerstein, a former … Read more

Summa Health Notifies 10,000 Patients of Data Security Incident

Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity on its email platform and … Read more

Flaw in Dell SupportAssist Leaves Millions of PCs vulnerable

A newly-identified privilege escalation flaw in Dell SupportAssist could leave millions of Dell PCs and laptops vulnerable attack. Threat actors could employ malicious software to elevate their privileges to administrator level and hijack the device for their nefarious purposes. The … Read more

Kingman Regional Medical Center Notifies Patients Following Website Data Breach

Kingman Regional Medical Center (KRMC) is in the process of notifying patients that their sensitive data may have been compromised following the discovery of a flaw on its website which may have allowed unauthorized users to access patient data. KRMC … Read more

Boxes of Patient Medical Records found Abandoned in Chicago

Boxes of patient medical records have been found abandoned in a former medical centre in the Chatham area of Chicago, Illinois. Clean-up crews have been brought in to assist in the clean-up operation which started hours after Ald. Roderick Sawyer … Read more

Franciscan Health Patient Data Compromised in Incident Involving Former Employee

Franciscan Health is notifying 2,200 patients that their sensitive data may have been compromised in a security incident involving a former employee. Franciscan Health, a health system operating 14 hospitals in Indiana and Illinois, discovered a former employee was accessing … Read more

What is a GDPR DPO?

The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire one? In this article, we … Read more

Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals

A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on April 1, 2019. The IT … Read more

Alabama Woman Awarded $300,000 for Privacy Breach at Medical Center Enterprise

A jury has awarded a woman $300,000 in damages following a privacy breach at Medical Center Enterprise (MCE), Alabama. Amy Pertuit’s patient rights were violated when a physician at MCE accessed and disclosed her protected health information to a third … Read more

Microsoft June 2019 Patch Tuesday

Microsoft has issued patches for 88 vulnerabilities this patch Tuesday. Of the vulnerabilities, 20 were rated critical. One servicing stack and 4 advisories were also released in the update. Microsoft stated that there was no evidence to suggest that threat … Read more