Emma Taylor
THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization
Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so. The healthcare provider, owned by Takai, Hoover & Hsu and based in Germantown, MD, has stated … Read more
ICO Declares HMRC Voice Recordings to be ‘Unlawfully Obtained’
Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in a voice authentication service, introduced … Read more
Today’s Vision Medical Records Found in Texas Dumpster
The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records patients and employees were found … Read more
Medical Informatics Engineering Settles with OCR for $100,000 for 2015 Data Breach
Medical Informatics Engineering Inc (MIE) has agreed to a $100,000 settlement with HHS’s Office for Civil Rights for a 2015 data breach affecting 3.5 million individuals. MIE, an Indiana-based provider of electronic medical record software and services, experienced the data … Read more
HHS Issues Clarification On Business Associates Liability
On May 24, 2019, the Department of Health and Human Services issued a clarification on business associates liability for violations of the Health Insurance Portability and Accountability Act. HHS Office for Civil Rights released information on what violations could result … Read more
Microsoft May 2019 Patch Tuesday
Microsoft has issued patches for 79 vulnerabilities this May 2019 Patch Tuesday. Of the vulnerabilities, 22 were rated critical. Adobe also issued patches for 84 vulnerabilities, 50 of which were critical. One critical flaw addressed by Microsoft left affected users … Read more
Businesses Still Using Unencrypted USB Devices to Store Data One Year After GDPR
It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading provider of technological solutions, surveyed … Read more
Oracle WebLogic Server Vulnerability Exploited Using Sodinokibi Ransomware
A vulnerability in Oracle WebLogic Server is being exploited in the wild by a new ransomware variant named Sodinokibi. On April 26, Oracle released an out-of-band patch to address the vulnerability (CVE-2019-2725). There have been several reported cases of the … Read more
Touchstone Medical Imaging Agrees to £3 million Settlement with OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a $3 million settlement with Touchstone Medical Imaging following a 2014 data breach. The Franklin, TN-based diagnostic medical imaging services company agreed to the settlement to … Read more
Inmediata Breach Notification Letters Sent to Incorrect Addresses
A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been accessible to Inmediata employees was … Read more
Maximum Penalties for HIPAA Violations Changed by HHS
The Department of Health and Humans Services has issued a notification of enforcement discretion in which they have reduced the maximum financial penalty for three of the four HIPAA violation tiers. The notification, entitled ‘Notification of Enforcement Discretion Regarding HIPAA … Read more
Denmark’s DPA Recommends Fine for Taxi Company GDPR Violation
Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to €160,754, for the violation. The … Read more
Microsoft Customer Email Information Compromised Following Support Agent Breach
Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and is thought to have been … Read more
Southern Hills Eye Care Ransomware Attack Reported
Southern Hills Eye Care in Sioux City, Iowa, has announced that a recent ransomware attack on their facility may have compromised patient PHI. Ransomware is a variant of malware that prevents which hackers use to extort victims. The malware prevents … Read more
New Sextortion Scams Identified Following Record Numbers Reported in 2018
Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature of the material. In many … Read more
Brookside ENT and Hearing Center Announces Closure Following Ransomware Attack
Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to patient records, appointment schedules, payment … Read more
DePaul Reports Phishing Compromised Employee Email Account
The assisted living facility provider DePaul has announced that a successful phishing attack on its networks has compromised patient data. DePaul, which operates facilities in New York, North Carolina, and South Carolina, discovered the breach on February 1, 2019. IT … Read more
OpenVPN Study Highlights Risks Posed by Remote Workers
A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT leaders, “from the manager level … Read more
DC Attorney General Proposes Stricter Data Breach Notification Laws
Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data breach incident. AG Racine introduced … Read more
Report Released on Issues of Healthcare Data Collected by Non-HIPAA Covered Entities
The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of this information is similar to … Read more
Microsoft CEO calls for Global GDPR-like Data Privacy Rights
The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic Forum in Davos Switzerland. He … Read more
14,000 Main Line Endoscopy Center Patients Affected by Phishing Attack
A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions of Pennsylvania discovered the attack … Read more
IRS Launches 2019 Dirty Dozen Campaign
The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises awareness of the most common … Read more
Hacker Compromises Employee Email Accounts at Rutland Regional Medical
Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A staff member discovered the attack … Read more
Data Breach at Rush University Medical Center Affects 45,000 Patients
Rush University Medical Center has announced that a data breach incident at a financial services vendor has compromised the PHI of 45,000 of their patients. The financial services vendor informed Rush of the incident on January 22, 2019. A member … Read more
Unauthorised Individual Gains Access to St. Francis Health System Patient Data
The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone … Read more
Bundeskartellamt Rules on Facebook’s Practices in Germany
Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has ruled how Facebook obtains, links, … Read more
What is Ransomware?
Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some background on ransomware attacks, outline … Read more
Cottage Health Pays $3,000,000 to OCR for HIPAA Violations
Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit health provider based in Santa … Read more
New Trojan Horse Malware Campaign Targeting Linux Servers Identified
Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They are installed under false pretences, … Read more
ICS-CERT Issues Medical Advisory for Vulnerabilities Found in BD FACSLyric Flow Cytometry Solution
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about vulnerabilities found in the BD FACSLyric flow cytometry solution. ICS-CERT is a governmental organisation that works to reduce the risk of cybercrime to US businesses. … Read more
HITRUST Incorporates GDPR into the CSF
The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology and information security sectors, has … Read more
Mozilla Official Predicts Stricter GDPR Enforcement in 2019
A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will see enhanced resources dedicated to … Read more
FilesLocker Master Key Released, File Decryptor Made Available for Free
Following the leaking of the master key for the FilesLocker ransomware on Pastebin, a decryptor has been made available to allow a victim’s files to be recovered for free. The master key is the key used by those behind a … Read more
HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released
The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped that the guidelines will help … Read more
Cyberattack Disrupts Printing of Major Newspapers
An investigation has been launched into a recent cyberattack that disrupted the printing of several major newspapers. The cyberattack on Tribune Publishing, attributed to a malware infection, caused disruption to several newspaper print runs including those of the Los Angeles … Read more
Global Netflix Phishing Scan Identified
A new global phishing scam has been identified in which hackers target customers of Netflix, the world’s largest streaming organisation. The U.S. Federal Trade Commission, an independent agency of the United States government, issued a warning about the Netflix scam … Read more
Rhode Island and Illinois Healthcare Clinics Hit by Ransomware Attacks
The Center for Vitreo-Retinal Diseases in Libertyville, IL, has announced that it was recently the victim of a ransomware attack. The attack was first noticed on September 18, 2018, and resulted in the encryption of data on the organisation’s servers. … Read more
ICS-CERT Discovers Vulnerability in Philips Health App
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only take a “low level” of … Read more
Adobe Releases Patch for Flash Player Vulnerability
On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player. The vulnerability had been identified in late November by Gigamon, held network visibility and traffic monitoring technology vendor. Qihoo 360, a Chinese internet … Read more
Cancer Centers of America Falls Victim to Phishing Attack
Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred due to one of its … Read more
GDPR Violation Penalty Levied Against Hospital for First Time
The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees … Read more
President Trump Signs Opioid Bill into Law
On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from overdosing on opioids. Hundreds more … Read more
Ransomware Attack on Jones Eye Clinic Affects 40,000 Patients
The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was … Read more
Radisson Hotel Data Breach Response Potentially in Violation of GDPR
The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in over 70 countries and incorporates … Read more
Beazley’s Publishes Breach Insights Report for Q3 2018
Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including the investigation and the breach … Read more
Phishing Attack Causes Breach at Catawba Valley Medical Center
Catawba Valley Medical Center (CVMC), a medical center serving the greater Catawba County area based in Hickory, North Carolina, has recently announced that an unauthorised individual gained access to their systems following a successful phishing attack. It is estimated that … Read more
Anthem Settles for Record $16 Million with OCR
Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the February 2015 attack on their … Read more
ERS Texas Data Breach Caused by Error in Online Portal’s Code
The Employees Retirement System of Texas (ERS) has discovered a flaw in its ERS OnLine portal which allowed some users to view other members’ details upon logging into the portal. Up to 1.25 million records may have been exposed as … Read more
FirstCare Health Plans Data Breach Caused by Mailing List Error
FirstCare Health Plans, a Texan health insurance organisation, has revealed that more than 8,000 of its members may have had some of their personal data breached due to an email error made by one of its staff. The organisation is … Read more
