John Blacksmith

Photo of author
John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism.

57% More Active Ransomware Groups in H1 2024

Searchlight Cyber1 reported a 57% increase in the number of active ransomware groups. In H1 of 2023, 46 active ransomware groups were identified from posts on dark web data leak sites compared to 72 active groups in H1 of  2024. … Read more

Atlantic General Hospital Pays $2.25 Million to Resolve Data Breach Lawsuit

Atlantic General Hospital in Berlin, MD, has proposed a $2.24 million settlement to resolve a class action lawsuit associated with a ransomware attack in 2023. The settlement proposal was given preliminary approval by the court. The nonprofit hospital identified the … Read more

Radar/Dispossessor Ransomware Group Operations Disrupted by the FBI

The Federal Bureau of Investigation (FBI) spearheaded a global operation that successfully dismantled the infrastructure of the Radar/Dispossessor ransomware group, a criminal ransomware-as-a-service (RaaS) group led by someone known as ‘Brain’. The operation led to the takedown of the group’s … Read more

Blood Supplies Affected by Ransomware Attack on OneBlood

OneBlood, a nonprofit blood donation organization based in Florida, encountered a ransomware attack that is impacting its capability to supply blood to hospitals in the U.S. OneBlood supplies blood to about 250 hospitals in Alabama, Georgia, Florida, and South and … Read more

EPA Urged to Develop a Strategy to Address Cybersecurity Risks in Water Sector

The U.S. water and wastewater systems are dealing with an increasingly serious threat from cyberattacks, which could have lasting consequences for public health and environmental safety. A report from the U.S. Government Accountability Office (GAO) has found weaknesses within these … Read more

74% of Ransomware Victims Suffered Multiple Ransomware Attacks

A new study by the cybersecurity company Semperis showed that companies tend to be attacked by ransomware groups several times. 74% of organizations that encountered a ransomware attack reported experiencing multiple attacks. These attacks caused problems at 87% of targeted … Read more

10 Million Unique Acadian Ambulance Records Stolen by Daixin Team

Acadian Ambulance reported a cyberattack in June 2024 that upset the functionality of selected computer systems. Daixin Team said it was behind the ransomware attack and threatened to release the stolen information to the public when no ransom is paid. … Read more

NextGen Healthcare Faces Legal Battle Over 2023 Data Breaches

Overview of the Data Breaches The health information technology company “NextGen Healthcare”, is currently embroiled in a legal battle following two data breaches that took place in 2023. These incidents exposed sensitive patient information, leading to a wave of lawsuits … Read more

Phishing Attack on Memorial Sloan Kettering Cancer Center

Memorial Sloan Kettering Cancer Center (MSK) based in New York City has reported the compromise of the protected health information (PHI) of 12,274 people due to a phishing attack. On April 26, 2024, MSK discovered suspicious activity in the email … Read more

$3.4M Settlement Proposed by Nationwide Vision/Sightcare to Resolve Class Action Lawsuit

A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included 73,073 Nationwide Optometry patients and … Read more

HIPAA Violation Email Examples

There are thousands of HIPAA violation email examples in the public domain, and likely many more thousands not made public due to the reporting requirements of HHS’ Office for Civil Rights and State Attorneys General. However, few examples of HIPAA … Read more

312,000 Patients Impacted by Texas Retina Associates Cyberattack

Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network and possible theft of sensitive … Read more

Is it a Violation of HIPAA to Email Medical Records?

It is not a violation of HIPAA to email medical records as long as the reason for emailing PHI is a required, permissible, or excepted reason under the Privacy Rule, as long as the disclosure of PHI complies with the … Read more

$950,000 Paid by Heritage Valley Health System to Resolve Alleged HIPAA Violations

The 3-hospital health system has over 50 doctor clinics and numerous community satellite services in eastern Ohio, Pennsylvania, and the panhandle of West Virginia. In 2017, Heritage Valley was impacted by a worldwide malware attack. The NotPetya malware was installed … Read more

Sisense Data Breach Impacts About 20,000 Aptihealth Patients

The digital mental health solutions company Aptihealth based in Saratoga Springs, NY has reported the exposure or theft of the protected health information (PHI) of 19,805 patients. It uses its digital platform to provide mental health care to patients while … Read more

Ransomware Group Exposes 300 Million Patients’ Data

The Qilin ransomware group, believed to be Russian, uploaded to its dark web leak site the information stolen during the attack on Synnovis because of non-payment of the $50 million ransom demand. On June 3, 2024, Synnovis, the company offering … Read more

Healthcare Cybersecurity Awareness Training Course Launched by ComplianceJunction

ComplianceJunction has created a new training course for healthcare organizations to allow them to raise employee awareness of the common cyber threats that provide hackers with access to healthcare networks and employee, patient, and client data. The HIPAA Security Rule … Read more

512,000 Consulting Radiologists Patients Affected by Cyberattack

Consulting Radiologists is a radiology services firm based in Edina, Minnesota. The companybegan sending personal notifications to approximately 512,000 patients impacted by a cyberattack in February 2024. Consulting Radiologists provides 22 hospitals and clinics with on-site radiology services and remote … Read more

Columbia University Irving Medical Center Patient Data Exposed Online

Columbia University Irving Medical Center (CUIMC) submitted a data breach report to the HHS’ Office for Civil Rights on May 6, 2024 indicating that 29,629 individuals were affected. New York-Presbyterian (NYP) and CUIMC were informed of the breach of patient … Read more

Ascension Confirms Initial Access Vector and Data Theft During a Ransomware Attack

Ascension has reported the theft of files from a few servers during its latest ransomware attack. Some files included personally identifiable information (PII) and protected health information (PHI). The attackers accessed servers that were employed for everyday and regular tasks, … Read more

MicroDicom DICOM Viewer Two New High Severity Vulnerabilities

The MicroDicom DICOM Viewer medical image viewer was found to have two high-severity vulnerabilities. One vulnerability can result in arbitrary code execution. The other vulnerability could enable an attacker to get sensitive data, put new medical photos, or overwrite current … Read more

Large Healthcare Companies Need to Improve Cybersecurity Measures

Senate Finance Committee chair, Senator Ron Wyden sent a letter to the Department of Health and Human Services (HHS) through Secretary Xavier Becerra asking big healthcare organizations to improve their cybersecurity protocols. One factor in the success of cyberattacks in … Read more

Designed Receivable Solutions Lawsuit Due to 500M-Record Data Breach

Revenue cycle management company, Designed Receivable Solutions based in Cypress, CA, is facing a class action lawsuit associated with a data breach that impacted more or less half a million people. The company detected an attack on January 22, 2024. … Read more

Critical Vulnerabilities Found in Baxter Welch Allyn Products

On May 30, 2024, CISA publicized ICS Medical Alerts for Baxter products and medical devices. Baxter identified two critical vulnerabilities in its Welch Allyn products, namely the Welch Allyn Connex Spot Monitor and the Welch Allyn Product Configuration Tool. Baxter … Read more

Health Data of Texas Panhandle Centers Patients Exposed in October 2023 Data Breach

Certified Community Behavioral Health Clinic, Texas Panhandle Centers (TPC) based in Amarillo, TX uncovered unauthorized access to its computer network and the compromise of 16,394 patients’ personal data and protected health information (PHI). TPC, which was founded in 1966, serves … Read more

New Reproductive Health Care Privacy Rule Released Under HIPAA

The Final Rule ensures the privacy protection of the health records of women, their members of the family, and physicians who are seeking, getting, offering, or assisting legal reproductive health care. The Biden-Harris Administration and the Office for Civil Rights … Read more

Warning Against Different Types of Business Email Compromise Attacks

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) is warning the healthcare and public health (HPH) sector concerning business email compromise (BEC) attacks. BEC attacks refer to a type of spear phishing utilizing social … Read more

Discovered Vulnerabilities in GE Healthcare Ultrasound Products and in Desktop Windows Manager

11 Vulnerabilities Discovered in GE HealthCare Ultrasound Products About 12 vulnerabilities were discovered in GE HealthCare Vivid Ultrasound devices that threat actors can exploit to access and modify patient information, and possibly install ransomware to make the devices inaccessible. Researchers … Read more

How to Make ChatGPT HIPAA Compliant - Defensorum.com

How to Make ChatGPT HIPAA Compliant

The way to make ChatGPT HIPAA compliant is to deploy anonymizing software between users and the ChatGPT program in order that no Protected Health Information is disclosed to ChatGPT. However, when using this solution, it is necessary for the anonymizing … Read more

Settlement of Class Action Lawsuits by Gifted Healthcare and Presbyterian Healthcare Services

Settlement Offered to Settle Gifted Healthcare Data Breach Lawsuit Gifted Healthcare has offered to settle a class action lawsuit that claimed negligence for not implementing appropriate cybersecurity steps that resulted in a data breach. The nursing agency based in Metairie, … Read more

Password Guidelines and Recommendations

World Password Day is celebrated on the first Thursday of May. It was founded in 2013 with the objective of increasing awareness of the significance of using complex and unique passwords and implementing password guidelines to maintain the privacy and … Read more

PHI Exposed in Tennessee Eye Clinic Network, Somerset Dental Las Vegas and Catholic Medical Center Cyberattacks

BianLian Threat Group Attacks Tennessee Eye Clinic Network Politzer and Durocher, PLC, also called Optometric Physicians of Middle Tennessee (OPMT), submitted a hacking incident report to the HHS Office for Civil Rights that impacted the personal data and protected health … Read more

Orrick, Herrington & Sutcliffe Settles Lawsuit and Ernest Health’s Recent Lawsuit

Orrick, Herrington & Sutcliffe Pay $8 Million to Settle Class Action Data Breach Lawsuit The law agency Orrick, Herrington & Sutcliffe based in San Francisco, CA is paying $8 million to settle a class action lawsuit associated with a cyberattack … Read more

Planned Parenthood Los Angeles Settles Lawsuit and Children’s Healthcare of Atlanta Pixel-Related Lawsuit

Planned Parenthood Los Angeles Settles Class Action Data Breach Lawsuit for $6 Million Reproductive healthcare services provider Planned Parenthood Los Angeles located in Los Angeles County proposed a $6 million settlement to take care of all claims associated with a … Read more

How to Make Microsoft 365 HIPAA Compliant

The way to make Microsoft 365 HIPAA compliant so it can be used to create, receive, store, or transmit Protected Health Information is to subscribe to a plan that supports HIPAA compliance and configure each product or service within the … Read more

How to Make Google Workspace HIPAA Compliant

The way to make Google Workspace HIPAA compliant is to subscribe to a Workspace Plan that supports HIPAA compliance, agree to the terms of Google’s Business Associate Addendum, and configure the core services included in the Workspace plan to mitigate … Read more

Credential Harvesting Prevention and Alert Against Volt Typhoon Threat

HHS Offers Guidance on Credential Harvesting Mitigations The Health Sector Cybersecurity Coordination Center (HC3) has given a healthcare and public health (HPH) sector advisory regarding credential harvesting, a frequent tactic employed in cyberattacks on the HPH sector by online hackers. … Read more

Is Zelle HIPAA compliant? Defensorum.com

Does Zelle Need to be HIPAA Compliant?

Zelle does not need to be HIPAA compliant before covered entities can use the fund transfer service to collect payments from patients and plan members because of an exemption in HIPAA for payment processors. However, covered entities must ensure that, … Read more

Is IVY Pay HIPAA Compliant?

Is it Necessary for Ivy Pay to be HIPAA Compliant?

It is necessary for Ivy Pay to be HIPAA compliant if a healthcare provider who qualifies as a HIPAA covered or hybrid entity wants to use the payment processing software for functions that involve uses and disclosures of Protected Health … Read more

Reports of Cyberattacks and Data Breaches by Valley Oaks Health, Sycamore Rehabilitation Services, Humana Inc., and Jewish Home Lifecare

50,000-Record Data Breach at Valley Oaks Health, Indiana Valley Oaks Health based in Niles, IL recently informed 50,352 persons concerning a breach of its system environment. Unauthorized persons acquired access to sections of its system from June 8, 2023 to … Read more

HIPAA security audit requirements

HIPAA Security Audit Requirements

The HIPAA security audit requirements are that covered entities and business associates conduct a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI and implement security measures sufficient to reduce risks and vulnerabilities … Read more

Unite Here Data Breach And Lurie Children’s Hospital Cyberattack

791,000 People Affected by UNITE HERE Data Breach The labor Union, UNITE HERE, located in New York has 300,000 working individuals all over the United States and Canada. It recently filed a breach report to the HHS’ Office for Civil … Read more

Does PayPal Need to be HIPAA Compliant to Accept Payments for Healthcare?

Does PayPal Need to be HIPAA Compliant to Accept Payments for Healthcare?

PayPal does not need to be HIPAA compliant to accept payments for healthcare due to an exemption in HIPAA that applies to all banks and financial institutions for payment processing. However, banks and financial institutions do need to be HIPAA … Read more

Email Account Breaches Reported by McKenzie County Healthcare System and Maryville Addiction Treatment Centers

Email Account Breach Reported by McKenzie County Healthcare System McKenzie County Healthcare System located in North Dakota has discovered unauthorized access to the email account of a staff member. The breach was discovered on or about October 5, 2023, and … Read more

Reported Data Breaches by Medical Management Resource Group, Prime Healthcare, AGC Flat Glass North America, and Aspen Dental

2.35M Patients Affected by Medical Management Resource Group Breach Medical Management Resource Group, LLC (MMRG), also called American Vision Partners, has confirmed in a breach notification letter sent to the HHS’ Office for Civil Rights that the protected health information … Read more

Data Brokers Should Be Held Responsible for Misusing Geolocation Information

U.S. Senator Ron Wyden (D-OR) wrote to the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) asking for action to secure people and investors from Near Intelligence Inc., a publicly owned data broker. Sen. Wyden began investigating … Read more

How does HIPAA compliance apply to healthcare administration firms?

Healthcare administration firms must adhere to HIPAA compliance, ensuring the confidentiality, integrity, and availability of PHI by implementing administrative, physical, and technical safeguards, thus mitigating risks of unauthorized access or disclosure and maintaining trust in the seamless operation of healthcare … Read more

How can a clinical research organization ensure HIPAA compliance?

To ensure Clinical Research Organization HIPAA compliance, a Clinical Research Organization must systematically safeguard PHI through robust encryption and access controls, provide regular training to employees on data privacy, implement stringent data security policies and procedures, conduct periodic risk assessments, … Read more

How does HIPAA compliance apply to population health management?

In the field of population health management, HIPAA compliance is an important as it mandates the safeguarding of patient data and confidentiality during the collection, analysis, and sharing of health information to improve community health outcomes, thus ensuring that population … Read more

How can a health informatics company ensure HIPAA compliance?

A health informatics company can ensure HIPAA compliance by implementing rigorous data protection protocols, conducting regular training sessions for employees on safeguarding patient information, continuously monitoring and updating their systems to prevent breaches, and collaborating with legal experts to ensure … Read more