Mark Wilson
Patient Data Compromised Due to Data Breaches in 3 HIPAA-Covered Entities
Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. Eye Care Leaders stated it … Read more
ONC and OCR Launch Modified Security Risk Assessment Tool
The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). … Read more
Santa Barbara County Department and Baptist Health Report Cyberattack
Medical Record Breach at Santa Barbara County Department of Behavioral Wellness Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, … Read more
OCR to Create Video on Recognized Security Practices in the HITECH Act
The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate … Read more
Atlassian Announces Fix for Maximum Severity Largely Exploited Vulnerability in Confluence Server and Data Center
Atlassian has developed a patch to resolve a critical zero-day vulnerability that has an effect on all supported models of Confluence Server and Data Center. The vulnerability, which is monitored as CVE-2022-26134 has the highest CVSS severity rating of 10. … Read more
Injured Workers Pharmacy Faces Legal Action Due to Email Account Breach
The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of 75,771 consumers. IWP is a … Read more
Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server
An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, … Read more
Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Atlanta Perinatal Associates
Social Action Community Health System (SAC Health) has lately advised 149,940 patients regarding the theft of documents that contain their protected health information (PHI) in a break-in at an off-site storage place that keep patient records. SAC Health discovered the … Read more
Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach
Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people … Read more
McKenzie Health System & Omnicell Report Cyberattacks
McKenzie Health System in Sandusky, MI, has just begun informing 25,318 individuals regarding the theft of some of their protected health information (PHI) due to a recent security incident that interrupted the operations of a number of its systems. The … Read more
New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies
The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and … Read more
FBI Announcement on BEC Scams Reveals Losses Up to $43 Billion
The Federal Bureau of Investigation (FBI) has released a public service statement cautioning about the risk of Business Email Compromise/Email Account Compromise (BEC/EAC) frauds. The number of attacks documented by the FBI Internet Crime Complaint Center (IC3) and the sum … Read more
Data Breaches Reported by La Casa de Salud and Valley View Hospital
La Casa de Salud, New York The human services organization Acacia Network based in New York City has lately informed the HHS’ Office for Civil Rights regarding an email account breach that was discovered on July 17, 2020. Based on … Read more
HHS Alerts HPH Sector Concerning Insider Threats in Medical Care
A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding … Read more
HHS Alerts the HPH Sector Regarding Hive Ransomware
The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. … Read more
SuperCare Health Faces Lawsuit Concerning 318,000-Record Data Breach
A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March 28, 2022. The incident involved … Read more
Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms
Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when … Read more
Final Guidance on Effective Enterprise Patch Management Published by NCCoE
The National Cybersecurity Center of Excellence (NCCoE) has introduced the finalized versions of two Special Publications that offer guidance on business patch management practices to avoid taking advantage of vulnerabilities in IT solutions. Cybercriminals and nation-state threat actors exploit unpatched … Read more
How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security
The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with 5 or fewer licensed providers … Read more
Dental Practices Penalized for Breach of HIPAA Rules
$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because a patient sent a complaint … Read more
Security Breaches Reported by Chelan Douglas Health District, Liberty of Oklahoma Corporation, and East Tennessee Children’s Hospital
Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. The breach notice posted on … Read more
OCR: HIPAA Security Rule Compliance Could Avert and Mitigate the Majority of Cyberattacks
Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking and also other IT incidents. … Read more
South Denver Cardiology Associates Reports Data Breach Impacting 287,000 Individuals
South Denver Cardiology Associates (SDCA) has recently reported that it experienced a cyberattack in January 2022 that led to the access and possible theft of files that contain patient data by attackers. Strange network activity was noticed on January 4, … Read more
DataHealth, JDC Healthcare Management, and Dr. Douglas C. Morrow Report Hacks and Ransomware Attacks
DataHealth DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the … Read more
HIPAA Policies and Procedures
The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going to be uninformed of how … Read more
PHI of 10,000 Persons Compromised Caused by Houston Health Department Portal Glitch
The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible for roughly 3,500 website users … Read more
Cyberattack Reported by Logan Health Medical Center and NHS Management
Logan Health Medical Center located in Kalispell, MT has recently commenced informing a number of patients that hackers obtained access to a file server that contained patient files in a highly sophisticated criminal attack. The medical center noticed the security … Read more
Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach
Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 … Read more
Deadline for Reporting 2021 PHI Breaches Affecting Fewer Than 500 People
The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit is 60 days since the … Read more
Latest Phishing Kits Used to Bypass Multi-Factor Authentication
Phishing attacks make it possible for threat actors to get credentials, but with multi-factor authentication (MFA), it is tougher for phishing attacks to become successful. With MFA activated, aside from a username and password, an additional way of authentication is … Read more
Data Breaches Announced by Suncoast Skin Solutions, South City Hospital, The Colorado DHS and Raveco Medical
Suncoast Skin Solutions, a network comprised of 22 medical, surgical, and cosmetic dermatological care clinics based in Florida, lately commenced informing 57,730 patients regarding a ransomware attack it uncovered on July 14, 2021. Suncoast stated upon discovery of the attack, … Read more
Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022
The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of … Read more
Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack
Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the … Read more
The University of Arkansas for Medical Sciences and Sacramento County Reported Email Breaches
The University of Arkansas for Medical Sciences and Sacramento County recently reported email-related breaches of protected health information (PHI). HIPAA Violation by an Employee of the University of Arkansas for Medical Sciences (UAMS) The University of Arkansas for Medical Sciences … Read more
Accellion Offers $8.1 Million Settlement for Class Action FTA Data Breach Case
The technology company Accellion based in Palo Alto, CA offered an $8.1 million settlement to handle a class action data breach legal action that was submitted on behalf of affected individuals of the attack on the Accellion File Transfer Appliance … Read more
What are the Penalties for HIPAA Violations?
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and … Read more
Millennium Eye Care and Duneland School Corporation Cyberattack
Data of Millennium Eye Care Patients Stolen by Ransomware Gang A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file … Read more
State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach
The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA … Read more
HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect
The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In … Read more
Pharmacy Hospital and Dental Practice Report Hacking Cases Affecting Over 355,000 Individuals
An attacker acquired access to BioPlus Specialty Pharmacy Services, an IT network located in Altamonte Springs, FL. Files containing sensitive patient data were accessed by the attacker. The pharmacy discovered the attack on November 11, 2021, and took prompt action … Read more
OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk … Read more
New Jersey Penalizes Hackensack Healthcare Companies for HIPAA Violations
The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. Regional Cancer Care Associates located … Read more
PHI of 750,000 Oregon Anesthesiology Patients Restored After the Ransomware Attack
On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information. Subsequent to the attack, its IT … Read more
Email Account Breaches Impact PHI of 40,000 Individuals
Three healthcare providers have reported data breaches that affected the email accounts of employees. The occurrences potentially resulted in the exposure and likely theft of the protected health information (PHI) of around 40,000 people. Region IV Area Agency on Aging … Read more
Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association
The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New … Read more
Lifting of Class Certification Order Associated With Data Breach Lawsuit Versus West Virginia University Health System
West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted the class certification order. The … Read more
HC3 Alerts Healthcare Sector Concerning Threat of Zero-day Attacks
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a notification to the healthcare and public health industry concerning a rise in financially inspired zero-day attacks, teaching mitigation strategies that must be implemented to minimize risk to a low … Read more
82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months
Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices … Read more
PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches
The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Persons Exposed Because … Read more
JEV Plastic Surgery & Medical Aesthetics and UNC Health Reported Data Breaches
JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has began sending notifications to 1,620 patients concerning the exposure of some of their protected health information (PHI) because of a security breach. Malware was discovered which granted an … Read more