Compliance and Regulations
Stay up-to-date of data protection regulations updates and industry compliance standards evolution. Learn about HIPAA, GDPR and data protection laws, compliance requirements specific to your industry, and stay up-to-date on legal developments affecting security practices. Stay inform on notable data breaches and security incidents related.
Ransomware Income Decrease as Victims Decline to Pay Ransoms
Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the … Read more
Ethics, the Challenge of Using AI in Healthcare
Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically … Read more
Why is HIPAA important for billing and coding?
HIPAA is important for billing and coding because it establishes strict regulations and safeguards to protect the privacy and security of patients’ health information, ensuring that medical billing and coding professionals keep sensitive data confidential … Read more
Diagnostic Lab Resolves Medical Record Access Case for $16,500
The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with … Read more
2023 Version of HITRUST Cybersecurity Framework Released
The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number … Read more
What is HIPAA and why is it important?
HIPAA is a federal law that safeguards patients’ protected health information, promotes efficient healthcare transactions, ensures data security and privacy, fosters patient trust, and upholds ethical standards in the healthcare industry. HIPAA is a complete … Read more
New Proposed Rule by HHS to Enforce HIPAA Standard for Healthcare Attachments and Electronic Signatures
The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions … Read more
Guide Published for Evaluating and Enhancing Connected Medical Device Security
One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new … Read more
Forefront Dermatology Negotiates $3.75 Million Settlement to Take Care of Ransomware Lawsuit
The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late … Read more
Up to 1.5 Million Patients Affected by Adding a Tracking Code to the Community Health Network Website
Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code … Read more
EyeMed to Pay $4.5 Million Penalty for Phishing Attack and Data Breach of 2.1M-Record
The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio … Read more
What Happens In Case a HIPAA Complaint is Filed?
When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming … Read more
Health-ISAC Releases Guidance to help CISOs Implement Zero Trust Security Architectures
Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. … Read more
Florida Orthopaedic Institute to Pay $4 Million to Settle Class Action Data Breach Lawsuit
Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an … Read more
55% of Healthcare Providers Encountered a Third-Party Data Breach in the Past Year
Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for … Read more
Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices
Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of … Read more
Patient Data Compromised Due to Data Breaches in 3 HIPAA-Covered Entities
Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. … Read more
ONC and OCR Launch Modified Security Risk Assessment Tool
The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator … Read more
OCR to Create Video on Recognized Security Practices in the HITECH Act
The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified … Read more
Injured Workers Pharmacy Faces Legal Action Due to Email Account Breach
The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of … Read more
Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach
Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products … Read more
New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies
The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies … Read more
SuperCare Health Faces Lawsuit Concerning 318,000-Record Data Breach
A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March … Read more
Dental Practices Penalized for Breach of HIPAA Rules
$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because … Read more
Security Breaches Reported by Chelan Douglas Health District, Liberty of Oklahoma Corporation, and East Tennessee Children’s Hospital
Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. … Read more
OCR: HIPAA Security Rule Compliance Could Avert and Mitigate the Majority of Cyberattacks
Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking … Read more
HIPAA Policies and Procedures
The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going … Read more
PHI of 10,000 Persons Compromised Caused by Houston Health Department Portal Glitch
The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible … Read more
Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach
Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach … Read more
Deadline for Reporting 2021 PHI Breaches Affecting Fewer Than 500 People
The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit … Read more
Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022
The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach … Read more
Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack
Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the … Read more
Accellion Offers $8.1 Million Settlement for Class Action FTA Data Breach Case
The technology company Accellion based in Palo Alto, CA offered an $8.1 million settlement to handle a class action data breach legal action that was submitted on behalf of affected individuals of the attack on … Read more
What are the Penalties for HIPAA Violations?
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action … Read more
State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach
The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of … Read more
HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect
The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that … Read more
OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to … Read more
New Jersey Penalizes Hackensack Healthcare Companies for HIPAA Violations
The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. … Read more
Lifting of Class Certification Order Associated With Data Breach Lawsuit Versus West Virginia University Health System
West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted … Read more
HC3 Alerts Healthcare Sector Concerning Threat of Zero-day Attacks
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a notification to the healthcare and public health industry concerning a rise in financially inspired zero-day attacks, teaching mitigation strategies that must be implemented to … Read more
PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches
The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI … Read more
42% of Healthcare Companies Have Not Established an Incident Response Plan
Ransomware attacks, hacks, and other IT security problems are the cause of major data breach reports sent to the Department of Health and Human Services’ Office for Civil Rights, although data breaches concerning physical documents … Read more
New Jersey Infertility Clinic Settles HIPAA Violatioin and Diamond Data Breach
A New Jersey infertility clinic has reached a settlement with the state and will pay a $495,000 penalty fee for its violation of the HIPAA and New Jersey laws as it did not implement appropriate … Read more
What is a HIPAA Subpoena?
Lately, the U.S. Department of Justice has been pursuing healthcare criminal acts and investigations frequently entail the issuance of a HIPAA subpoena. The subpoena pressures HIPAA-regulated entities to give data including patient health records that … Read more
Data Breaches at Horizon House and Samaritan Center of Puget Sound
Horizon House, Inc. based in Philadelphia, PA provides mental health and residential treatment services. It reported a hacking incident that affected its IT systems resulting in the potential compromise of the protected health information (PHI) … Read more
Patient Information Exposed Through Walgreens Covid-19 Test Registration System
The personal records of persons who got a COVID-19 test at a Walgreens pharmacy were exposed on the web as a result of vulnerabilities found in its COVID-19 test registration program. It is at this … Read more
DuPage Medical Group Faces Lawsuit for July 2021 Ransomware Attack
Two DuPage Medical Group patients are filing a lawsuit against the healthcare company subsequent to a July 2021 ransomware attack whereby patients’ protected health information (PHI) was exposed. DuPage Medical Group encountered a ransomware attack … Read more
Contact Tracing Survey Data of 750,000 Hoosiers Disclosed On the Web
The personal information of 750,000 Hoosiers compiled during a COVID-19 contact tracing survey done by the Indiana Department of Health was compromised on the web and downloaded by a firm not approved to gain access … Read more
Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients
Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an … Read more
Record GDPR Penalty of $886 Million Issued to Amazon
The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, … Read more