Finding the Common Causes of Hacking/IT Incidents

The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has limited scope since it merely shows data breaches impacting five hundred or more persons. In addition, when covered entities and … Read more

Data Breaches Reported by Cummins Behavior Health, Redwood Coast Regional Center and Other Healthcare Entities

Data of 4 Million Coloradans Exposed in MOVEit Transfer Attack The Colorado Department of Health Care Policy and Financing (HCPF), which supervises the Medicaid program of the state and the Child Health Plan Plus (CHP+) program, has just reported the compromise of the protected health information (PHI) of 4,091,794 people. The attack happened at IBM, … Read more

Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template

Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making Delaware the 12th U.S. state to implement a comprehensive data privacy law. Unlike the data privacy laws in the other … Read more

Proposed HIPAA Privacy Rule Update and CISA’s Updated Zero Trust Maturity Model

The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a  HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to the decision of the Supreme Court in Dobbs v. Jackson Women’s Health Organization as well as the overturning of Roe v. Wade, which … Read more

Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic

Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) of some patients as a result of a hacking incident in 2021. In the notification … Read more

Roundup of Recent Data Breaches and Cyber Attacks

mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the last 6 years. mscripts discovered the misconfiguration and fixed it on November 18, 2022. Since September 30, 2016, the cloud … Read more

Applications of AI in Healthcare

The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning the ethics of AI in healthcare and hesitate in the use of AI in healthcare due to insufficient understanding of … Read more

Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital

FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. That investigation didn’t find any proof that indicates the purpose of the cyberattack was to … Read more

2.65 Million Victims of OneTouchPoint Ransomware Attack

The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is Common Ground Healthcare Cooperative based in Brookfield, WI. The cyberattack affected 133,714 of the Cooperative’s … Read more

Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona

Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on June 1, 2022. A third-party cybersecurity company helped look into the incident. It was affirmed … Read more

President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe

President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare about 50 years ago. President Biden stated that the government should not interfere with these … Read more

Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server

An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, from Downers Grove, IL, was employed at an IT organization that had an agreement with … Read more

HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding insider threats. Insider Threats in Healthcare Cybercriminal gangs, nation-state hacking groups, and single hackers have … Read more

Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms

Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when Trezor, a cryptocurrency hardware wallet provider, looked into a phishing campaign targeting its clients that … Read more

DataHealth, JDC Healthcare Management, and Dr. Douglas C. Morrow Report Hacks and Ransomware Attacks

DataHealth DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the incident. DataHEALTH mentioned it found out on December 30, 2021, that the threat actors got … Read more

State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach

The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA mentioned in a breach notice posted on its web page that it identified and blocked … Read more

Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New Mexico on October 5, 2021. Steps had been taken immediately to secure its IT systems. … Read more

University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach

University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise not approved to view the details. Insider breaches like this are pretty common, though what … Read more

CISA Released Insider Threat Self-Assessment Tool

Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to help end-users increase their knowledge about insider threats and create prevention and mitigation plans. In … Read more

NCCoE Publishes Final Cybersecurity Practice Guide on Mobile Application Solo Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. Public safety and first responder (PSFR) staff need on-demand access to public safety information to … Read more

Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients

Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an unauthorized medical record access occurrence approximately January 24, 2020. LIJFH received a subpoena for records associated with an investigation by … Read more

Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services

Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such as names, patient ID numbers, healthcare provider names, health insurance data, and treatment cost details … Read more

Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients

Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked a phishing email that imitated one of the business owners of Lafourche Medical Group and … Read more

Ransomware Gangs Use New Triple Extortion Tactics

After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and government institutions. A few well-known hacking forums are separating themselves from ransomware and have prohibited … Read more

Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare

The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ … Read more

UPMC and Charles Hilton and Associates Charged With Class Action Lawsuit Due to 36,000-Record Breach

University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number … Read more

PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management

Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to … Read more

$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case

The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of Access enforcement action. Renown Health, a Northern Nevada non-profit healthcare network, agreed to pay a … Read more

Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches

The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third parties. Philly Fighting COVID started out as a nonprofit company providing coronavirus screening and then … Read more

$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case

Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 million individuals. Excellus Health Plan uncovered the data breach in 2015, the same year when … Read more

Ransomware Attack Disables Campbell County Health Services

A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information.  Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 am on Friday, September 20, 2019. The attack caused ‘serious computer issues’ and left the hospital unable to offer many … Read more

Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System

NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious email activity on its payroll database. NCH immediately investigated the incident and discovered that 73 employees had replied to a … Read more

Western Connecticut Health Network Patient Information Exposed in Mailing Incident

Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence.  On June 11, 2019, Western Connecticut Health Network (WCHN), now known as Nuvance Health, sent a box containing medical records to the Connecticut State Department of Public Health using the U.S. … Read more

Perry County Medical Center Notifying Patients Following Phishing Attack

Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised.  Perry Country Medical Center, a health care centre based in Linden, Tennessee, noticed suspicious activity on an employee email account on May 28, 2019. The IT department were … Read more

Dominion Health Data Breach Affects 3 Million Members

Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental and vision benefits based in Virginia. Staff at the organization discovered the breach after an internal alert on their system … Read more

Summa Health Notifies 10,000 Patients of Data Security Incident

Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity on its email platform and immediately investigated the situation. They quickly discovered that an unauthorised individual had gained access to … Read more

Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals

A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on April 1, 2019. The IT department successfully managed to revoke unauthorized access within 90 minutes of the account being compromised. … Read more

Today’s Vision Medical Records Found in Texas Dumpster

The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records patients and employees were found in a dump behind the strip mall in Tomball. Soon after the discovery of the … Read more

Inmediata Breach Notification Letters Sent to Incorrect Addresses

A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been accessible to Inmediata employees was indexed by search engines and therefore publicly available. This security breach was the result of … Read more

DC Attorney General Proposes Stricter Data Breach Notification Laws

Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data breach incident. AG Racine introduced the Security Breach Protection Amendment Act on March 21, 2019. This Act updates the definition … Read more

14,000 Main Line Endoscopy Center Patients Affected by Phishing Attack

A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions of Pennsylvania discovered the attack on January 30, 2019. Investigators were unable to determine when the attacker first gained access … Read more

SpamTitan Email Security Solution Now Features Sandboxing and DMARC Authentication

Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced … Read more

Unauthorised Individual Gains Access to St. Francis Health System Patient Data

The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019. SFPS … Read more

Cottage Health Pays $3,000,000 to OCR for HIPAA Violations

Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit health provider based in Santa Barbara, California. The organisation operates four hospitals-Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta … Read more

Ransomware Attack on Jones Eye Clinic Affects 40,000 Patients

The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was discovered on August 23, 2018. Ransomware is software which denies the user access to their … Read more

SecureWorks Discovers Cobalt Dickens URL Spoofing Campaign

SecureWorks has discovered Cobalt Dickens, an Iranian threat group, has launched a URL spoofing campaign targeting universities in more than a dozen countries. On their website, SecureWorks stated that security researchers working in their Counter Threat Unit discovered the phishing campaign. Threat actors spoofed a university login page to steal the login credentials of university … Read more