Unauthorized Individuals Accessed CareATC Email Accounts
Population health management firm CareATC based in Tulsa, OK, has learned that unauthorized people have accessed the email accounts of two workers and possibly acquired access to the personal data of patients and workers. CareATC started an investigation on June 29, 2021 upon detecting suspicious activity in the email account of a worker. Third-party forensics professionals assisted with the breach investigation to find out the...
Florida Heart Associates Serving at 50% Capacity for 2 Months Since a Ransomware Attack
Florida Heart Associates based in Fort Myers, FL encountered a ransomware attack on May 19, 2021 and has brought about significant and ongoing interruption to its services. Medical practice is just running at about 50% capacity for two months since the attack. Interruption is likely to proceed for various more weeks, as it’s not possible for the practice to completely recover until the end of August or the beginning of...
UofL Health and Jawonio Report Email Data Breaches
UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address. The healthcare system in Louisville, KY sent breach notification letters to impacted patients on June 7, 2021 instructing them concerning the compromise of some of their PHI. The owner of the external domain contacted UofL Health the next day and gave technical proof showing...
HSCC Requests Biden to Give Financing to Strengthen Cybersecurity Posture of the Medical Industry
The Healthcare and Public Health Sector Coordinating Council (HSCC) has prompted President Biden to give more funds and support to strengthen the cybersecurity posture of the medical care industry to boost toughness against cyberattacks. In the latest letter given to President Biden and replicated to Senate and House party leaders, the HSCC requested additional money to support the healthcare market take care of cyber threats, make...
PHI Compromised Because of the University of Florida Health Shands, St. John’s Well Child and Family Center and St. Paul’s PACE Breaches
University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission. The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the worker’s access to medical documents pending an investigation. The investigation established that the worker had been accessing patient health records without authorization between March 30, 2019 and April...
Data Breaches at Mobile Anesthesiologists Patients, Haven Behavioral Healthcare and Heart of Texas Community Health Center
Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, and allowed public access of PHI like names, health insurance details, date of service, medical procedure, and dates of birth. An investigation of the issue concluded on January 28, 2021 and it...
Data Breaches at New London Hospital, Child Focus and Orlando Health South Lake Hospital
New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. A third-party cybersecurity agency helped investigate the incident and confirmed on February 16, 2021 that the person accessed the file for a little while and might have duplicated it. The file included patient names,...
Online Storage Vendor Pays Ransom to Retrieve Healthcare Data Stolen During Cyberattack
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care services provider received notification on January 15, 2021 that cyber attackers acquired access to the computer network of its storage vendor and exfiltrated data. It’s not sure if the attackers had encrypted...
Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network
Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late October 2020. The subsequent investigation confirmed the compromise of three email accounts from October 14 to October 29, 2020. An evaluation of the email accounts was done to find out if...
Data Security Incident at SSCPG Affects 10,000 Patients
A data security incident at Shore Speciality Consultants Pulmonology Group (SSCPG) has potentially compromised the protected health information (PHI) of 10,000 patients. SSCPG, based in New Jersey and part of the Shore Physicians Group, released a bulletin outlining the breach. According to the report, on July 8, 2019, SSCPG discovered suspicious activity on their network. IT security staff immediately took action to revoke...
Phishing Attack at East Central Indiana School Trust Affects 3,200 Individuals
East Central Indiana School Trust (ECIST) is notifying more than 3,200 individuals that a phishing attack may have compromised their protected health information (PHI). On May 22, 2019, the organization noticed suspicious activity on an employee email account. ECIST immediately took steps to secure the account and revoke the unauthorized access. ECIST launched an investigation into the incident and discovered that on May 19, 2019, an...
Presbyterian Healthcare Services Notifies 183,000 Patients Following Data Breach
Presbyterian Healthcare Services is notifying 183,000 patients that an unauthorised individual accessed their personal data. The hackers gained access to the patient data after successfully fooling several employees into handing over their login credentials through a phishing campaign. The attack occurred on May 6, 2019, and the unauthorised access was not noticed until June 9, giving the hacker over a month of access to the...
Philadelphia DBHIDS Notifies Patients of Lost Laptop HIPAA Breach
The Philadelphia Department of Behavioral Health and Intellectual Disability Services (DBHIDS) is notifying 1,500 individuals that their private information may have been exposed after an employee lost an unencrypted laptop. The employee has been carrying the laptop in a briefcase which they misplaced on public transport. The laptop was password-protected, but not encrypted, so there is a chance that an individual with sufficient...
Phishing Attack at St. Croix Hospital Compromises PHI of 21,000 Patients
St. Croix Hospice is notifying 21,000 patients that their protected health information (PHI) may have been compromised in a phishing attack. St. Croix Hospice is a provider of hospice care in Minnesota and Wisconsin. On May 10, suspicious email activity was detected on an employee’s email account. St. Croix Hospice contracted a third-party cybersecurity firm to assist with an investigation into the email account. Investigators...
City of Griffin Officials Lose $800,000 Business Email Compromise Attack
The City of Griffin, Georgia, has revealed that it made two payments totalling $800,000 to scammers following a series of business email compromise attacks. BEC campaigns are a form of a phishing attack in which the cybercriminal impersonates a high-ranking member of an organisation, such as CEO or CFO, to obtain sensitive information from the employees at the company. These credentials, often login details or financial information,...
Boxes of Patient Medical Records found Abandoned in Chicago
Boxes of patient medical records have been found abandoned in a former medical centre in the Chatham area of Chicago, Illinois. Clean-up crews have been brought in to assist in the clean-up operation which started hours after Ald. Roderick Sawyer (6th) requested the emergency clearing of the documents, which contain a wealth of sensitive patient information. The medical records were dumped outside the former Medical Professional Home...
Franciscan Health Patient Data Compromised in Incident Involving Former Employee
Franciscan Health is notifying 2,200 patients that their sensitive data may have been compromised in a security incident involving a former employee. Franciscan Health, a health system operating 14 hospitals in Indiana and Illinois, discovered a former employee was accessing the data of 2,200 patients without the appropriate authorization to do so during a routine privacy audit. On May 24, 2019, Franciscan Health publicly confirmed...
Medical Informatics Engineering Settles with OCR for $100,000 for 2015 Data Breach
Medical Informatics Engineering Inc (MIE) has agreed to a $100,000 settlement with HHS’s Office for Civil Rights for a 2015 data breach affecting 3.5 million individuals. MIE, an Indiana-based provider of electronic medical record software and services, experienced the data breach when hackers compromised the server of its NoMoreClipboard subsidiary. The hackers had access to the server for 19 days between May 7 and May 26, 2015. The...
Touchstone Medical Imaging Agrees to £3 million Settlement with OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a $3 million settlement with Touchstone Medical Imaging following a 2014 data breach. The Franklin, TN-based diagnostic medical imaging services company agreed to the settlement to resolves multiple violations of HIPAA Rules. They have further agreed to adopt a corrective action plan to rectify its compliance issues. However, the settlement comes...
New Sextortion Scams Identified Following Record Numbers Reported in 2018
Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature of the material. In many cases, the hacker holds no sensitive information on the individual in question; however, simply the small possibility that the hacker does indeed have anything compromising is...
OpenVPN Study Highlights Risks Posed by Remote Workers
A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT leaders, “from the manager level through the C-suite”, to ascertain whether allowing employees to work remotely posed a risk to the organisation’s cybersecurity and whether the benefits of allowing the...
SpamTitan Email Security Solution Now Features Sandboxing and DMARC Authentication
Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced to help SMBs and MSPs serving the SMB market improve their...
Hacker Compromises Employee Email Accounts at Rutland Regional Medical
Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A staff member discovered the attack on December 21, 2018, after noticing that their email account had been hijacked to send a large number of spam emails. Rutland Regional Medical’s IT department was...
New Trojan Horse Malware Campaign Targeting Linux Servers Identified
Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They are installed under false pretences, as the user if often tricked into believing that they serve a legitimate purpose. Once executed on a server, the hacker can then gain access to the system and steal valuable...
Global Netflix Phishing Scan Identified
A new global phishing scam has been identified in which hackers target customers of Netflix, the world’s largest streaming organisation. The U.S. Federal Trade Commission, an independent agency of the United States government, issued a warning about the Netflix scam late in December 2018. The phishing scam attempts to fool Netflix subscribers into handing over account information and payment information by telling them that there has...
Adobe Releases Patch for Flash Player Vulnerability
On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player. The vulnerability had been identified in late November by Gigamon, held network visibility and traffic monitoring technology vendor. Qihoo 360, a Chinese internet security company, recently discovered an advanced persistent threat campaign that was exploiting the vulnerability in Adobe’s software. The vulnerability was being...
Cancer Centers of America Falls Victim to Phishing Attack
Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred due to one of its employees responding to a phishing email. The email was designed to appear as if it had been sent from the email account of an executive employee of Cancer Treatment Centers of...
Phishing Attack Causes Breach at Catawba Valley Medical Center
Catawba Valley Medical Center (CVMC), a medical center serving the greater Catawba County area based in Hickory, North Carolina, has recently announced that an unauthorised individual gained access to their systems following a successful phishing attack. It is estimated that up to 20,000 people may have been affected by the breach. The discovery was made on August 13, 2018. The organisation acted quickly to secure the account and...
FirstCare Health Plans Data Breach Caused by Mailing List Error
FirstCare Health Plans, a Texan health insurance organisation, has revealed that more than 8,000 of its members may have had some of their personal data breached due to an email error made by one of its staff. The organisation is in the process of notifying 8,056 plan members plan members that may have had some of their sensitive personal information impermissibly disclosed to an unauthorised individual as a result of automated...
New Closed-Loop Email Analysis and Response Solution Launched by Proofpoint
Proofpoint, the Californian cybersecurity company, has launched a new Closed-Loop Email Analysis and Response (CLEAR) solution. Proofpoint’s website states that the solution reduces “threat triage time from days to minutes without requiring additional work from human analysts”. Proofpoint CLEAR utilises a complete closed-loop approach to automatically analyse suspicious emails reported by end users to security teams, identify real...
Proof-of-Concept Exploit for Windows Task Scheduler Published
A security researcher released proof-of-concept code that would allow for a user to exploit a flaw in the Windows Task Scheduler. The flaw was discovered by Github user SandboxEscaper, who was also responsible for publishing the proof-of-concept (PoC) code. The flaw, a local privilege escalation vulnerability, was found in the Advanced Local Procedure Call (ALPC) interface. If a hacker were to exploit the flaw, they could elevate...
Extortion Attack on Private Information of Sports Medicine Clients
7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt occurred in September 2017 when hackers gained access to SMART systems, allegedly stole...
Advantages of Healthcare Text Messaging Emphasized by New Analysis
Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly for patients with...
FinSpy Malware Installed Using Adobe Flash Player Uopdate Flaw
Last week software giant Adobe issued a new patch for Flash Player to address an actively exploited weakness (CVE-2017-11292) that is being targeted by the hacking group Black Oasis to install FinSpy malware. Finspy is strictly not defined as malware, it is a legitimate software program developed by the German software company Gamma International. However, it can be used for many purposes including many malware-like functions. FinSpy...
Advisory Issues by Department of Education Regarding Hacking and Extortion Threats
TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education has released an advisory to K12 schools and has issued guidance to help educational institutions mitigate danger and safeguard their networks from attack. The attacks on educational institute...
U.S. Organizations Targeted by FormBook Malware Campaign
Specific industry sectors in the United States and South Korea have been the main targets in the Formbook malware attacks. However there has been some worry that the malware will be used in more widespread cyberattacks around the world. So far, the Aerospace industry, defense contractors, and the manufacturing sector have been widely targeted; however, attacks have not been limited to these sectors. The financial services, energy and...
Zero Day Vulnerabilities Exploited by Microsoft Patches
This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their systems safe. Some of the vulnerabilities are simple to exploit, requiring little experience or knowledge Overall, 62 vulnerabilities have been patched, including 33 that can lead to remote code execution. Out of...
DDoS Attacks Follow Increase in Flusihoc Botnet Activity Increases
DDoS attacks are being implemented using the Flusihoc Botnet, some as recording speeds as quick as 45 Gbps according to investigators at Arbor networks. The Flusihoc botnet has been in action for a minimum two years, although activity has grown over the last few months, with more than 900 attacks initiated using the Flusihoc botnet over the past four months. The botnet has in excess of 48 active command and control servers, although...
Yahoo Data Breach Saw 3 Billion Accounts Breached in 2013
After it was first discovered the 2013 Yahoo data violation was quickly found to have affected many of the company’s customers and in December 2016 it was announced that 1 billion accounts had been compromised. In September 2016, prior to that announcement, a separate breach was discovered that affected approximately half a billion email accounts. Now Verizon, which completed the purchase of Yahoo in Summer 2017, has found the 2013...
Patch Issued for Actively Exploited Drupal Vulnerability
A patch for a vulnerability in Drupal (CVE-2017-6922) that has been activiley exploited for some months was released in June 2017. The flaw affects Drupal v 7.56 and 8.3.4. Drupal was aware of the flaw, an access bypass vulnerability, since October 2017. It is possible for the flaw to be exploited on misconfigured websites, permitting unidentified users to upload files which are then stored in a public file system. This means that...
Rapid Account Verification Being Offered by New Twitter Credit Card Phishing Scam
Proofpoint, the cybersecurity firm, has confirmed that is has discovered a new Twitter credit card phishing scam. Users of the social media platform Twitter are being offered verified account status via native Twitter ads; the catch being that signing up requires the provision of credit card details, which are then communicated to the attackers. Obtaining verified account status is normally a complicated and lengthy process. Public...
Windows Dialog Box Mimicked By Newly Discovered Trojan Downloader
Dr. Web, a Russian antivirus firm has recently discovered a new Trojan downloader. The malware uses a popup Windows ‘Save As’ dialog box to install malicious payloads, which have thus far all been adware. The malware, dubbed “Trojan.Ticno.1537”, installs variety of adware together with a malicious extension for Google Chrome. According to Dr. Web, the Ticno Trojan is downloaded via a separate malware and is then packaged in a single...
SMB File Sharing Protocol Flaw Made Public Before Release of Patch
Details of a SMB file sharing protocol flaw in Windows have been made public some 12 days prior to the release of a patch by Microsoft. Laurent Gaffié, the researcher who published details of the flaw, has claimed that Microsoft had been aware of the issue for around 3 months beforehand yet failed to act to patch the vulnerability. An attacker who exploits the SMB file sharing protocol flaw would be able to crash Windows 10 and 8.1...
Investigation into Ransomware Infection Affecting 19,000 People
One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at risk. The attack happened on the 5th of August 2016 at Highmark BCBS subcontractor Summit Reinsurance Services, however affected individuals were only notified of the incident in...
Diagnostics Website Flaw at ‘True Health’ Reveals Private Patient Information
Patients of the True Health Group have had their health reports exposed online due to a law in the True Health Diagnostics website. Moreover, the reports appear to have been viewable by other patients for months if not years. Based in Frisco, Texas, True Health Diagnostics is a company that offers a broad range of testing services for genetic and other diseases. It operates an online portal that patients can access in order to consult...
Sentara Healthcare: Investigation into Data Breach
Sentara Healthcare is currently carrying out an investigation into a data breach affecting one of its 3rd-party vendors which allowed a number of patients’ protected health information to be accessed by an unauthorized person. Sentara Healthcare was alerted to a possible ePHI breach by police officers on the 17th of November 2016. An internal investigation was promptly begun in order to identify the origin of the breach. Investigators...
Victims Offered A Criminal Choice by “Popcorn Time” Ransomware
New methods of spreading ransomware are constantly being developed; however, a new ransomware variant discovered by MalwareHunterTeam researchers called “Popcorn Time” appears to use tactics that have never before been seen. When Popcorn Time ransomware has infected a victims device they are given a choice between two options: They can pay the ransom and thereby regain access to their encrypted files, or, rather more unusually, they...
Molina Healthcare Patients’ Data Exposed by Portal Security Flaw
A security flaw in a patient portal has exposed information concerning patient claims. Claims information had previously been uploaded to the patient portal of Molina Healthcare, which is a managed care company based in Long Beach, California. This in itself is not abnormal, however the flaw meant that the information was in fact accessible without any authentication checks. Some patients with claims pending had been sent a link to...
“Patch Tuesday”: Sixty-eight Microsoft Vulnerabilities Repaired
Patch Tuesday 2016: Microsoft has acted to fix 68 vulnerabilities including 6 that had been rated critical. The updates have been spread over fourteen security bulletins. The updates include fixes for 2 vulnerabilities that are presently being actively exploited including the CVE-2016-7255 vulnerability that was announced by Google in October 2016. Google decided to announce the vulnerability within 10 days of informing Microsoft...
Latest Business Email Compromise Scam Methods Revealed
Numerous email compromise tactics have for some time been in use by scammers to trick business executives into making fraudulent wire transfers. Recently, a Symantec security specialist has observed that some scammers have begun taking a new approach in order to increase BEC scams’ rate of success. The biggest problem that the scammers face is trust. Although over-worked executives may become complacent and fail to sufficiently...
Microsoft Security Bulletins to be discontinued In January 2017
If yours is one of many businesses which depend upon Microsoft Security Bulletins to remain informed about new patches and fixes to known vulnerabilities, you and your colleagues should prepare yourselves for an upcoming change in the way Microsoft announces security fixes. In blog post in late 2016, Microsoft confirmed that its Security Bulletins would be coming to an end in January 2017. Starting in February 2017, any patches and...
Malicious Word Macros Responsible for Spreading MacOS Malware
According to IT Security researchers, MacOS malware is now being spread by malicious Word macros. This is the first occasion on which MacOS malware has been recognised as having been used to spread this attack vector. Windows users can anticipate that they are vulnerable to attack with malware, however until now Mac users have stayed relatively safe. The overwhelming majority of malware has Windows users as targets, malware attacks on...
$28,000 Paid for Key following January Los Angeles Valley College Ransomware Attack
A ransomware attack on an LA Valley College on the 6th of January, 2017 lead to student data being locked and resulted in some 1,800 college staff – both administrators and teachers – being unable to gain access to their computer system and essential work files. Ransomware is a form of malicious software. The purpose of it is to encrypt a large range of file types, which can include databases. The data contained on the files is...
OPM Data Breach Victims targetted by Locky Ransomware Campaign
The culprits responsible for Locky ransomware have begun using data obtained in the OPM data breaches of 2014 and 2015 in a new campaign designed to spread cryptoransomware. It remains unknown exactly how much data was obtained, however in total, around 22 million user records were stolen in the OPM breach. The spam emails, sent out en mass, include a malicious JavaScript file which downloads Locky onto the computers of unsuspecting...
Christmas Period Malware Infections Increase by more than 100% in 2016
Malware infections over the Christmas holiday period are something to be expected. Every year as the number of online shoppers increases, the number of Windows malware infections increases with them. Data from Enigma Software Group (ESG) indicates that between Black Friday and Cyber Monday in 2015, the rate of malware infections was 84% higher than it normally is. Throughout the same period in 2016, malware infections were 118% times...
Leak of 1.5 Million Player Profiles confirmed following ESEA Hacking Incident
E-Sports Entertainment Association (ESEA) has confirmed that it has been subject to an attempted extortion after a hacker successfully infiltrated one of its game servers. The incident enabled the hacker to steal the player profiles and other data of 1.5 million users. The hack was carried out on the 27th of December 2016. The attacker accessed an ESEA game server, then exfiltrated date, and ultimately issued a demand for $100,000...
85 Million Dailymotion Users effected by Cyberattack
LeakedSource has claimed that email addresses, usernames, and passwords have been accessed by the hackers responsible for a recent Dailymotion cyberattack. Dailymotion is one of the biggest internet video sharing platforms and, according to Alexa, is the world wide web’s 113th most popular site. Dailymotion recorded 148 million hits in April 2015. The cyberattack is believed to have happened on the 20th of October 2016....
County Sherriff’s Office Confirms Payment of Bitcoin Ransom to Unlock Files
Cybercriminals responsible for a ransomware attack against a Sherriff’s office in Arkansas have received payment of 3 Bitcoin ($2,400) to supply the relevant keys to decrypt files that had been locked by the ransomware. Carrol County Sheriff’s office was the victim of a ransomware attack on the 5th of December, 2016 which resulted in its computer systems being taken out of action for almost a week. The attackers employed a relatively...
Kaiser Permanente Alerts Members of ePHI Revelation
Kaiser Permanente is alerting a few of its associates of a website formation mistake that led to the revelation of a few of their safeguarded health information. Luckily, the mistake was swiftly known and ePHI was just revealed for about 2 hours. On October 12, 2016, an upgrading to the site, Kp.org was carried out to increase loading speed of webpage; but, a misconfiguration led to revelation of some members’ ePHI to other site...
Deficiency of Ransomware Defenses Might Breach FTC Law
The Division of Health and Human Services’ OCR has lately distributed guidance for HIPAA covered entities on ransomware to assist protected bodies trade with the enhanced danger of ransomware assaults. Recently the Federal Trade Commission (FTC) has cautioned companies that they should do more to cope with the ransomware danger. The failure to apply proper safeguards against ransomware might constitute a breach of the FTC Law. At the...
8.8 Million Healthcare Files Penetrated in August
August was a regretful month for healthcare files breaks. Over 8.8 million health plan member and patient files were stolen or exposed. 8,804,608 to be exact. As per the up-to-date segment of the Protenus Break Indicator, the total quantity of healthcare files exposed or stolen this summer now surpasses 20 million. In August, 44 break reports were presented to the Division of Health and Human Services’ OCR which pertain to 42 separate...
HIMSS Analysis Discloses Shocking Healthcare Safety Weaknesses
The Healthcare Information and Management Systems Society (HIMSS) has circulated the outcomes of its yearly healthcare cybersecurity analysis. The report demonstrates that healthcare companies are using a range of methods to enhance their safety posture as well as keep confidential files safeguarded. But, several companies are failing to use fundamental cybersecurity skills to avoid illegal editing of PHI. Should PHI be edited by...
Huge 3.7 Million Highest Healthcare Cyberattack Exposed
A huge data break has been informed by a Phoenix AZ-based healthcare company which has possibly affected 3.7 million people. The assault is the 2nd biggest cyberattack informed thus far in 2016, just second to previous month’s 9.3 million highest break on an as of yet unverified health underwriter. Early accounts of the assault on Banner Health show that healthcare accounts weren’t the main objective. The attack seems to have been...
655K Health Files from Unreported Data Breaks Purchasable on Darknet
Throughout the last few weeks, huge data dumps occurred from extraordinary cyberattacks on MySpace, LinkedIn, and Tumblr. More lately, in excess of 33 million mutilated Twitter accounts were registered online for sale. These accounts are thought to have been mutilated making use of the records gotten in the LinkedIn break. Provided the quantity of healthcare data breaks that have happened during the last few years, it’s to be...
40,000 Podiatry Patients Notified of PHI Revelation
Earlier this year, Stamford Podiatry Group P.C., has found out that an illegal third party accessed to its computer systems for a period of nearly 2 months. The intruder was capable to see company data and possibly accessed the electronic medicinal record (EMR) database also. 40,491 patients have now been informed of the secrecy break and possible theft/accessing of their safeguarded health info. EMR files potentially copied/accessed...
Tucson Emergency Chamber Patients’ PHI Thieved from Doctor’s Automobile
Roughly 1K patients in Southern Arizona have received notices of a break of safeguarded health information after the thievery of a doctor’s record. The record had been dumped in the automobile of a doctor who performed for Emergency Medicine Associates, which delivered ER staff for Carondelet Health Network hospices in Tucson. A burglar broke into the doctor’s automobile on or around March 25, 2016, and took away the logbook. The...
HHS Publicizes Release of the Ultimate Data Safety Policy Rules Framework
Sylvia Matthews Burwell, HHS Secretary has publicized the release of the ultimate Data Safety Policy Rules Framework for the Precision Medicine Initiative (PMI) which was introduced by President Obama in the early part of 2015. The Security Principles Framework was upgraded to assist healthcare companies that take part in the PMI know the safety measures that should be implemented to safeguard sensitive environmental, health, and...
2,100 Old-timers Had Their PHI Revealed in April
Every month the Division of Veteran Matters issues a statement to Congress on the info safety cases experienced by Veteran Affairs (VA) services during the month. Protected health information (PHI) disclosures increased substantially in April, with 2,105 old-timers’ PHI being unintentionally exposed or disclosed. In total, 2556 old-timers were affected by information safety cases in April, leading to the VA dispatching 1,690 breach...
1,400 Weaknesses Discovered in Admired Drug Cabinet System
As per an advisory released by the Division of Homeland Security, an admired drug cabinet system has been discovered to have more than 1,400 weaknesses, a lot of which might be abused distantly using freely available activities. Additionally, the abuses might be carried out by an aggressor with a miserable degree of talent. The admired drug cabinet found out to have these weaknesses is type 8.1.3, which hasn’t been upgraded since...
911 Dispatcher Sacked for Secrecy Breach
The illegal sharing of secret health info on Facebook has led to a 911 dispatcher losing her job, however that might not be the conclusion of it. The patient whose secrecy was breached thinks the loss of service isn’t punishment sufficient for the secrecy privacy breach and desires criminal accusations to be submitted for the secrecy infringement. Any info provided over the phone by a patient to a 911 dispatcher must be considered...
Community Mercy Health Partners Informs Patients of November Data Infringement
During late November, a member of the public found many documents at a recycling center which seemed to have come from hospitals administrated by Community Mercy Health Partners. The documents included complete info concerning patients who had gotten medical services between 2005 and 2013. The info in the documents contained patients’ names, physicians’ names, health insurance details, medical diagnoses, types of study they were...
St. Luke’s Cornwall Hospital Informs Data Exposure to 29K Patients
St. Luke’s Cornwall Hospital has released a media declaration providing more information on the 29,156-record data infringement that happened on October 31, 2015. The hospital has clarified that the infringement happened when an unknown person entered a top-secret space of the hospital and thieved a thumb drive having a limited amount of patient data. The device was unencrypted as well as contained patient names, medical record...
Six Lost Hard Drives Informed by Centene: 950,000 Members Affected
Centene Corporation, Wisconsin-based health insurer, has declared the loss of 6 unencrypted computer hard drives having the safeguarded health information of roughly 950,000 of its members. The hard drives were being utilized for a job to make better the health results of plan members. The persons affected by the security infringement had all received laboratory facilities from 2009 to 2015. The data saved on the devices included...
New West Health Services Data Breach Affected 25,000 Patients
New West Health Services has begun informing 25,000 patients concerning the loss of a password-protected, unencrypted laptop containing wide-ranging Protected Health Information. Latest West Health Services Data Infringement Affects 25,000 Patients New West Health Services, a not-for-profit provider of subsidized health policies, including Medicare Supplement and Medicare Advantage plans, has informed the thievery of one of its...
Telephone Phishing Swindle Affects 21K Blue Shield of California Customers
An infringement of PHI caused by a worker of a business partner who fell for a telephone phishing fraud has been informed by Blue Shield of California. Nearly 21,000 people have been influenced by the security infringement. Insurers and healthcare providers must conduct staff training to make sure workers are conscious of the danger of phishing campaigns sent by email, however, the newest Californian healthcare data infringement...
IU Health Arnett Security Infringement Affects 29K Patients
Arnett Hospital of Indiana University Health has notified 29,324 patients concerning the possible revelation of their Protected Health Information (PHI) following an unencrypted flash drive vanished from its emergency division. The flash drive was found to be lost on November 20, 2015, and an inspection was instantly started. Work is continuing to try to find the lost flash drive that was stolen inside a part of the hospital not open...
Cottage Health System Security Inspection Exposes 11K-Record Data Break
On Tuesday Cottage Health System informed its 11,000 sick persons to instruct them that a few of their PHIs were revealed as a consequence of a server occurrence that happened in October 2015. For two weeks, patients had their names and addresses, details of medicinal findings and processes, and their Social Security numbers displayed as a consequence of shelters being detached from a server. An announcement publicized by Cottage...
Connecticut OIG Makes $90K Pact with Hartford Hospital and BA Over 2012 Laptop Theft
Hartford Hospital as well as one of its BAs, EMC Corporation (EMC), have contracted to a settlement with the Connecticut OIG on the 2012 thievery of a laptop having the unencrypted files of 8,883 Connecticut inhabitants. Hartford Hospital and EMC have contracted to a payment of $90,000 to settle the happening. The contract was reached willingly, and no confession of responsibility has been acknowledged by either party. EMC was hired...
Car Theft Leads to Revelation of PHI of 2900 People
Insurance Data Services (IDS), a Wyoming-based medicinal invoicing firm, has begun to send break notice letters to patients of Claystone Clinical Associates, one of its HIPAA-covered customers, to notify them of the possible revelation of some of their Protected Health Information (PHI). A West Michigan based Delivery Service had been contracted by IDS to deliver client mailings; however, the automobile utilized by the courier firm...
Urology Associates Notifies 6500-Record Documents Break
Offsite storing of paper medical files might be convenient if facility room is restricted; but as Kailspell-based healthcare supplier, Urology Associates lately found the decision to store files offsite might prove to be costly. The firm had taken help of a local storing service and rented a unit to stock boxes of old medical files. Unluckily, the facility was lately thieved. Storage Units are Dangerous Places to Keep Confidential...
Healthcare Software Security Evaluated by Veracode
The cloud presents healthcare suppliers the chance to simplify the provision and administration of medical facilities. However, healthcare suppliers trying to use the ability of the cloud might possibly be putting Protected Health Information (PHI) at peril. HIPAA needs covered entities to always protect PHI, whether it takes the shape of digital files or physical records. Any PHI accessible or stored through applications or other...
Crown Point Medical Tests Uncovers HIPAA Breach
A former company belonging to Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) when it did not securely throw away files having the Protected Health Information (PHI) of more than 166 people. The victims had earlier had medical checks handled via My Fast Lab. Barry Walker of Cedar Lake established My Fast Lab in 2013, even though the business is no more in operation. The business...
Symantec Study Confirms Data Breaks Rose 23% in 2014
It’s April, which indicates the announcement of the Symantec Yearly Internet Security Statement. Every year the security software business issues a report collected from the files that it accumulated throughout the course of the previous year. The statement – which can be viewed here – is an awareness of the overall condition of cybersecurity. The figures demonstrate that the quantity of security breaches increased 23% in 2014. The...
Anthem Data Break Projected to Cost Over $100 Million
A HIPAA break carries a massive fiscal fine and one the level of which lately impacted Anthem Inc., is thought to cause costs of several tens of millions of dollars. Anthem has an insurance plan from the American International Group to safeguard against cybercrime and data revelations and is protected for damages up to $100 million. Yet this sizeable amount might be used with the latest data break. The total damage, which is not...
Data Secrecy Break to Cost Tenet Healthcare up to $32.5 Million
Tenet Healthcare is among the top suppliers of healthcare in the United States of America with the Texas-based business managing healthcare facilities throughout the country. For the previous 17 years, the business has been involved in a class action litigation stemming from the main security break at one of its psychiatric healthcare facilities. The litigation was initially filed in 1997 after the potential revelation of secret...
Aventura Hospice Suffers Third HIPAA Violation Revealing 82,601 Files
Aventura Hospital and Medical Center has found that the HIPAA infringements it suffered throughout the past 2 years were merely the tip of the iceberg. It has now declared a 3rd security break which has affected as many as 82,601 people. The healthcare provider has just recently found the break, although it began only one day after the previous one was rectified. The data of 948 patients was revealed between October 1, 2012 and...
Community Health Center Probed for 130K-Patient HIPAA Violation
A past IT Director of Community Health Center, Connecticut has charged that the healthcare provider did not tackle many security weaknesses and believes his employment was ended as a consequence of highlighting those problems to the higher management. Additionally, when he was sent his own stuff the bundle he received is suspected to have included a computer hard drive on which there were roughly 130,000 medical files of existing and...
Patents Entitlements to Medical Test Data Upgraded under HIPAA
Access to private healthcare information enables patients to take care of their health and work together with their care providers. Getting access to info has now become easier after the issuing of the final law modifying the Clinical Laboratory Improvement Amendments of 1988 (CLIA). The latest change, which was publicized a couple of days ago, lets a patient or her or his chosen representative access the full laboratory reports after...
How the HIPAA Comprehensive Final Law Applies to E-mail Contact with Patients
The Comprehensive Final Law was created at the beginning of the year and covered companies – which now contains business partners as well as their subcontractors – now require to update policies and procedures to abide by the new rules if they haven’t already done so. The time limit for conformity with the new law is September 23, 2013, and any covered body found not to have applied the necessary changes after this date might incur a...
Huge HIPAA Data Breach Reveals 4M Patient Files
One of the nation’s leading healthcare providers, Advocate Health Care, has declared that it has suffered a main HIPAA security violation after 4 unencrypted laptops were thieved from the Advocate Medical Group administrative buildings in Illinois on July 15. The laptops had the records of more than 4 million people, making this the 2nd biggest data security infringement ever documented. This HIPAA infringement has affected nearly as...
Hospital X-Ray Racket Provides Burglars with PHI of 17K Patients
Once the Raleigh Orthopedic Clinic decided for its X-ray films to be updated as well as shifted to digital media, the healthcare company naturally required external help. A 3rd party dealer was found that could provide the assistance and the X-ray pictures were sent for change. The agreement was approved in January of this year and the pictures were transmitted; nevertheless when the clinic did not receive the electronic duplicates of...
Sutter Health Charged for 4.24M HIPAA Mega Infringement
Two class action litigations have now been registered versus the Sutter Health hospital system in Northern California following a theft at its administrative workplaces in Sacramento potentially revealed the Safeguarded Health Info of 4.24 million patients. Throughout the weekend of Oct 15-16 burglars got entry to the workplaces by hurling a rock through the window. As soon as inside they emptied the office of electrical equipment...