Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, the attack was distinct because of the aggressive step of the ransomware group to exert more pressure on LVHN to … Read more
DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and Ukraine German Regional Police. It is This organized law enforcement operation was led by Europol. The Federal Bureau of Investigation … Read more
Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and blockchain analysis organization, Chainalysis. Coveware revealed that in Quarter 1 of 2019, 85% of ransomware … Read more
Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically be classified as informed permission to use information, safety and visibility, algorithmic fairness, and data privacy. These issues aren’t distinct … Read more
The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with prompt access to their health documents. Life Hope Labs, LLC, has agreed to pay the $16,500 penalty to resolve the … Read more
The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure the framework remains applicable, with enhanced mitigations against changing and arising cybersecurity threats, at the … Read more
The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions to support healthcare cases and previous authorization dealings. The new guideline will impose the conditions of the Administrative Simplification Requirements … Read more
One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new survey identified a connection between the volume of connected healthcare devices in medical centers and the number of cyberattacks they … Read more
The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has associate practices in 21 states and Washington D.C. In May 2021, the Cuba ransomware group … Read more
The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance provider, which gathers and keeps sensitive consumer data as a business practice. The DFS investigated … Read more
When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming a group health plan member, a person should receive a Notice of Privacy Practices. This Notice details what the healthcare … Read more
Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has helped companies well in past times, it isn’t useful online where there’s no border to … Read more
Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired access to a server keeping patients’ protected health information (PHI) and employed ransomware for file … Read more
Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of allegations that the mental health applications offered by Talkspace and BetterHelp are acquiring, mining, and distributing private client data to … Read more
The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Security Rule calls for HIPAA-controlled entities to carry out a detailed, organization-wide risk … Read more
The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate OCR to look at recognized security practices that were set up for about 12 months … Read more
The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of 75,771 consumers. IWP is a drugstore located in Andover, MA that gives supplies to workers who were hurt at the … Read more
Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people take care of their diabetes, encountered a phishing attack that permitted unauthorized individuals to access … Read more
The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and patients. At this time, greater than 86 million Americans utilize a health or fitness application. … Read more
$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because a patient sent a complaint last November 2015 about unauthorized disclosure of his protected health information (PHI) related to a … Read more
Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking and also other IT incidents. A substantial percentage of those breaches might have been averted if HIPAA-regulated entities were completely … Read more
The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going to be uninformed of how they ought to perform their tasks that comply with HIPAA, how they ought to respond … Read more
The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit is 60 days since the discovery of the data breach, though notification letters ought to be sent “without unreasonable delay.” … Read more
The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of the Department of Health and Human Services (HHS). The survey will continue to be accessible … Read more
Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the hackers initially acquired access to organization servers on or approximately July 10, 2021, and put … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and procedures that are according to the criteria specified by HIPAA. The Health Insurance Portability and … Read more
The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In emergency scenarios like disease outbreaks, HIPAA Rules stay effective and the demands of the HIPAA … Read more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk protection orders. In June 2021, the U.S. Department of Justice shared model legislation to give … Read more
The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. Regional Cancer Care Associates located in Hackensack, NJ is a name for 3 healthcare companies that run healthcare services in … Read more
West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted the class certification order. The lawsuit is in connection with an insider data breach that took place in 2016. From … Read more
Ransomware attacks, hacks, and other IT security problems are the cause of major data breach reports sent to the Department of Health and Human Services’ Office for Civil Rights, although data breaches concerning physical documents are likewise common. The Verizon Data Breach Investigations Report showed that exposed physical files made up 43% of all data … Read more
A New Jersey infertility clinic has reached a settlement with the state and will pay a $495,000 penalty fee for its violation of the HIPAA and New Jersey laws as it did not implement appropriate cybersecurity action. Diamond Institute for Infertility and Menopause, LLC (Diamond) in Millburn, NJ operates one healthcare facility in New Jersey, … Read more
Lately, the U.S. Department of Justice has been pursuing healthcare criminal acts and investigations frequently entail the issuance of a HIPAA subpoena. The subpoena pressures HIPAA-regulated entities to give data including patient health records that they are not allowed to reveal because of Privacy Rule prohibitions on uses and disclosures. Under the HIPAA Privacy Rule, … Read more
Two DuPage Medical Group patients are filing a lawsuit against the healthcare company subsequent to a July 2021 ransomware attack whereby patients’ protected health information (PHI) was exposed. DuPage Medical Group encountered a ransomware attack in the middle of July. The forensic investigation confirmed unauthorized people had acquired access to its computer system between July … Read more
Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen for words and phrases that awaken the devices and activates them to begin recording. Particularly, the devices listen to the … Read more
Social media platforms including Facebook, Snapchat, Twitter, and Instagram allow healthcare companies to easily promote their services and earn new clients. Healthcare companies could utilize social media platforms to connect with patients, give announcements about their services, and get patients to take on a more dynamic part in their medical care. Although there are a … Read more
There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence of being vaccinated against COVID-19 to cease using a face mask in the work area? The Health Insurance Portability and … Read more
The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of the guidance that ought to be adjusted. NIST publicized the guidance – NIST Special Publication (SP) 800-66, Revision 1, An … Read more
Devised by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking and interoperability regulations became enforceable on April 5, 2021. These new regulations set out what information blocking entails and states that penalties can be imposed when providers engage in practices that disrupt access, exchange, and … Read more
Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have accessed patient health records without any authorization for a period of 5 months in 2020, and another employee was identified … Read more
The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of the breach. Brandywine Urology Consultants encountered a ransomware attack on January 27, 2020 The attack was identified after two days … Read more
The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the event of HIPAA rules violations associated with the honest use of online or web-based scheduling applications (WBSAs) for booking individual … Read more
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. Anderson Cancer Center. The Civil Monetary Penalty was charged to M.D. Anderson in 2018 after the investigation of three data … Read more
The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices are now ubiquitous in the workforce due to the vast range of benefits offered to employers. They allow individuals to readily communicate with each … Read more
The Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian. On September 4, the Secretary, Alex Azar, also declared in North Carolina, retroactive to September 1, 2019. Secretary Azar’s announcement comes as … Read more
Kaspersky Labs has released a report revealing significant deficiencies in the cybersecurity training provided to healthcare employees. The study was conducted by surveying 1,758 healthcare employees in the United States and Canada. Kaspersky Lab, a vendor of cybersecurity software, instigated the study to investigate potential causes for the substantial increase in cybersecurity breaches in recent … Read more
The Department of Veteran Affairs Office of Inspector General (VA OIG) has discovered severe security failings at the Tibor Rubin VA Medical Center in Long Beach, California. A recent inspection by the VA OIG uncovered security vulnerabilities related to medical device workarounds and multiple compliance issues with the Veterans Health Administration (VHA) and VA policies. The … Read more
In response to the Tropical Storm Barry that made landfall in Louisiana on July 13, the Secretary of the US Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and penalties. The HHS announced a public health emergencies in the areas affected by the storm on July 12, 2019. The … Read more
UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed by Matt Dinerstein, a former patient of UChicago Medicine. The suit claims patient information that still had personal identifiers attached … Read more
Kingman Regional Medical Center (KRMC) is in the process of notifying patients that their sensitive data may have been compromised following the discovery of a flaw on its website which may have allowed unauthorized users to access patient data. KRMC became aware of the security issue on April 8, 2019. Their IT team immediately took … Read more