Health insurance provider Aetna, based in Hartford, CT has found that the protected health data of more than 5,000 plan subscriber has been released online and was accessible to the public through search engines. Aetna started looking into a security issue affecting...
A ransomware attack on medical supply company Airway Oxygen Inc., in April 2017 may have led to the protected health information of 500,000 individuals being accessed by cyber attackers. No evidence of data access or theft was found by Airway Oxygen, based in Wyoming,...
The largest data breach settlement officially recorded has been agreed by the health insurer Anthem Inc. Anthem suffered the largest healthcare data breach ever reported in 2015, with s cyberattack leading to the theft of 78.8 million records of current and former...
One of the largest data breaches of the year to date has been reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals has been stolen. The breach is likely to be costly for the University. The 2017...
A data breach that happened in October 2015 should have seen affected people notified within 8 weeks. However, it took CoPilot Provider Support Services Inc., until early 2017 to issue data breach notifications. An administration online portal controlled by CoPilot...
The HIPAA Breach Notification Rule requires covered entities to issue breach notification letters to patients within 60 days of the discovery of a data breach. Already this year, OCR has agreed its first settlement with a HIPAA-covered entity solely for delaying the...
Beginning from 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data breaches on its website, a list is often referred to as OCR’s ‘Wall of Shame’. This list only gives a brief summary of data...
The Ponemon Institute has conducted an annual benchmark study on the cost of data breaches for the last decade. Their 2016 Cost of Data Breach Study was published by the Institute earlier this week. The overall report shows the cost of breach resolution has continued...
Patient medical record access guidance has been issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Privacy Rule permits patients to obtain copies of their health information from...
The healthcare industry is under attack from hackers and malicious insiders. Systems are being compromised at a greater rate than ever before. Last year saw record numbers of HIPAA breaches reported to OCR and the trend has continued in 2017. This year looks like it...
The recent ransomware attacks and healthcare IT security incidents have driven the Department of Health and Human Services’ Office for Civil Rights to release a reminder to covered entities about HIPAA Rules on security breaches. In its May 2017 Cyber Newsletter, OCR...
In May, the global WannaCry ransomware attacks resulted in more than 230,000 computers being infected and encrypted. There were also a high number of other IT security incidents reported to the Department of Health and Human Services’ Office for Civil Rights (OCR)....