Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-based health organization has suffered a ransomware attack that targeted several computers that stored patients’ protected health data. The ransomware attack was identified on March 31, 2018. Patient...
Baltimore-based healthcare provider LifeBridge Health has revealed, in a press release issued on May 16, that it had encountered a data breach. While the release made no reference to number of patients impacted at the time of it being issued, additional information...
A May 17, 2018 ransomware attack that took part of the network belonging to Allied Physicians Group of Michiana out of action following the encryption of several files on its network. At present it remains unclear whether any protected health information encrypted. A...
The General Data Protection Regulation will be enforceable from Friday, May 25. Consequently, there has been a lot of media coverage of this new European Union leglisation. There are a lot of misconceptions concerning what GDPR actually states, whom it affects and how...
As of this Friday, May 25, the General Data Protection Regulation comes into effect in all European Union (EU) states. Many countries who are not members of the EU remained unconcerned about the requirements of the GDPR. However, if your company or organization does...
The Health Insurance Portability and Accountability Act (HIPAA) is a pivotal piece of legislation, but why is HIPAA so significant? What alternations did HIPAA introduce and what are the advantages that it allocate to the healthcare industry and patients? Introduced...
The protected health information of 2,553 patients of Eye Care Surgery Center, Inc., of Baton Rouge, LA has been stolen following the theft of a A laptop computer containing. The theft in question was noticed by Eye Care Surgery Center on February 26, 2018. While it...
An error has caused a database utilized by Cerebral Palsy Research Foundation of Kansas (CPRF) to have its safeguard switched off for 10 months, making the protected health information (PHI) of 8,300 patients accessible. The demographic database that was affected was...
Google Drive can deemed as compliant and non-compliant with HIPAA. This is due to the fact that compliance is less about technology and more about how technology is utilized on a daily basis. Even a software solution or cloud service that is found to be...
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that did not have proper security controls, exposing the protected health information of up to 17,639...
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that dd not have appropriate security controls, exposing the protected health information of up to...
A recently-published Black Book Research report shows that approximately 90% of healthcare groups have encountered a data violation since Q3 2016, yet IT security investment at 88% of hospitals remains at 2016 figures. This information is the result of a survey of...
Healthcare groups are, more and more, using the cloud to meet their IT requirements, but while there are many benefits to be had from moving applications, infrastructure and data center operations to the cloud, managing cloud costs remains a major Obstacle. Many...
By now, most company owners will have heard more than they want to about the General Data Protection Regulation, commonly referred to as GDPR. Since 25th May 2018, businesses that process personal data relating to data subjects in the European Union (EU) are subject...
The U.S. Food and Drug Administration has released an alert regarding certain Abbott Laboratories implantable cardiac devices that have cybersecurity weaknesses that could possibly be targeted to alter the usability of the devices. A number implantable cardiac...
The National Institute of Standards and Technology published an updated version of its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) on April 16, 2018. The Cybersecurity Framework was first made available on February 2014 and...
Over a period of three and a half years, 1,071 patients of Des Moines Crisis Observation Center, who received medical services at the operated by Polk County Health Services Inc., have been contacted to advise them that some of their protected health information has...
582,174 patients of the California Department of Developmental Services (DDS) is contacting customers to inform them that their protected health information has possibly been compromised. Last February 11, 2018, some people broke into the DDS legal and audits offices...
It has been discovered that UnityPoint Health employee accounts have been compromised and accessed by unauthorized persons. The employee email accounts were initially accessed on November 1, 2017 and went on for a period of three months until February 7, 2018, when...
Physical and technological failures and glitches occur even in the best-maintained and most secure files. This is why the General Data Protection Regulation (GDPR) requires a plan in place to safeguard and restore data in personal files of EU citizens whenever a...
It has been discovered that a former employee of Baptist Health’s West Kendall Baptist Hospital in Miami, FL obtained the credit card details of patients and used the data to make fraudulent purchases. The improper use of credit cards was first noticed by Baptist...
Physiatry Group Integrated Rehab Consultants based in Chicago, IL-based is issuing notification letters to impacted patients alerting them of the exposure of some of their protected health information in line with HIPAA requirements. However, the breach was not first...
A improperly configured security setting on a radiology interface has lead to the exposure of tens of thousands of patients’ protected health data. A multi-specialty physicians’ organization based in Middleton, NY, Middletown Medical, first noticed the misconfigured...
Texas Health Resources, a group providing services to over 1.7 million patients in North Texas, is alerting ‘fewer than 4,000 patients’ that a portion of of their sensitive information may have been obtained by an unauthorized person. The data breach may have happened...
It has been discovered that a number of email accounts of staff members of UnityPoint Health have been accessed by unauthorized individuals. Staff email accounts were first accessed on November 1, 2017 and went on for a duration of three months, ending on February 7,...
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has released a new patient guidebook on health record access. The guidebook goes through how patients can access their health data, offers advice for checking health...
The term ‘vital interests’ is not new. In fact, it was written into legislation in Schedule 2 paragraph 4 of the 1998 Act. At the time ‘vital interests’ referred to those of subjects whose data was being collected. GDPR has widened the term to...
Chesapeake Regional Healthcare has found that two hard drives storing the protected health information (PHI) of around 2,100 patients ave gone missing from the Chesapeake Regional Medical Center campus located in Chesapeake, Virginia. The data saved on the devices...
Oregon has reviewed its data breach notification law to enhance protections for state citizens whose personal information is exposed in a data violation. State governor Kate Brown put her signature to Senate Bill (SB 1551) in March, which brings several regulations up...
The use of the words ‘citizen of the European Union’ can be confusing in the context of the General Data Protection Regulation (GDPR). For GDPR compliance requirements, it makes more sense to talk about individuals who are located “in the Union” (within the EU), and...
A recent survey carried out by the Ponemon Institute for ServiceNow has unveiled that healthcare and pharmaceutical companies are not keeping up to date on patching. Weaknesses are not being patched quickly leaving organizations susceptible to attack. The survey was...
Verizon has published its yearly Protected Health Information Breach Report which digs deep into the main factors behind the breaches, why they happen, the motivations of internal and external threat actors, and the main dangers to the confidentiality, integrity, and...
A network of physicians linked to more over that 50 medical practices in New Jersey, Virtua Medical Group, has been hit with a massive financial penalty by the New Jersey Attorney General’s Office for failing to safeguard the privacy of over 1,650 patients whose...
A targeted phishing attack carried out on CareFirst Blue Cross Blue Shield has lead to the exposure of 6,800 plan subscriber’ protected health data. The attack was first discovered by CareFirst on March 12, 2018, resulting in a complete review of their systems, which...
The Special Agents Mutual Benefit Association (SAMBA) health plan is warning almost 14,000 people in relation to a February 2018 protected health information breach. The data breach targeted eligible family members of clients who were covered by the Federal Employees...
The Arc of Erie County New York (The Arc), a supplierer of person-centered services to people with developmental disabilities, has found that two spreadsheets holding the protected health information of 3,751 patients were accessible on the Internet with no...
Law enforcement agencies have notified Cambridge Health Alliance (CHA) that the protected health information of some of its subscibers has been obtained by an unauthorized individual. Everett Massachusetts Police Department alerted, on January 31, 2018, CHA that data...
ATI Physical Therapy has found that protected health information of over 35,000 of its clients may have been accessed when hacker captured details within the email accounts of some of its staff members. A security breach was found on January 18, 2018 when ATI Physical...
A New York medical practice has revealed that tens of thousands of their patients have had their protected health information exposed online due to an improperly configured server. It is currently not obvious if anyone other than the security researcher who found the...
It is believed that healthcare data breach that saw the protected health information of clients of CVS Caremark impacted has lead to legal action against CVS, Caremark, and its mailing supplier, Fiserv. The legal action, which was submitted in Ohio federal court on...
Geneva, NY-based Finger Lakes Health has been hit by a ransomware attack that has impacted its computer system. Employees have been forced to work on pen and paper while the health system tries to remove the malware and restore access to electronic data. The...
A Clinical Pathology Laboratories Southeast, Inc., (CPLSE) employee’s unencrypted work laptop computer has been stolen, exposing the protected health information of targeted patients and their payment guarantors. Swift action was taken by CPLSE to stop the...
Healthcare groups seeking a hosting solution may identify Liquid Web as a possible vendor, but is Liquid Web HIPAA compliant? Can its cloud management services be used by HIPAA-covered bodies for hosting applications and projects that include electronic protected...
Anomali has teamed up with the National Health Information Sharing and Analysis Center (NH-ISAC) and will be supplying threat intelligence to healthcare groups through NH-ISAC. Anomali will be supplying NH-ISAC with the necessary tools and infrastructure to allow its...
RoxSan Pharmacy has made contact with 1,049 patients to advise them that some of their protected health information has been shared with to a business associate via unencrypted email. The notification letters were issued to affected people last month, although the...
Primary Health Care Inc., a non-profit network of community health oganizations based in Des Moines, Marshalltown and Ames, IA, has found that malicious actors have obtained access to the email accounts of four staff members and have possibly viewed or gained...
The Alabama Data Breach Notification Act (Senate Bill 318) has progressed to be considered by the House of Representatives after being unanimously agreed upon by the Alabama Senate recently. Alabama is one of the final two states that still has to bring in laws which...
It has been discovered that an electronic device, used to record the signatures of clients, has been disposed of without first clearing the device of all saved protected health information at a ShopRite pharmacy in Millville, New Jersey A small amount of protected...
Wisconsin-based provider of medical, laboratory, pharmacy, fitness, and physical therapy services QuadMed has discovered that PHI 5,305 clients may have been impermissibly disclosed to certain members of staff. In November 2013, QuadMed took over management of an...
The PHI of 33,420 people of BJC Healthcare has been accessible by the public online for eight months with no requirement for authentication to see the data. BJC Healthcare is one of the biggest not-for profit healthcare systems in the USA. The St. Louis-based...
To refer to texting as a violation of HIPAA is not strictly correct. Depending on the body copy of the text message, who the text message is being shared with, or mechanisms put in place to safeguard the integrity of Protected Health Information (PHI), texting can be...
A $575,000 settlement with the New York Attorney General has been agreed by by EmblemHealth following a 2016 mailing error that saw the Health Insurance Claim Numbers of 81,122 clients printed on the outside of envelopes. New York Attorney General Eric T. Schneiderman...
The U.S. Office of Personnel Management (OPM) Office of the Inspector General Office of Audits (OIG) has released a Flash Audit Alert claiming Health Net of California has refused to adhere with a recent security audit. Health Net supplies benefits to federal workers,...
St. Peter’s Surgery & Endoscopy Center in New York has been hit by a malware infection which could have allowed hackers to access medical records of up to 135,000 patients. This is the second biggest healthcare data breach of 2018, so far, and the largest to be...
The most recent release of the Protenus Healthcare Breach Barometer report has been released. Protenus reports that in total, at least 473,807 patient records were accessed or stolen in January, although the number of people affected by 11 of the 37 breaches is not...
A ransomware attack on Jemison Internal Medicine of Alabama on December 20, 2017 lead to electronic health records being encrypted, disabling access to the patient data for the healthcare provider. A ransom demand was sent for the keys to disable the encryption...
A recent report published in the Post and Courier revealed that the Medical University of South Carolina (MUSC) fired 13 employees last year for violating HIPAA Rules by prying on patient records. Overall, there were 58 privacy breaches in 2017 at MUSC, all of which...
HIPAA Compliance Checklist 2018-2019 If your group manages electronic Protected Health Information (ePHI), the best thing for you to do is to carefully consider all of the information included here in our HIPAA compliance checklist 2018-2019. The purpose of our HIPAA...
White and Bright Family Dental has found that one of its data servers storing patients’ private data has been hacked. Access to the Fresno, CA-based server was obtained by the hackers on January 30, 2018. The Fresno Police Department was quickly made aware of the...
Around 1,900 people who were treated by the University of Virginia Health System are being contacted to be made aware that a hacker has gained access to their medical information using a malware infection. The malware in question had been loaded onto the devices in...
Slack is a useful tool that can make it much easier to communicate and collaborate, but is Slack HIPAA compliant? Would it be against HIPAA regulations for healthcare entities to send protected health information (PHI) via Slack? Is Slack HIPAA Compliant? The question...
Sutter Health is alerting a number of clients that some of their protected health information may have been accessed in a phishing attack on one of its business associates – the Salem and Green legal firm. On approximately October 11, 2017, a phishing email was opened...
Over 750,000 businesses are now using Zoom for online video and web conferencing. However, before implementing use of the service it is vital to consider if it adheres to HIPAA Rules for appropriate use by healthcare groups in relation to sharing PHI. A cloud-based...
As a document management and storage service for businesses, eFileCabinet provide on-site and cloud storage. However, is the service appropriate for the healthcare sector? Does eFileCabinet adhere with HIPAA rules or will using it lead to HIPAA breaches? Document...
The American Journal of Managed Care has released a report detailing hospital data breaches experienced in the United States. The focus of the study was to discover common characteristics of hospital data breaches, what the biggest issue areas are, the main causes of...
A recent MediaPro report released there is still an absence of readiness to deal with common cyberattacks and privacy and security dangers are still not fully comprehended by healthcare staff. In MediaPro’s 2017 State of Privacy and Security Awareness Report, the firm...
Aetna has begun a legal action to claim compensation from an administrative support firm in relation to a July 2017 data violation in which details of HIV medications visible through transparent plastic windows of envelopes in a mail shot. Letters inserted in some of...
A web-based document management and storage system, SharePoint is one of the most popular leading collaborative services available, used by 78% of Fortune 500 firms. The service relies on Microsoft’s OpenXML document standard and therefore integrates seamlessly with...
Yammer is a freemium enterprise social networking platform used for private communication and collaboration within organizations since 2008. After a bedding in period Microsoft purchased the company in 2012. It has grown in popularity since then to the extent that it...
A web and video conferencing and collaboration platform, WebEx allows businesses connect with remote workers and partners as if they are working on site. Using utilities like WebEx, healthcare groups can interact quickly and easily with the workforce, no matter where...
A privacy breach has been experienced by the Puerto Rico Health Plan Triple-S Advantage. The breach, which affected 36,000 plan members, was due to a mailing mistake which saw sensitive information of plan subscribers disclosed to incorrect people. The released...
The protected health information (PHI) of 925 patients of Coastal Cape Fear Eye Associates has been compromised in a ransomware attack. North Carolina’s Coastal Cape Fear Eye Associates, P.A., found that its systems had been breached on December 5 2017. Upon noticing...
Even when HIPAA-compliant businesses close down the obligation to abide by HIPAA Rules does not cease to exist. This was highlighted recently when FileFax, a Northbrook, IL-based firm that offers medical record storage, maintenance, and delivery services for HIPAA...
Ron’s Pharmacy Services , based in San Diego, has reported that an email account that held limited protected health information has been accessed by an unknown person. Suspicious activity was noticed on a staff member’s email account on October 3, 2017 leading to an...
A hacker has potentially gained access to the medical records of up to 24,000 patients of Decatur County General Hospital in Tennessee. Teh Helath centre has discovered malware has been placed on a server storing its internal electronic medical record system. A...
The protected health information of approximately 2,600 patients of Partners HealthCare System has been sent notifications that their PHI may have been compromised is a HIPAA breach. Even though health care organizations covered by HIPAA are given 60 days following...
Western Washington Medical experienced a PHI breach when the protected health information of 842 patients of Group was exposed in November 2017 after files including sensitive health information were disposed, in error, with normal rubbish. On November 13, 2017, the...
Partners HealthCare System is making contact with around 2,600 patients to advise them that, potentially, some of their protected health information (PHI) may have been accessed. Even though HIPAA covered bodies have up to 60 days after the identification of a breach...
Florida-based CarePlus Health Plans has experienced a PHI breach incident which has seen certain plan members’ protected health information disclosed, in error, to other plan subscribers. A mailing including ‘Explanation of benefits statements (EOB)’ was...
Pharmacy benefit manager CVS Pharmacy is suing mail service provider Press America, Inc in relation to over an accidental disclosure of 41 peoples’ protected health information. CVS Pharmacy is under contract to provide a mail-order based pharmacy service for a...
Massachusetts Attorney General Maura Healey has revealed the introduction launch of a new Internet-based data breach reporting application. The focus is to allow for breached organizations to file breach notifications to the Attorney General’s office as simply as...
A business associate of Forrest Health’s Forrest General Hospital, HORNE LLP is alerting a number of hospital patients that some of their PHI (PHI) has potentially been stolen by a third party after they accessed the email account of one of its staff members. HORNE,...
660 patients of Eastern Maine Medical Center are being notified that some of their protected health information may have been been exposed after a ortable hard drive, that stored sensitive information, has gone missing from its State Street facility, in Bangor, ME....
A reminder was recently issued by the Centers for Medicare & Medicaid Services (CMS) that eligible hospitals and Critical Access Hospitals (CAHs) using the Electronic Health Record Incentive Schemes must employ the QualityNet Secure Portal (QNet) to submit...
A ransomware attack, discovered last week, against the EHR vendor Allscripts lead to thousands of healthcare suppliers being prevented from accessing patient data or using the e-prescription service. Florida-based Surfside Non-Surgical Orthopedics have moved quickly...
Westminster Ingleside King Farm Presbyterian Retirement Communities has experienced a malware infection that may have resulted in the attackers obtainingt he protected health information of may of it patients. The assisted living facility, based in Washington D.C.,...
The South Dakota Senate Attorney Judiciary Committee has passed a bill to introduce data breach notification legislation after a 7-0 vote. The bill was proposed by the Committee on Judiciary following a request issued by the Attorney General Marty Jackley. At present...
The protected health information of 53,173 patients who received services from Onco360 and CareMed Specialty Pharmacy has been compromised in an email hacking attack. The patients were notified after a security breach when suspicious activity involving an employee’s...
A new report released by online security company Sophos indicates that victims of ransomware attacks have a greater chance of suffering additional attacks within the subsequent 12 months. The report states that the healthcare sector is at the highest risk of...
Over 1,300 clients of Palomar Medical Center Escondido have been wanred that a nurse, previously employed by the group, accessed their medical records without permission while they were being treated at the health center. The privacy breaches happened over a 15-month...
Health insurer Aetna has agreed to a settlement in a class action lawsuit taken by victims of a mailing mistaken that lead to the details of HIV medications prescribed to individuals being seen through the clear plastic windows of the envelopes they were sent in. The...
Hancock Health , based in Greenfield, Indiana experienced a ransomware attack on Thursday last week. Employees of Hancock were forced to use offline methods to record patient health information, while IT staff tried to respond to the attack and save the encrypted...
A recent University of Phoenix College of Health Professions survey shows that indicates registered nurses (RNs) are satisfied withtheir organization’s measures in place to stop data breaches occurring. The survey was conducted on 504 full time RNs and administrative...
43,000 patients of West Virginia-based Coplin Health Systems have been advised that their PHI has possibly been exposed due to the theft of an unencrypted laptop computer from the vehicle of a member of staff. Coplin Health was made aware to the theft of the laptop on...
Charles River Medical Associates, based in Framingham, MA-based, has discovered that one of its portable hard drives was missing, possibly affecting the PHI of almost 9,400 people Last November, the practice discovered that the device which contained x-ray images,...
It has been discovered that an unauthorized person has gained access to parts of its Oklahoma State University Center for Health Sciences (OSUCHS) computer network and potentially downloaded files holding billing information of Medicaid subscribers. The security...
The Agency for Health Care Administration in Florida has found that an unauthorized individual obtained access to a single email account due to a member of staff beign tricked by phishing scam. The member of staff received and responded to the malicious phishing email...
1,128 patients’ protected health information has potentially been viewed after an unauthorized individual gained access to the Compassionate Care Hospice Las Vegas (CCHLV) network and server. The breach occurred on October 28, 2017, CCHLV was alerted that its network...
The findings of an audit of the North Carolina State Medicaid agency by The Department of Health and Human Services’ Office of Inspector General (OIG) have been published in a new report. The report indicates that the State agency has failed to put in place sufficient...
Kaiser Permanente has suffered a couple of security incidents which filed with the Department of Health and Human Services’ Office for Civil Rights (OCR). Overall, in excess of 5,000 people have been affected by the data violations. The HIPAA breaches impact clients...