A Colorado IT company that dedicates itself providing managed IT services to dental clinic has been infiltrated with ransomware. Via the company’s systems, over 100 dental clinics have also been targeted and have had ransomware deployed. The attack on Englewood,...
Healthcare cybersecurity is an increasing problem for organizations. Recent years have seen hacking and IT security incidents steadily increase and many healthcare organizations have struggled to secure their network perimeter and keep cybercriminals away. 2015 was...
Healthcare groups still deploying Windows 7 and Windows 2008 have a very short amount of time left to upgrade the operating systems before Microsoft support will be discontinued. Support for both operating systems will cease on January 14, 2019. As of January 14,...
A legal action is being taken against Kalispell Regional Healthcare in Montana in relation to a phishing attack in which cybercriminals obtained access to employee email accounts including the protected health information of almost 130,000 clients. The impacted email...
The General Data Protection Regulation became enforceable on May 25, 2018 and from that date companies that gather or use the personal data of EU residents were obligated to require with the GDPR, although there are restricted GDPR exemptions and derogations. Who Must...
The HIPAA guidelines on telemedicine are relevant for all medical professional or healthcare groups that provide a remote service to patients in their homes or in community centers. Many people wrongly think that communicating ePHI at distance is allowable when the...
Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within a day of the accounts being accessed and the...
Six flaws have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one fatal flaw that could permit a hacker to obtain access to the Valleylab Energy platform and view/overwrite files and remotely execute arbitrary code....
The University of Rochester Medical Center (URMC) has been sanctioned with $3 million HIPAA penalty for not encrypting mobile devices and other HIPAA breaches. URMC is one of the biggest health systems in New York State with more than 26,000 staff at the Medical...
Healthcare groups can create strong defenses to stop cyber criminals from gaining access to sensitive data, but not all threats come from outside the organization. It is also crucial to put in place policies, procedures, and technical solutions to detect and prevent...
Our review of HIPAA history begins on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted into law, but why was the HIPAA Act formulated? The HIPAA Act was formulated to “improve the portability and accountability of...
Security expert at Armis have discovered 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component implemented in hospital networks and certain medical devices. The flaws were reported to the DHS Cybersecurity and Infrastructure Security...
Sarrell Dental, an Alabama-based not-for-profit Children’s dental and optical service clinic, has suffered a ransomware attack in which the protected health information of its patients may have been infiltrated. Sarrell Dental is the largest dental services clinic in...
Facebook has taken the move to suspend “tens of thousands” of apps that are in operation on its platform as it continues to try and stem what it suspects is the collection of large amounts of user profile data. This move comes towards the end of a...
The Haga Hospital in the Hague has become the first Dutch body to be fined for violation of Europe’s new privacy law, the General Data Protection Regulation (GDPR). NU.nl has reported that a fine of €460,000 is being imposed on the Hospital for failing to...
The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act when it comes into effect on January 1 2020. 1,500 US...
A vulnerability has been discovered in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The flaw could be target to take advantage by a locally authenticated user to insert files that could allow the attacker to run arbitrary code on...
A phishing attack on Bonita Springs, FL-based NCH Healthcare System was noticed on June 14, 2019 when suspicious email activity on its payroll database. The investigation indicated that 73 employees had replied to phishing emails and disclosed their account...
The Government Accountability Office (GAO) has completed a research study of 23 federal bodies and found widespread cybersecurity risk management weaknesses. Federal agencies are targeted by hackers, so it is crucial for security measures to be put in place to...
The National Institute of Standards and Technology (NIST) has published a new guide for manufacturers of Internet of Things (IoT) devices to assist them is ensuring that adequate cybersecurity measures are in place so that the devices are secure from threats when...
It has been a long journey, but what may prove to be a crucial data privacy case from Ireland has finally made its way to Luxembourg’s Court of Justice of the European Union (CJEU). On Tuesday the court heard arguments in what has become referred to as the...
A physicians’ network for patients based in Southwest Louisiana called Imperial Health is contacting over 111,000 patients to make them aware that a portion of their protected health information has potentially been illegally obtained as part of a ransomware attack....
According to a story first reported by the Irish Times on the 23rd of July 2019, it appears that the reach of the General Data Protection Regulation may extend to a form of record keeping that few would have envisaged as relevant when the regulation was first drafted:...
The European Union’s Competition Commission has initiated an official antitrust investigation to ascertain if Amazon is using sensitive data, gathered from independent retailers who use its marketplace, in breach of EU competition legislation. The Commission...
Adirondack Health is notifying almost 25,000 patients that a portion of their protected health information has potentially been obtained by a cyber criminal from the Vermont-based organization. The data may have included patients’ names, dates of birth, Medicare ID...
The significance consumers place on the privacy and security of their health information has been reviewed in a recent nCipher Security survey. The survey i question was aimed at 1,300 U.S. consumers and looked into attitudes toward online privacy, the sharing of...
The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – forms a portion of an economic stimulus program introduced prior to President Trump taking office: The American Recovery and Reinvestment Act of 2009 (ARRA). The Act was signed...
In January 2019 the French Data Protection Authority (the CNIL), hit Google LLC with a record €50m fine for failing to comply with the EU’s General Data Protection Regulation (GDPR). A decision made on the 28th May 2019 which imposes a €400,000 fine on SERGIC, a...
The UK Information Commissioner’s Office (ICO) has announced that it intends to fine British Airways for a recent infringement of the General Data Protection Regulation (GDPR). The security breach occurred when British Airways customers were directed away from...
The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a warning after a rise in cyberattacks by ‘Iranian regime actors.’ The warning from Christopher C. Krebs came as tensions are mounting between...
Skype Text and messaging platforms like it are a very convenient way of quickly sending data however there is still some discussion around how HIPAA compliant Skype actually is. The Skype service incorporates security measures to stop unauthorized access of...
The Government Accountability Office (GAO) has released the findings of an audit of all federal government systems that operate legacy systems. The focus of the audit was to determine the extent to which legacy software and systems are in use, and which departments...
The Ullico Inc. subsidiary, Union Labor Life Insurance (ULLI), is alerting more than 87,000 plan members that a portion of their protected health information (PHI) has been exposed due to a staff member responding to a phishing email. As is often the case in...
Today marks the first anniversary of the introduction of the European Union’s General Data Protection Regulation (GDPR). As the solitary candle of the birthday cake is being blown out, we can take a moment to reflect upon what has undoubtedly been an eventful...
Healthcare cybersecurity’s poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. 75 global...
A ransomware attack has resulted in widespread file encryption at the Southeastern Council on Alcoholism and Drug Dependence (SCADD) in Lebanon, CT. The attack was discovered on February 18, 2019 when problems started to be noticed with its network. The investigation...
According to a report released by the International Association of Privacy Professionals (IAPP) and OneTrust, prior to the California Consumer Privacy Act (CCPA) becoming enforceable on January 1, 2020, nearly 50% of all companies will not be ready to comply with...
Italy’s first GDPR fine has been issued by the Garante, the Italian Data Protection Authority. Action was taken due to the failure to implement privacy security measures in the aftermath of a data breach on the “Rousseau” platform. The platform operates the...
HIPAA was enacted in 1996. In its initial form, the legislation assisting in making sure that workers would go on receiving health insurance coverage when they were moving between jobs. The legislation also required healthcare groups to put in place controls to secure...
The results of recent research conducted by the consultancy firm CynergisTek has shown that healthcare groups are not adhering with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, CynergisTek reviewed the results of...
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its staff members following a response to a...
The results of a new study, conducted by privacy compliance company TrustArc, in relation to the level of preparedness for California Consumer Privacy Act (CCPA) will lead to a lot of worry among tech groups based in California. It indicates that 86% of companies that...
Our February 2018 healthcare data breach report lists the major data breaches reported by healthcare groups, health plans, and business associates in February 2018. Even though February is a shorter month, but there was a rise in the number of healthcare data breaches...
Several healthcare groups have asked for leniency to be shown for healthcare organizations that would mean avoiding financial penalties for breaches of protected health information if the breached entity that has implemented certain standards for securing protected...
The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft. Every year the IRS supplies provides taxpayers, businesses, and tax professionals...
HIPAA password requirements state that procedures must be implemented for creating, changing and securing passwords unless a different, equally-effective security measure is chosen. The password requirements under HIPAA are available the Administrative Safeguards of...
UConn Health is making contact with almost 326,000 clients that some of their personal data was accessible due to a phishing attack on some of its staff members. UConn Health discovered the phishing breach on December 24, 2018. All email accounts were protected, and...
Amazon Web Services has all the security requirement to adhere with the HIPAA Security Rule and the company is willing to complete a business associate agreement with healthcare groups. So, is AWS HIPAA compliant? The answer is both Yes and No. AWS can be deemed as...
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted new rights to...
The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation. The proposed legislation allows Californian residents the following...
ICS-CERT has released a waring in relation to three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software before version 4.1 are affected by the flaws. If the vulnerabilities are effectively targeted it could...
Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) illegally obtains in a hacking attack in 2014 have been offered compensation in relation to the violation of their private Private Health Information (PHI). Tennessee-based...
North Caroline Attorney General Josh Stein and state representative Jason Saine have introduced a bill to moderize data breach notification laws in the state and increase protections for state residents after an increase in data breaches affecting North Carolina...
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, CCPA has changed how businesses...
In order to properly address the question, “Is Google Drive HIPAA compliant?” there are a number of factors to consider. This is due to the fact that HIPAA compliance is less about specific technologies and more about how technologies are utilized. Any software...
A ransomware attack that has possibly resulted in the theft of plan subscriber’ protected health information has been reported by a business associate of Blue Cross Blue Shield of Michigan. This is the second recent data breach affecting Blue Cross Blue Shield of...
After an employee set up a mail forwarder to broadcast emails to a personal email account, Choice Rehabilitation of Creve Coeur, MO has discovered an unauthorized person illegally logged into a that corporate email account. The breach took place on July 1, 2018 and...
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which the public forums were...
A phishing attack has potentially been compromised the private personal data of 8,400 patients of the Humana-owned Family Physicians Group in Orlando who are are being notified as a result of the breach. Family Physicians Group is one of the biggest providers of...
Notification are being sent to existing and former patients of the Dental Center of Northwest Ohio in Toledo to advise them that some of their protected health information may have been exposed due to a ransomware attack on one of its vendors. Managed IT service...