Healthcare cybersecurity is an increasing problem for organizations. Recent years have seen hacking and IT security incidents steadily increase and many healthcare organizations have struggled to secure their network perimeter and keep cybercriminals away. 2015 […]
Healthcare groups still deploying Windows 7 and Windows 2008 have a very short amount of time left to upgrade the operating systems before Microsoft support will be discontinued. Support for both operating systems will cease […]
A legal action is being taken against Kalispell Regional Healthcare in Montana in relation to a phishing attack in which cybercriminals obtained access to employee email accounts including the protected health information of almost 130,000 […]
The General Data Protection Regulation became enforceable on May 25, 2018 and from that date companies that gather or use the personal data of EU residents were obligated to require with the GDPR, although there […]
The HIPAA guidelines on telemedicine are relevant for all medical professional or healthcare groups that provide a remote service to patients in their homes or in community centers. Many people wrongly think that communicating ePHI […]
Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within […]
Six flaws have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one fatal flaw that could permit a hacker to obtain access to the Valleylab Energy platform and view/overwrite files and […]
The University of Rochester Medical Center (URMC) has been sanctioned with $3 million HIPAA penalty for not encrypting mobile devices and other HIPAA breaches. URMC is one of the biggest health systems in New York […]
Healthcare groups can create strong defenses to stop cyber criminals from gaining access to sensitive data, but not all threats come from outside the organization. It is also crucial to put in place policies, procedures, […]
In the last few years cybersecurity has evolved massively on a global basis as greater efforts are invested in protecting individuals, businesses and organizations from the threat of hacking. New legislation has been introduced in […]
Our review of HIPAA history begins on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted into law, but why was the HIPAA Act formulated? The HIPAA Act was formulated […]
Poland’s Personal Data Protection Office (UODO) this week decided to fine an online retailer PLN 2.8 million, or €645,000 for “insufficient organizational and technical safeguards”. It has been reported the online retailer in question, Morele.net, […]
Security expert at Armis have discovered 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component implemented in hospital networks and certain medical devices. The flaws were reported to the DHS Cybersecurity and […]
Sarrell Dental, an Alabama-based not-for-profit Children’s dental and optical service clinic, has suffered a ransomware attack in which the protected health information of its patients may have been infiltrated. Sarrell Dental is the largest dental […]
Facebook has taken the move to suspend “tens of thousands” of apps that are in operation on its platform as it continues to try and stem what it suspects is the collection of large amounts […]
The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act […]
A vulnerability has been discovered in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The flaw could be target to take advantage by a locally authenticated user to insert files that could allow the […]
A phishing attack on Bonita Springs, FL-based NCH Healthcare System was noticed on June 14, 2019 when suspicious email activity on its payroll database. The investigation indicated that 73 employees had replied to phishing emails […]
The Government Accountability Office (GAO) has completed a research study of 23 federal bodies and found widespread cybersecurity risk management weaknesses. Federal agencies are targeted by hackers, so it is crucial for security measures to […]
The National Institute of Standards and Technology (NIST) has published a new guide for manufacturers of Internet of Things (IoT) devices to assist them is ensuring that adequate cybersecurity measures are in place so that […]
HIPAA was enacted in 1996. In its initial form, the legislation assisting in making sure that workers would go on receiving health insurance coverage when they were moving between jobs. The legislation also required healthcare […]
A physicians’ network for patients based in Southwest Louisiana called Imperial Health is contacting over 111,000 patients to make them aware that a portion of their protected health information has potentially been illegally obtained as […]
Skype Text and messaging platforms like it are a very convenient way of quickly sending data however there is still some discussion around how HIPAA compliant Skype actually is. The Skype service incorporates security measures […]
In Romania, following the conclusion of a National Supervisory Authority, Unicredit Bank has been sanctioned with a US$146,000 (EUR€135,000) General Data Protection Regulation (GDPR) fine in relation to how it uses personal data. This is […]
Adirondack Health is notifying almost 25,000 patients that a portion of their protected health information has potentially been obtained by a cyber criminal from the Vermont-based organization. The data may have included patients’ names, dates […]
On Friday the Federal Trade Commission (FTC) approved a $5bn fine for social media giant Facebook to settle data privacy breaches that were uncovered during the investigation that followed the Cambridge Analytica controversy. This is […]
The significance consumers place on the privacy and security of their health information has been reviewed in a recent nCipher Security survey. The survey i question was aimed at 1,300 U.S. consumers and looked into […]
The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – forms a portion of an economic stimulus program introduced prior to President Trump taking office: The American Recovery and Reinvestment […]
Recently security company Tripwire surveyed 298 IT security professionals who were attending Infosecurity Europe 2019 conference in order to discover how much knowledge they have in relation to the disclosure requirements of the European Union’s […]
The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a warning after a rise in cyberattacks by ‘Iranian regime actors.’ The warning from Christopher C. Krebs came as […]
A recent survey of 1,000 full-time employees conducted by ObserveIT’s survey in the US and the UK has uncovered some worrying revelations in relation to workers’ knowledge of data privacy legislation. The poll was taken […]
The Government Accountability Office (GAO) has released the findings of an audit of all federal government systems that operate legacy systems. The focus of the audit was to determine the extent to which legacy software […]
The Ullico Inc. subsidiary, Union Labor Life Insurance (ULLI), is alerting more than 87,000 plan members that a portion of their protected health information (PHI) has been exposed due to a staff member responding to […]
Healthcare cybersecurity’s poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. […]
A ransomware attack has resulted in widespread file encryption at the Southeastern Council on Alcoholism and Drug Dependence (SCADD) in Lebanon, CT. The attack was discovered on February 18, 2019 when problems started to be […]
According to a report released by the International Association of Privacy Professionals (IAPP) and OneTrust, prior to the California Consumer Privacy Act (CCPA) becoming enforceable on January 1, 2020, nearly 50% of all companies will […]
Autoriteit Persoonsgegevens, the Dutch Data Protection Authority (DPA), has published six recommendations for companies operating in the Netherlands. The agency says that these guidelines should be considered when drafting privacy policies. The Dutch DPA recommends […]
The results of recent research conducted by the consultancy firm CynergisTek has shown that healthcare groups are not adhering with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, […]
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its […]
The results of a new study, conducted by privacy compliance company TrustArc, in relation to the level of preparedness for California Consumer Privacy Act (CCPA) will lead to a lot of worry among tech groups […]
Our February 2018 healthcare data breach report lists the major data breaches reported by healthcare groups, health plans, and business associates in February 2018. Even though February is a shorter month, but there was a […]
Several healthcare groups have asked for leniency to be shown for healthcare organizations that would mean avoiding financial penalties for breaches of protected health information if the breached entity that has implemented certain standards for […]
The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft. Every year the IRS supplies […]
HIPAA password requirements state that procedures must be implemented for creating, changing and securing passwords unless a different, equally-effective security measure is chosen. The password requirements under HIPAA are available the Administrative Safeguards of the […]
UConn Health is making contact with almost 326,000 clients that some of their personal data was accessible due to a phishing attack on some of its staff members. UConn Health discovered the phishing breach on […]
Amazon Web Services has all the security requirement to adhere with the HIPAA Security Rule and the company is willing to complete a business associate agreement with healthcare groups. So, is AWS HIPAA compliant? The […]
The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation. The proposed legislation allows […]
ICS-CERT has released a waring in relation to three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software before version 4.1 are affected by the flaws. If the vulnerabilities […]
Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) illegally obtains in a hacking attack in 2014 have been offered compensation in relation to the violation of their private Private Health […]
North Caroline Attorney General Josh Stein and state representative Jason Saine have introduced a bill to moderize data breach notification laws in the state and increase protections for state residents after an increase in data […]
In order to properly address the question, “Is Google Drive HIPAA compliant?” there are a number of factors to consider. This is due to the fact that HIPAA compliance is less about specific technologies and more […]
A ransomware attack that has possibly resulted in the theft of plan subscriber’ protected health information has been reported by a business associate of Blue Cross Blue Shield of Michigan. This is the second recent data […]
After an employee set up a mail forwarder to broadcast emails to a personal email account, Choice Rehabilitation of Creve Coeur, MO has discovered an unauthorized person illegally logged into a that corporate email account. […]
A phishing attack has potentially been compromised the private personal data of 8,400 patients of the Humana-owned Family Physicians Group in Orlando who are are being notified as a result of the breach. Family Physicians […]
Notification are being sent to existing and former patients of the Dental Center of Northwest Ohio in Toledo to advise them that some of their protected health information may have been exposed due to a […]
A new study by the consultancy firm Censuswide has revealed the extent to which employees are being tricked by phishing emails and how despite the danger of a data breaches and regulatory fines, many firms […]
Following the installation of ransomware and malware on a server belonging to Mind & Motion Developmental Centers of Georgia, it has been revealed that the group responsible which may have been able to access to […]
Almost 48,000 patients and guarantors may had their the payment information compromised Baylor Scott & White Medical Center in Frisco in a privacy breach which was noticed recently. The medical center, which is jointly operated […]
6,450 patients of Prairie Fields Family Medicine based in Fremont, NE are being made aware that their protected health information may have been compromised after it was included in an unencrypted spreadsheet that was sent […]
The winners of the Easy EHR Issues Reporting Challenge have been announced by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). At present, reporting EHR safety […]
Cancer Centers of America’s Western Regional Medical Center, located in Bullhead City, has revealed that a staff email account has been hacked following a phishing email attack. The phishing email seems to have been broadcast […]
Georgia Spine and Orthopaedics of Atlanta (GSOA) is contacting thousands of patients to make them aware that some of their protected health information has been made accessible, and possibly stolen, due to a phishing attack. […]
AccuDoc Solutions Inc., a supplier of healthcare billing services, has discovered a major data privacy breach in which the protected health information of 2,650,000 patients of Atrium Health was accessed by hackers. Morrisville, NC-based AccuDoc Solutions […]
FHN Healthcare, which runs FHN Memorial Hospital in Freeport, IL, and a group of family healthcare centers located in northwest Illinois, has discovered that a laptop computer storing the protected health information of 4,458 clients […]
Florida-based Key Dental Group has made contact with its patients about a suspected HIPAA breach which may have led to the unauthorized release of their protected health information (PHI). After amended its electronic medical record […]
In October, the Centers for Medicare & Medicaid Services (CMS) revealed that the HealthCare.gov online portal had been hacked and the sensitive data of around 75,000 individuals had possibly been obtained. This week, the CMS […]
Vancouver, Washington, based Southwest Washington Regional Surgery Center has been hit by a phishing attack that has lead to the exposure of 2,393 patients’ protected health information. The breach was restricted to a single staff […]
Virginia based Inova Health System has started to contact 12,331 patients to advise them that some of their protected health information has been obtained by an unauthorized person. Law enforcement contacted Inova Health System on […]
Upstate University Hospital in Syracuse, NY, is getting in touch with 1,216 patients to advise them that some of their protected health information (PHI) has been impermissibly accessed by a former member of staff. Upstate […]
A $200,000 settlement has been agreed with Best Medical Transcription in relation to HIPAA breaches that were discovered during an investigation of a 2016 breach of 1,650 clients’ protected health information. Best Medical Transcription, a […]
According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector. Ransomware attacks on healthcare groups comprised 37% of those managed […]
Around 10,000 patients of Raley’s Pharmacy are being contacted to inform them that some of their protected health information (PHI) has potentially been impacted in a data breach. On September 24, 2018, a laptop computer […]
Jones Eye Clinic and its affiliated surgery center, CJ Elmwood Partners, L.P, in Sioux City, IA has revealed that the protected health information of up to 40,000 of its patients may have been compromised. The […]
Michigan Medicine is contacting over 3,600 patients to make them aware of an impermissible disclosure of a restricted amount of their protected health information. In early September 2018, the Michigan Medicine Development Office initiated a […]
A survey of 145 US corporate directors of public company boards conducted by BDO USA during August 2018 has revealed that eight out of ten companies have taken steps to ensure they are complying with necessary […]
The U.S. Food and Drug Administration (FDA) has released a warning about flaws in certain Medtronic implantable cardiac device programmers which could possibly be targeted by hackers to alter the functionality of the programmer during […]
HIPAA-covered organizations must take every possible precaution to ensure protected health information (PHI) sent and received by email is safeguarded both at rest and in transit in order to prevent unauthorized access to patient data. […]
The British Standards Institution (BSI) has released the results of a study which show that one in six European business are not sufficiently ready to face the threat of a data breach. This is particularly […]
Biomarin Pharmaceutical, based in Novato, CA-based has discovered two staff email accounts have been compromised due to a phishing attack in which a non-permanent employee’s login details were obtained by the hacker. The attack was […]
Letters have been mailed to approximately 21,000 individuals on medical assistance by the Minnesota Department of Human Services to alert them of a potential breach of their protected health information (PHI) due to two phishing […]
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) is highlighting awareness of the measures it implements to address cyberthreats within the HHS and the healthcare sector as a whole and […]
A data breach, that saw the highly sensitive protected health information of 93 lower-income HIV positive individuals stolen by unauthorized individuals, will go to trial after a lawsuit submitted by Lambda Legal on behalf of […]
It is vital for all staff members in the healthcare sector to have a firm grasp of what a HIPAA violation is and how to report one. Understanding what a HIPAA violation entails should be […]
In the UK consumer credit reporting agency Equifax has been fined £500,000 by the Information Commissioner’s Office (ICO) for failing to safeguard millions of UK citizens’ personal data when a cyber attack happened in 2017. Private personal […]
A not-for-profit 115-bed community hospital in Ogdensburg, NY, Claxton-Hepburn Medical Center has sacked several employees for accessing patient health records without official permission.The PHI breaches were identified during an internal review. It is not yet obvious […]
Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m. The payment […]
Blue Cross and Blue Shield of Rhode Island (BCBSRI) is contacting 1,567 plan subscribers that a portion of their protected health information has been impermissibly made accessible by one of its business partners. A BCBSRI vendor […]
A former staff member of the emergency department of Brooklyn’s Kings County Hospital is accused of stealing the protected health information of at least 100 patients while employed there. The same person is accused of […]
The New York Attorney General has fined the Arc of Erie County $200,000 by breaching HIPAA Rules when it did not secure the electronic protected health information (ePHI) of its customers. The Arc of Erie […]
A GDPR complaint has been filed by the operators of the Brave internet browser with authorities in Ireland and the UK in relation to privacy breaches caused by Google and other ad tech companies. Chief […]
Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) was hit by a ransomware attack on June 30 this year. File-encrypting software was uploaded to an FDIP server and encrypted a wide range of file types […]
Reliable Respiratory, a Norwood, MA-based respiratory care organisation has been subjected to a phishing attack that has impacted several thousand of its clients. A cyberattack was first noticed on July 3, 2018, after the detection […]
The New Mexico Department of Health is trying to ascertain how the private medical records of some of its clients came to fall from a truck while being taken from the hospital to a secure […]
The Health Insurance Portability and Accountability Act (HIPAA) brought in many new regulations for healthcare groups, but who polices HIPAA? Which federal departments are charged with making sure HIPAA Rules are adhered to by covered […]
A mailing mistake that was sent to Missouri Care subscribers reminding them to reserve well-child visits has resulted in the accidental disclosure of the personal data of approximately 20,000 children to other Missouri Care subscribers. […]
Authentic Recovery Center, a West Los Angeles-based drug and alcohol treatment center, is contacting 1,790 clients to inform them that some of their personally identifiable information (PII) and protected health information (PHI) may have been […]
Many healthcare groups have considered the Zoho Office Suite as an alternative software package to organize workflows, but can Zoho be deemed HIPAA compliant? Zoho: What is it? Based in Pleasanton, CA Zoho is developer of […]
A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general […]
ICANN has appealed the most recent decision made against it in the Appellate Court of Cologne. The organisation has argued that the German legal body has made a mistake in decreeing that they had not “sufficiently […]
Central Colorado Dermatology (CCD) has made contact with over 4,000 clients that some of their protected health information (PHI) has possibly been obtained by cyber criminals during a ransomware attack on its IT systems. An […]
Copyright © 2022 ComplianceJunction