Six flaws have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one fatal flaw that could permit a hacker to obtain access to the Valleylab Energy platform and view/overwrite files and […]
The University of Rochester Medical Center (URMC) has been sanctioned with $3 million HIPAA penalty for not encrypting mobile devices and other HIPAA breaches. URMC is one of the biggest health systems in New York […]
Healthcare groups can create strong defenses to stop cyber criminals from gaining access to sensitive data, but not all threats come from outside the organization. It is also crucial to put in place policies, procedures, […]
Security expert at Armis have discovered 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component implemented in hospital networks and certain medical devices. The flaws were reported to the DHS Cybersecurity and […]
Facebook has taken the move to suspend “tens of thousands” of apps that are in operation on its platform as it continues to try and stem what it suspects is the collection of large amounts […]
The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act […]
A vulnerability has been discovered in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The flaw could be target to take advantage by a locally authenticated user to insert files that could allow the […]
The Government Accountability Office (GAO) has completed a research study of 23 federal bodies and found widespread cybersecurity risk management weaknesses. Federal agencies are targeted by hackers, so it is crucial for security measures to […]
The National Institute of Standards and Technology (NIST) has published a new guide for manufacturers of Internet of Things (IoT) devices to assist them is ensuring that adequate cybersecurity measures are in place so that […]
The European Union’s Competition Commission has initiated an official antitrust investigation to ascertain if Amazon is using sensitive data, gathered from independent retailers who use its marketplace, in breach of EU competition legislation. The Commission […]
The significance consumers place on the privacy and security of their health information has been reviewed in a recent nCipher Security survey. The survey i question was aimed at 1,300 U.S. consumers and looked into […]
The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a warning after a rise in cyberattacks by ‘Iranian regime actors.’ The warning from Christopher C. Krebs came as […]
The Government Accountability Office (GAO) has released the findings of an audit of all federal government systems that operate legacy systems. The focus of the audit was to determine the extent to which legacy software […]
Healthcare cybersecurity’s poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. […]
According to a report released by the International Association of Privacy Professionals (IAPP) and OneTrust, prior to the California Consumer Privacy Act (CCPA) becoming enforceable on January 1, 2020, nearly 50% of all companies will […]
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its […]
Several healthcare groups have asked for leniency to be shown for healthcare organizations that would mean avoiding financial penalties for breaches of protected health information if the breached entity that has implemented certain standards for […]
The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft. Every year the IRS supplies […]
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted […]
The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation. The proposed legislation allows […]
ICS-CERT has released a waring in relation to three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software before version 4.1 are affected by the flaws. If the vulnerabilities […]
North Caroline Attorney General Josh Stein and state representative Jason Saine have introduced a bill to moderize data breach notification laws in the state and increase protections for state residents after an increase in data […]
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, […]
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which […]
Impact of CCPA on Business The Californian Governor Jerry Brown signed the Californian Consumer Privacy Act (CCPA) into law in June 2018. The CCPA has revolutionised the data privacy rights of Californian residents. CCPA offers […]
A new study by the consultancy firm Censuswide has revealed the extent to which employees are being tricked by phishing emails and how despite the danger of a data breaches and regulatory fines, many firms […]
The winners of the Easy EHR Issues Reporting Challenge have been announced by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). At present, reporting EHR safety […]
Florida-based Key Dental Group has made contact with its patients about a suspected HIPAA breach which may have led to the unauthorized release of their protected health information (PHI). After amended its electronic medical record […]
The EU introduced the General Data Protection Regulation (GDPR) in May 2018. Since its implementation, GDPR has changed the way that businesses handle, collect, and process consumer data. It is a landmark piece of legislation […]
According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector. Ransomware attacks on healthcare groups comprised 37% of those managed […]
The U.S. Food and Drug Administration (FDA) has released a warning about flaws in certain Medtronic implantable cardiac device programmers which could possibly be targeted by hackers to alter the functionality of the programmer during […]
The British Standards Institution (BSI) has released the results of a study which show that one in six European business are not sufficiently ready to face the threat of a data breach. This is particularly […]
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) is highlighting awareness of the measures it implements to address cyberthreats within the HHS and the healthcare sector as a whole and […]
Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m. The payment […]
The New York Attorney General has fined the Arc of Erie County $200,000 by breaching HIPAA Rules when it did not secure the electronic protected health information (ePHI) of its customers. The Arc of Erie […]
Several studies have been conducted to assess the cost of cybercrime in the United States, although there is little data on the cost of cyberattacks in Germany. That has been addressed with a recent survey […]
On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. It is thought that this will be the first of many State laws […]
ICS-CERT has released a warning after identifying eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software implemented in Natus Xltek EEG medical products. If the weaknesses are successfully exploited they could allow a hacker […]
The results of a HIMSS survey has revealed that medical device security is a strategic focus for most healthcare groups, yet fewer than 50% of healthcare providers have an approved budget for addressing security weaknesses […]
Towards the end of last week social media giant Facebook revealed it experienced a data privacy breach last week that placed 14 million users of the platform in danger. From May 18 and 27, a […]
An official advisory over weaknesses impacting certain Phillips IntelliVue Patient and Avalon Fetal monitors has been released by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Three weaknesses have been […]
By implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) Standard, healthcare organizations can identify and restrict email spoofing and abuse of their domains; however, relatively few healthcare groups are using DMARC for spam filtering, […]
A recently-published Black Book Research report shows that approximately 90% of healthcare groups have encountered a data violation since Q3 2016, yet IT security investment at 88% of hospitals remains at 2016 figures. This information is […]
The U.S. Food and Drug Administration has released an alert regarding certain Abbott Laboratories implantable cardiac devices that have cybersecurity weaknesses that could possibly be targeted to alter the usability of the devices. A number […]
The National Institute of Standards and Technology published an updated version of its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) on April 16, 2018. The Cybersecurity Framework was first made available on February 2014 and has […]
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has released a new patient guidebook on health record access. The guidebook goes through how patients can access their health data, […]
A recent survey carried out by the Ponemon Institute for ServiceNow has unveiled that healthcare and pharmaceutical companies are not keeping up to date on patching. Weaknesses are not being patched quickly leaving organizations susceptible […]
Verizon has published its yearly Protected Health Information Breach Report which digs deep into the main factors behind the breaches, why they happen, the motivations of internal and external threat actors, and the main dangers […]
Healthcare groups seeking a hosting solution may identify Liquid Web as a possible vendor, but is Liquid Web HIPAA compliant? Can its cloud management services be used by HIPAA-covered bodies for hosting applications and projects […]
The U.S. Office of Personnel Management (OPM) Office of the Inspector General Office of Audits (OIG) has released a Flash Audit Alert claiming Health Net of California has refused to adhere with a recent security audit. Health […]
Over 750,000 businesses are now using Zoom for online video and web conferencing. However, before implementing use of the service it is vital to consider if it adheres to HIPAA Rules for appropriate use by […]
As a document management and storage service for businesses, eFileCabinet provide on-site and cloud storage. However, is the service appropriate for the healthcare sector? Does eFileCabinet adhere with HIPAA rules or will using it lead to […]
The American Journal of Managed Care has released a report detailing hospital data breaches experienced in the United States. The focus of the study was to discover common characteristics of hospital data breaches, what the […]
A recent MediaPro report released there is still an absence of readiness to deal with common cyberattacks and privacy and security dangers are still not fully comprehended by healthcare staff. In MediaPro’s 2017 State of […]
Yammer is a freemium enterprise social networking platform used for private communication and collaboration within organizations since 2008. After a bedding in period Microsoft purchased the company in 2012. It has grown in popularity since […]
A hacker has potentially gained access to the medical records of up to 24,000 patients of Decatur County General Hospital in Tennessee. Teh Helath centre has discovered malware has been placed on a server storing […]
Western Washington Medical experienced a PHI breach when the protected health information of 842 patients of Group was exposed in November 2017 after files including sensitive health information were disposed, in error, with normal rubbish. […]
A new report released by online security company Sophos indicates that victims of ransomware attacks have a greater chance of suffering additional attacks within the subsequent 12 months. The report states that the healthcare sector […]
Hancock Health , based in Greenfield, Indiana experienced a ransomware attack on Thursday last week. Employees of Hancock were forced to use offline methods to record patient health information, while IT staff tried to respond to […]
43,000 patients of West Virginia-based Coplin Health Systems have been advised that their PHI has possibly been exposed due to the theft of an unencrypted laptop computer from the vehicle of a member of staff. […]
The findings of an audit of the North Carolina State Medicaid agency by The Department of Health and Human Services’ Office of Inspector General (OIG) have been published in a new report. The report indicates that […]
Almost 10,000 patients of Columbus Surgery Center, LLC and Eye Physicians, P.C., in Columbus, Nebraska have been impacted by a ransomware attack. The ransomware attack was carried out on October 7, 2017 and hit a […]
Once the General Data Protection Regulation (GDPR) comes into play, in May 2018, it will be possible for any organisation that does not comply to be fined as much as 4% of annual turnover, or […]
The November 2017 healthcare Breach Barometer Report has been published by Protenus. Following an unusually particularly bad September, healthcare data breach incidents fell to more normal levels, with 37 breaches recorded during the month of […]
UPMC Susquehanna, a network of hospitals and health facilities in Williamsport, Wellsboro, and Muncy in Pennsylvania, has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to […]
Personally identifiable information of a limited number of insurance applicants has been exposed online, according to an announcement by Blue Cross and Blue Shield of Florida, dba Florida Blue. Florida Blue was made aware of […]
There was been a 305% increase in the number of records exposed in data breaches in the 2017 according to a data breach report from Risk Based Security (RBS), a provider of real time information and […]
Attorney General Eric T. Schneiderman has introduced the ‘Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)’ into the legislature in New York.it is hoped that Act will protect New Yorkers from unnecessary breaches […]
Two USB drives storing the protected health information of up to 2,000 veterans have been stolen from the Man-Grandstaff VA Medical Center in Spokane, WA it has been reported. The two USB devices were being […]
The protected health information (PHI) of almost 8,000 client of Brevard Physician Associates may have been accessed following the theft of an office computer in a recent break in. The burglary happened on September 4, […]
September 2017 saw a huge increase in the amount of healthcare data breaches, according to the recently released Breach Barometer report from Protenus which shows there was a serious rise increase. The Protenus report examines […]
New ISACA research reveals that a lot more work still needs to be done in information and technology governance. According to the research, cyber security and defenses present the biggest technological challenges to corporate governance. […]
Another unsecured Amazon S3 bucket used by a HIPAA-covered entity has been found by Kromtech Security. The unsecured bucket was storing contained 47.5GB of medical details relating to around 150,000 people. The medical details contained […]
A fax machine used by a Doctor at Grand Rapids, MI, based Spectrum Health System was recently found to contain the PHI of almost 20 patients. The fax machine was bought from resale shop by […]
Texas orthopedic clinic CoPilot are just now informing their patients that their protected health information may have been exposed in a 2015 CoPilot data breach. In October 2015, an online portal managed by CoPilot Provider […]
A Catholic health system based in Vancouver, WA PeaceHealth, has revealed discovered that a former member of staff had accessed the medical history of almost 2,000 patients without any an adequate work reason. The unauthorized […]
Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and discovered a seemingly strange account on their servers. This case further highlights […]
Hacking group TheDarkOverlord, after an apparent period of inactivity, has claimed responsibility for another successful attack on a U.S. healthcare supplier. This time the victim was Mass-based SMART Physical Therapy (SMART PT). The announcement of […]
A HIPAA violation at Mercy Health Love County Hospital may have exposed the private information of in excess pf 13,000 patients in Oklahoma. On June 23, 2017, the health centre found that a member of […]
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has just received a joint settlement of $1,975,220 for the potential breaches of HIPAA arising following the theft of a laptop storing […]
Aetna is facing a class action lawsuit following a privacy breach that saw the HIV positive status of up to 12,000 individuals disclosed against the patients’ wishes. The individuals names and addresses were visible during […]
In a release yesterday, HHS Secretary Tom Price stated that OCR will waive sanctions and financial penalties for specific Privacy Rule violations against hospitals in the Hurricane Harvey disaster area. This waiver is only […]
The Department of Homeland Security has issued an alert over vulnerabilities in Siemens medical imaging devices. The vulnerabilities could be exploited remotely and attacks would require only a low level of skill. Exploits are publicly […]
The Medical Device Cybersecurity Act introduced by Connecticut Senator Richard Blumenthal last week is intended to improve the security of medical devices by making it harder for the devices to be hacked. If the legislation […]
KPMG has published the findings of its recent Cyber Healthcare & Life Sciences Survey. The survey was conducted on 100 individuals with responsibility for information security at healthcare providers and payers with annual revenues in […]
HITRUST has announced it is embarking on a new Community Extension Program to reach out to healthcare organizations to provide advice on best practices to adopt to improve cybersecurity. The new program will enable HITRUST […]
A recent survey conducted by risk management software vendor Netwrix has revealed only 5% of healthcare organizations are using software for risk management and security governance. Additionally, only 32% of healthcare organizations said they had […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a reminder to all covered entities and business associates of the possible risks associated with file sharing and collaboration tools, outlining […]
The Ponemon Institute has conducted an annual benchmark study on the cost of data breaches for the last decade. Their 2016 Cost of Data Breach Study was published by the Institute earlier this week. The […]
At the Healthcare Information and Management Systems Society’s 2017 conference-HIMSS17-OCR’s Deven McGraw released some new information on the HIPAA guidance OCR expects to release in 2017. Last year, the Joint Commission lifted the ban on […]
Although the total number of healthcare data breaches reported in 2016 is an order of magnitude lower than the number seen in 2015, there was a significant increase in the number of covered entities (CEs) […]
In a recent report released by the Department of Health and Human Services’ Office of Inspector General, a third of hospitals do not have sufficient HIPAA-compliant EHR contingency plans in place, although the majority are “largely addressing” […]
In recent years, there has been a substantial increase in the number of cyberattacks on healthcare organizations with the aim of obtaining PHI. It has proven profitable for hackers to conduct attacks on healthcare organizations […]
A nursing assistant from the Parkside Manor assisted-living center in Kenosha, WI., has been fired from her job for recording a video of a practically naked 93-year-old Alzheimer’s patient and sharing it on Snapchat. Recently […]
The Allina Health System Minneapolis Isles clinic has notified around 6,000 patients of a breach of their Protected Health Information (PHI). The clinic, located at 2800 Hennepin Avenue, found instances of improper PHI disposal had […]
Following a data breach that occurred back in 2011, the HHS has revealed that Lahey Hospital and Medical Center has agreed to settle a case with the Office for Civil Rights (OCR) over alleged HIPAA […]
Following the 2012 theft of a laptop computer containing the unencrypted data of 8,883 Connecticut residents, Hartford Hospital – and one of its Business Associates, EMC Corporation (EMC) – have agreed to a settlement with the Connecticut […]
Being compliant with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size. However, smaller healthcare providers tend to have more issues. Budgets tend to be tighter, and a lack […]
A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third […]
Government department heads and industry leaders will be attending the 23rd National HIPAA Summit to give updates on the work that has been completed in the last year and to provide information on new legislation […]
Copyright © 2018 Compliance Junction
Weekly HIPAA news via email.
