The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security...
Patients Concerned About Health Information Privacy
An American Medical Association (AMA) patient privacy survey has confirmed that patients are worried that their healthcare data is no longer being kept private and confidential. More must be done to protect medical information and strengthen trust. Virtually every...
HPH Sector Warned of Targeted Ransomware Attacks by North Korean State-sponsored Hackers
A warning has been issued to the healthcare and public health (HPH) sector that North Korean state-sponsored hackers are conducting targeted ransomware attacks using Maui ransomware. The warning was issued by the Federal Bureau of Investigation (FBI), the...
New Report Reveals Major Increase in Ransomware Attacks and System Intrusions in 2021
Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision of treatment. According...
19% Increase in Healthcare Data Breaches in 2021 and Over 50 Million Records Breached
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows 2021 was a record year for healthcare industry data breaches, with 714 breaches of protected health information reported to OCR for 2021. The breach reports do not show the...
Lessons Learned from the Cyberattack on Ireland’s Health Service Executive
On May 14, 2021, the Conti ransomware gang conducted a ransomware attack on Ireland’s Health Service Executive (HSE) that resulted in the shutdown of IT systems supporting healthcare across the entire country. The attack resulted in the encryption of around 80% of all...
American Hospital Association Urges Organizations to Review Microsoft Malware Warning
The American Hospital Association (AHA) has urged healthcare organizations to review a recent Microsoft blog post that warns of a new malware variant that has been used by an Advanced Persistent Threat (APT) actor to attack critical infrastructure organizations in...
1.35 Million-record Data Breach Reported by Broward Health
2021 was another record-breaking year for healthcare data breaches. As of December 31, 2021, 686 healthcare data breaches had been reported to the HHS’ Office for Civil Rights that affected 44,993,618 individuals. That number is sure to grow over the coming days as...
CISA Warns of High-severity Vulnerability in Hillrom Welch Allyn Cardio Products
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning healthcare providers about a high-severity vulnerability that affects certain Hillrom Welch Allyn cardio products. The vulnerability is an authentication bypass issue,...
Healthcare and Public Health Sector Warned About Increase in Zero-day Attacks
The healthcare and public health sector has been warned to take steps to reduce the risk of cyberattacks exploiting zero-day vulnerabilities. A zero-day vulnerability is a software flaw that has only just been brought to the attention of a software developer, often as...
Important HIPAA Compliance Considerations for Legacy Software and Devices
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches end-of-life and...
New Jersey Fines Infertility Clinic for Multiple HIPAA Violations and Cybersecurity Failures
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty for the New Jersey infertility...
Best Practices for Communicating Medical Device Vulnerabilities to Patients
Several vulnerabilities have recently been identified in medical devices such as insulin pumps, infusion pumps, and pacemakers which could be exploited in malicious attacks that could potentially kill patients and concern is growing about the threat of attacks....
2021 National Cybersecurity Awareness Month: Do Your Part. BeCyberSmart
October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity advice will be issued, and...
22% Of Healthcare Organizations Say Ransomware Attacks Increased Patient Mortality
Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The...
HC3: Elevated Risk of BlackMatter Ransomware Attacks on Healthcare Organizations
The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk of BlackMatter ransomware...
NCSC Recommends Three Random Words for Passwords
In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible - combining upper- and lower-case letters, numbers and special characters - is at least 8...
Average Cost of a Healthcare Data Breach Increases to $9.23 Million
The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at any other point in the past 17 years that IBM Security has been...
Microsoft Exchange Server Patching Necessary to Address 4 New Critical Flaws
Four new zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 have been discovered by the U.S. National Security Agency (NSA). These versions of Microsoft Exchange Server must be patched as soon as possible to avoid the possibility of...
What does the California Privacy Rights Act (CPRA) Mean?
With the passing, in November 2020, of the California Privacy Rights Act, came a range of new obligations for businesses operating in the State. They must now move swift to make sure that every member of staff is conscious of their obligations in order to avoid large...
45% in Healthcare Sector Cyberattacks During 2020
In the third quarter of 2020, an alert was released for the healthcare and public health sector in the aftermath of a spike in ransomware activity being identified. The joint CISA, FBI, and HHS cybersecurity advisory group informed the healthcare sector that it was...
Data Breach Leads to Massive Carrefour Fine
In France the data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), has penalised French retail giant Carrefour more than €3m ($3.7m) in relation to a number of breaches of the European Union’s General Data Protection Regulation....
Vulnerability in VMWare Virtual Workspaces Targeted by Russian State-Sponsored Hackers
The U.S. National Security Agency (NSA) has issued a cybersecurity advisory warning Russian state-sponsored hacking groups are targeting a vulnerability in VMWare virtual workspaces used to support remote working. The flaw, tracked as CVE-2020-4006, is present in...
Stronger Privacy Rights Proposed in Canadian Digital Charter Implementation Act
In Canada Minister of Innovation, Science and Industry Navdeep Bains has introduced the proposed Digital Charter Implementation Act, 2020 which aims to bring the framework up to date for the security of private data in the corporate sector. The proposed Digital...
California Privacy Rights Act Approved by Voters
In California the California Privacy Rights Act (CPRA) ballot initiative has been passed after winning the approval of 56% of votes. This means that Californiance Consumers Privacy Act will be amended to incorporate additional rights for the consumer. Along with this...
CISA: ‘Patch Wormable Bad Neighbor Windows TCP/IP Flaw Immediately’
Microsoft have made a new patch available to address a critical remove code execution flaw in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The flaw is related to how the TCP/IP stack manages Internet Control Message Protocol version 6 (ICMPv6)...
Third Set of Proposed Amendments to CCPA Revealed by California DOJ
A third set of proposed modifications to the California Consumer Privacy Act (CCPA) has been released by the California Department of Justice. The California attorney general became authorized to enforce the law on July 1, 2020, and the California Office of...
Increase in LokiBot Malware Activity Leads to CISA Issues Alert
An alert has been released by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) after a noticeable increase in LokiBot malware activity was recorded in the past eight weeks. LokiBot – also referred to as Lokibot, Loki PWS,...
Healthcare Organizations Resources Provided for National Insider Threat Awareness Month
The second annual National Insider Threat Awareness Month (NITAM) has been kicked off frequently, and assistance is being provided being made available to emphasize the importance of tackling insider threats. This event is a group project produced by NITAM and a...
Instagram ‘Illegal Biometric Harvesting’ Leads to California Legal Action against Facebook
In California an accusation that the illegal harvesting the biometric data of over 100 million Instagram users has taken place has resulted in legal proceedings being initiated against Facebook, owner of the image sharing social media platform. The legal action was...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute