Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows 2021 was a record year for healthcare industry data breaches, with 714 breaches of protected health information reported to OCR […]
On May 14, 2021, the Conti ransomware gang conducted a ransomware attack on Ireland’s Health Service Executive (HSE) that resulted in the shutdown of IT systems supporting healthcare across the entire country. The attack resulted […]
The American Hospital Association (AHA) has urged healthcare organizations to review a recent Microsoft blog post that warns of a new malware variant that has been used by an Advanced Persistent Threat (APT) actor to […]
2021 was another record-breaking year for healthcare data breaches. As of December 31, 2021, 686 healthcare data breaches had been reported to the HHS’ Office for Civil Rights that affected 44,993,618 individuals. That number is […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning healthcare providers about a high-severity vulnerability that affects certain Hillrom Welch Allyn cardio products. The vulnerability is an authentication bypass issue, […]
The healthcare and public health sector has been warned to take steps to reduce the risk of cyberattacks exploiting zero-day vulnerabilities. A zero-day vulnerability is a software flaw that has only just been brought to […]
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches […]
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty […]
Several vulnerabilities have recently been identified in medical devices such as insulin pumps, infusion pumps, and pacemakers which could be exploited in malicious attacks that could potentially kill patients and concern is growing about the […]
October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity […]
Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The disruption caused […]
The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk […]
In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible – combining upper- and lower-case letters, numbers and special […]
The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at […]
Four new zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 have been discovered by the U.S. National Security Agency (NSA). These versions of Microsoft Exchange Server must be patched as soon as […]
With the passing, in November 2020, of the California Privacy Rights Act, came a range of new obligations for businesses operating in the State. They must now move swift to make sure that every member […]
In the third quarter of 2020, an alert was released for the healthcare and public health sector in the aftermath of a spike in ransomware activity being identified. The joint CISA, FBI, and HHS cybersecurity […]
In France the data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), has penalised French retail giant Carrefour more than €3m ($3.7m) in relation to a number of breaches of the European Union’s […]
The U.S. National Security Agency (NSA) has issued a cybersecurity advisory warning Russian state-sponsored hacking groups are targeting a vulnerability in VMWare virtual workspaces used to support remote working. The flaw, tracked as CVE-2020-4006, is […]
At the beginning this month the electorate of California voted to pass the California Privacy Rights Act (CPRA), legislation created to further enhance the reach of the California Consumer Privacy Act that become enforceable earlier […]
In Canada Minister of Innovation, Science and Industry Navdeep Bains has introduced the proposed Digital Charter Implementation Act, 2020 which aims to bring the framework up to date for the security of private data in […]
In California the California Privacy Rights Act (CPRA) ballot initiative has been passed after winning the approval of 56% of votes. This means that Californiance Consumers Privacy Act will be amended to incorporate additional rights […]
Microsoft have made a new patch available to address a critical remove code execution flaw in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The flaw is related to how the TCP/IP stack manages Internet […]
A third set of proposed modifications to the California Consumer Privacy Act (CCPA) has been released by the California Department of Justice. The California attorney general became authorized to enforce the law on July 1, […]
An alert has been released by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) after a noticeable increase in LokiBot malware activity was recorded in the past eight weeks. LokiBot – also referred […]
The second annual National Insider Threat Awareness Month (NITAM) has been kicked off frequently, and assistance is being provided being made available to emphasize the importance of tackling insider threats. This event is a group […]
In California an accusation that the illegal harvesting the biometric data of over 100 million Instagram users has taken place has resulted in legal proceedings being initiated against Facebook, owner of the image sharing social […]
A California federal court legal action alleges that Google has been tracking smartphone users’ app activity without adequate authorization in breach of the California Consumer Privacy Act. The legal action that was filed in the […]
A massive phishing campaign which was being operated in 62 countries has been taken down by Microsoft. First spotted by Microsoft’s Digital Crimes Unit (DCU) in December 2019, this particular phishing campaign was trying to […]
The European Court of Justice has today issued a ruling that voids the existing Privacy Shield agreement for data sharing between the European Union and United States due to the fact that it does not […]
Groups that are hit by a ransomware attack may be tempted to pay the ransom to reduce downtime and save on recovery costs, but a survey conducted by Sophos suggests organizations that pay the ransom […]
Last week a group of four four Republican Senators revealed that they are proposing federal privacy legislation that will establish rules in relation to the collation and use of personal information during the Coronavirus pandemic. […]
Due to the COVID-19 Pandemic, many groups have have to quickly set up remote working capabilities for their staff. As a result of this there has been increased potential for cybercriminals to initiate campaigns. Remote […]
Since the COVID-19 pandemic began everything has been moving at breakneck pace and there has been little time to consider how it impacts the European Union’s General Data Protection Regulation (GDPR). It is understandable, and […]
Zoom, a video conferencing software application that has experienced explosive growth due to the social distancing measures introduced globally during the COVID19 crisis, has had a class action lawsuit filed against it in the Northern […]
It is important to remember that, despite the wide-reaching and deep impact the the COVID-19 pandemic, the rights of individuals to have their protection respected are as important and relevant as ever. In recent weeks […]
The Marriott Hotel Group has revealed that it has suffered its third data breach in just over two years and has impacted the private data of up to 5.2m guests. The hotel group that operates […]
Chief Information Security Officer for the World Health Organization Flavio Aggio has revealed that there has been a massive increase in the amount of cyber-attack registered against his group since the COVID-19 Pandemic began. When […]
Hackers, spammers and cybercriminals are always leveraging current events to try and target susceptible Internet, SMS and email users and the coronavirus COVID 19 is no different. In the United States an alerts has been […]
The California Consumer Privacy Act (CCPA), which became enforceable on January 1 2020 has resulted in may Californian-based businesses struggling to ascertain what they must do to achieve compliance with the new legislation. In addition […]
The amount of data breaches that were conducted globally in 2019 was more than in any other previous year, coming in at a total of 7,098 detected breaches. While this might be seen as just […]
In California a state senator in California is submitting proposed legislation which would allow for greater direct supervision in relation to direct genetic testing companies to the consumer. Santa Ana Democratic Senator Thomas Umberg has […]
A newly-published report from the ransomware incident response outfit Coveware indicates that payments completed by ransomware victims grew noticeably during Q4, 2019. The average ransomware payment grew by 200% during Q4, as two of the […]
The FBI has released a TLP:Amber alert as a reaction to a number of cyberattacks involving the ransomware strainsLockerGoga and MegaCortex. The threat actors employing these ransomware variants have been focusing on large enterprises and […]
From today the Californian Consumer Privacy Act becomes enforceable, state-level legislation that obligates companies to alert users of the intent to monetize their data, and give them a simple way of opting out of this. […]
A Colorado IT company that dedicates itself providing managed IT services to dental clinic has been infiltrated with ransomware. Via the company’s systems, over 100 dental clinics have also been targeted and have had ransomware […]
Healthcare groups still deploying Windows 7 and Windows 2008 have a very short amount of time left to upgrade the operating systems before Microsoft support will be discontinued. Support for both operating systems will cease […]
Six flaws have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one fatal flaw that could permit a hacker to obtain access to the Valleylab Energy platform and view/overwrite files and […]
The University of Rochester Medical Center (URMC) has been sanctioned with $3 million HIPAA penalty for not encrypting mobile devices and other HIPAA breaches. URMC is one of the biggest health systems in New York […]
Healthcare groups can create strong defenses to stop cyber criminals from gaining access to sensitive data, but not all threats come from outside the organization. It is also crucial to put in place policies, procedures, […]
Security expert at Armis have discovered 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component implemented in hospital networks and certain medical devices. The flaws were reported to the DHS Cybersecurity and […]
Facebook has taken the move to suspend “tens of thousands” of apps that are in operation on its platform as it continues to try and stem what it suspects is the collection of large amounts […]
The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act […]
A vulnerability has been discovered in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The flaw could be target to take advantage by a locally authenticated user to insert files that could allow the […]
The Government Accountability Office (GAO) has completed a research study of 23 federal bodies and found widespread cybersecurity risk management weaknesses. Federal agencies are targeted by hackers, so it is crucial for security measures to […]
The National Institute of Standards and Technology (NIST) has published a new guide for manufacturers of Internet of Things (IoT) devices to assist them is ensuring that adequate cybersecurity measures are in place so that […]
The European Union’s Competition Commission has initiated an official antitrust investigation to ascertain if Amazon is using sensitive data, gathered from independent retailers who use its marketplace, in breach of EU competition legislation. The Commission […]
The significance consumers place on the privacy and security of their health information has been reviewed in a recent nCipher Security survey. The survey i question was aimed at 1,300 U.S. consumers and looked into […]
The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a warning after a rise in cyberattacks by ‘Iranian regime actors.’ The warning from Christopher C. Krebs came as […]
The Government Accountability Office (GAO) has released the findings of an audit of all federal government systems that operate legacy systems. The focus of the audit was to determine the extent to which legacy software […]
Healthcare cybersecurity’s poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. […]
According to a report released by the International Association of Privacy Professionals (IAPP) and OneTrust, prior to the California Consumer Privacy Act (CCPA) becoming enforceable on January 1, 2020, nearly 50% of all companies will […]
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its […]
Several healthcare groups have asked for leniency to be shown for healthcare organizations that would mean avoiding financial penalties for breaches of protected health information if the breached entity that has implemented certain standards for […]
The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft. Every year the IRS supplies […]
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted […]
The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation. The proposed legislation allows […]
ICS-CERT has released a waring in relation to three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software before version 4.1 are affected by the flaws. If the vulnerabilities […]
North Caroline Attorney General Josh Stein and state representative Jason Saine have introduced a bill to moderize data breach notification laws in the state and increase protections for state residents after an increase in data […]
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, […]
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which […]
Impact of CCPA on Business The Californian Governor Jerry Brown signed the Californian Consumer Privacy Act (CCPA) into law in June 2018. The CCPA has revolutionised the data privacy rights of Californian residents. CCPA offers […]
A new study by the consultancy firm Censuswide has revealed the extent to which employees are being tricked by phishing emails and how despite the danger of a data breaches and regulatory fines, many firms […]
The winners of the Easy EHR Issues Reporting Challenge have been announced by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). At present, reporting EHR safety […]
Florida-based Key Dental Group has made contact with its patients about a suspected HIPAA breach which may have led to the unauthorized release of their protected health information (PHI). After amended its electronic medical record […]
The EU introduced the General Data Protection Regulation (GDPR) in May 2018. Since its implementation, GDPR has changed the way that businesses handle, collect, and process consumer data. It is a landmark piece of legislation […]
According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector. Ransomware attacks on healthcare groups comprised 37% of those managed […]
The U.S. Food and Drug Administration (FDA) has released a warning about flaws in certain Medtronic implantable cardiac device programmers which could possibly be targeted by hackers to alter the functionality of the programmer during […]
The British Standards Institution (BSI) has released the results of a study which show that one in six European business are not sufficiently ready to face the threat of a data breach. This is particularly […]
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) is highlighting awareness of the measures it implements to address cyberthreats within the HHS and the healthcare sector as a whole and […]
Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m. The payment […]
The New York Attorney General has fined the Arc of Erie County $200,000 by breaching HIPAA Rules when it did not secure the electronic protected health information (ePHI) of its customers. The Arc of Erie […]
Several studies have been conducted to assess the cost of cybercrime in the United States, although there is little data on the cost of cyberattacks in Germany. That has been addressed with a recent survey […]
On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. It is thought that this will be the first of many State laws […]
ICS-CERT has released a warning after identifying eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software implemented in Natus Xltek EEG medical products. If the weaknesses are successfully exploited they could allow a hacker […]
The results of a HIMSS survey has revealed that medical device security is a strategic focus for most healthcare groups, yet fewer than 50% of healthcare providers have an approved budget for addressing security weaknesses […]
Towards the end of last week social media giant Facebook revealed it experienced a data privacy breach last week that placed 14 million users of the platform in danger. From May 18 and 27, a […]
An official advisory over weaknesses impacting certain Phillips IntelliVue Patient and Avalon Fetal monitors has been released by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Three weaknesses have been […]
By implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) Standard, healthcare organizations can identify and restrict email spoofing and abuse of their domains; however, relatively few healthcare groups are using DMARC for spam filtering, […]
A recently-published Black Book Research report shows that approximately 90% of healthcare groups have encountered a data violation since Q3 2016, yet IT security investment at 88% of hospitals remains at 2016 figures. This information is […]
The U.S. Food and Drug Administration has released an alert regarding certain Abbott Laboratories implantable cardiac devices that have cybersecurity weaknesses that could possibly be targeted to alter the usability of the devices. A number […]
The National Institute of Standards and Technology published an updated version of its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) on April 16, 2018. The Cybersecurity Framework was first made available on February 2014 and has […]
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has released a new patient guidebook on health record access. The guidebook goes through how patients can access their health data, […]
A recent survey carried out by the Ponemon Institute for ServiceNow has unveiled that healthcare and pharmaceutical companies are not keeping up to date on patching. Weaknesses are not being patched quickly leaving organizations susceptible […]
Verizon has published its yearly Protected Health Information Breach Report which digs deep into the main factors behind the breaches, why they happen, the motivations of internal and external threat actors, and the main dangers […]
Healthcare groups seeking a hosting solution may identify Liquid Web as a possible vendor, but is Liquid Web HIPAA compliant? Can its cloud management services be used by HIPAA-covered bodies for hosting applications and projects […]
The U.S. Office of Personnel Management (OPM) Office of the Inspector General Office of Audits (OIG) has released a Flash Audit Alert claiming Health Net of California has refused to adhere with a recent security audit. Health […]
Over 750,000 businesses are now using Zoom for online video and web conferencing. However, before implementing use of the service it is vital to consider if it adheres to HIPAA Rules for appropriate use by […]
As a document management and storage service for businesses, eFileCabinet provide on-site and cloud storage. However, is the service appropriate for the healthcare sector? Does eFileCabinet adhere with HIPAA rules or will using it lead to […]
Copyright © 2022 ComplianceJunction