The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a warning after a rise in cyberattacks by ‘Iranian regime actors.’ The warning from Christopher C. Krebs came as tensions are mounting between...
IT Modernization Required at HHS According to Government Accountability Office
The Government Accountability Office (GAO) has released the findings of an audit of all federal government systems that operate legacy systems. The focus of the audit was to determine the extent to which legacy software and systems are in use, and which departments...
Forescout Study: Serious Holes in Healthcare Cybersecurity
Healthcare cybersecurity's poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. 75 global healthcare...
50% of US Organizations Not Prepared for CCPA
According to a report released by the International Association of Privacy Professionals (IAPP) and OneTrust, prior to the California Consumer Privacy Act (CCPA) becoming enforceable on January 1, 2020, nearly 50% of all companies will not be ready to comply with...
14,305 Patients of Main Line Endoscopy Centers Affected by Phishing Attack
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its staff members following a response to a...
Healthcare Associations ask for Leniency for Breached Entities that Implement Cybersecurity Best Practices
Several healthcare groups have asked for leniency to be shown for healthcare organizations that would mean avoiding financial penalties for breaches of protected health information if the breached entity that has implemented certain standards for securing protected...
IRS Warns Everyone to Beware of Tax-Related Phishing Scams
The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft. Every year the IRS supplies provides taxpayers, businesses, and tax professionals...
CCPA and Cybersecurity
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted new rights to...
Are you ready for CCPA?
The California Consumer Protection Act (CCPA) is due to become enforceable on January 1, 2020. Corporations, government agencies and other groups will be using 2019 to prepare for the new legislation. The proposed legislation allows Californian residents the following...
IDenticard PremiSys Access Control System Flaws Discovered
ICS-CERT has released a waring in relation to three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software before version 4.1 are affected by the flaws. If the vulnerabilities are effectively targeted it could...
North Carolina State AG Proposes Stricter Data Breach Notification Laws
North Caroline Attorney General Josh Stein and state representative Jason Saine have introduced a bill to moderize data breach notification laws in the state and increase protections for state residents after an increase in data breaches affecting North Carolina...
CCPA Requirements
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, CCPA has changed how businesses...
California Announces CCPA Public Discussions
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which the public forums were...
CCPA and Businesses
Impact of CCPA on Business The Californian Governor Jerry Brown signed the Californian Consumer Privacy Act (CCPA) into law in June 2018. The CCPA has revolutionised the data privacy rights of Californian residents. CCPA offers new rights to consumers over their data...
Importance of Security Awareness Training Emphasised by Censuswide Study on Phishing Threat
A new study by the consultancy firm Censuswide has revealed the extent to which employees are being tricked by phishing emails and how despite the danger of a data breaches and regulatory fines, many firms are not providing security awareness training to their staff....
Easy EHR Issues Reporting Challenge Winners Announced by ONC
The winners of the Easy EHR Issues Reporting Challenge have been announced by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). At present, reporting EHR safety concerns is a tiresome process that...
Key Dental Group Alerts Patients About Potential HIPAA Violation
Florida-based Key Dental Group has made contact with its patients about a suspected HIPAA breach which may have led to the unauthorized release of their protected health information (PHI). After amended its electronic medical record (EMR) database supplier, Key...
Reports: Ransomware Attacks Rise as Healthcare Sector is Heaviest Hit
According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector. Ransomware attacks on healthcare groups comprised 37% of those managed by Beazley Breach Response...
Medtronic Implantable Cardiac Device Programmers Subjected to FDA Issues Warning Regarding Flaws
The U.S. Food and Drug Administration (FDA) has released a warning about flaws in certain Medtronic implantable cardiac device programmers which could possibly be targeted by hackers to alter the functionality of the programmer during implantation or follow up visits....
Cybersecurity Activities Awareness Highlighted in New HHS OIG Web Page
The Department of Health and Human Services’ Office of Inspector General (HHS OIG) is highlighting awareness of the measures it implements to address cyberthreats within the HHS and the healthcare sector as a whole and is implementing measure to raise transparency of...
Uber Settles Data Breach by Paying $148m
Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m. The payment in question settles the...
Arc of Erie County Fined $200,000 by NY Attorney General for Security Breach
The New York Attorney General has fined the Arc of Erie County $200,000 by breaching HIPAA Rules when it did not secure the electronic protected health information (ePHI) of its customers. The Arc of Erie County, a nonprofit social services agency and chapter of the...
Study Reveals Cost of Cyberattacks in Germany
Several studies have been conducted to assess the cost of cybercrime in the United States, although there is little data on the cost of cyberattacks in Germany. That has been addressed with a recent survey that sought to assess the extent to which German firms are...
California Consumer Privacy Act of 2018 the First State Law Inspired by GDPR
On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. It is thought that this will be the first of many State laws in the United States inspired by European Union's General Data...
Vulnerabilities Discovered in Natus Xltek NeuroWorks Software Leads to Official Warnings
ICS-CERT has released a warning after identifying eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software implemented in Natus Xltek EEG medical products. If the weaknesses are successfully exploited they could allow a hacker to crash a vulnerable device...
HIMSS Survey Reveals Concerns in Relation to Mobile Device Security
The results of a HIMSS survey has revealed that medical device security is a strategic focus for most healthcare groups, yet fewer than 50% of healthcare providers have an approved budget for addressing security weaknesses in medical devices. For the survey, HIMSS...
Facebook Moves Quickly to Address Privacy Error
Towards the end of last week social media giant Facebook revealed it experienced a data privacy breach last week that placed 14 million users of the platform in danger. From May 18 and 27, a technical glitch meant that the privacy settings for new posts was...
Phillips IntelliVue Patient and Avalon Fetal Monitors Weakness Warning Issued
An official advisory over weaknesses impacting certain Phillips IntelliVue Patient and Avalon Fetal monitors has been released by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Three weaknesses have been...
Healthcare Organizations Slow to Adopt DMARC
By implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) Standard, healthcare organizations can identify and restrict email spoofing and abuse of their domains; however, relatively few healthcare groups are using DMARC for spam...
Cyberattacks Lead to Freezing of Healthcare IT Security Budgets
A recently-published Black Book Research report shows that approximately 90% of healthcare groups have encountered a data violation since Q3 2016, yet IT security investment at 88% of hospitals remains at 2016 figures. This information is the result of a survey of...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute