The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many months. Regional Cancer Care Associates will pay...
OCR Announces 5 Financial Penalties to Resolve HIPAA Right of Access Investigations
The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. The HIPAA Privacy Rule introduced several new...
New Jersey Imposes $130,000 HIPAA Fine on Two Printing Companies
New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between Acting Attorney General Andrew J. Bruck and...
Important HIPAA Compliance Considerations for Legacy Software and Devices
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches end-of-life and...
New Jersey Fines Infertility Clinic for Multiple HIPAA Violations and Cybersecurity Failures
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty for the New Jersey infertility...
HIPAA and COVID-19 Vaccination Information
The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are a number of misconceptions about...
20th HIPAA Right of Access Penalty Announced by HHS’ Office for Civil Rights
The Omaha, Nebraska-based pediatric care provider Children's Hospital & Medical Center (CHMC) has agreed to pay a $80,000 financial penalty to resolve an investigation into an alleged violation of the Right of Access provision of the HIPAA Privacy Rule. The...
Two Data Breaches at Lake County Health Department Impact 25,000 Patients
In Illinois Lake County Health Department has revealed that it has been impacted by two separate data breaches that could have impacted the protected health information (PHI) of approximately 25,000 patients. The initial breach took place, when a Lake County Health...
Reminder About Compliance with HIPAA Security Rule Information Access Management and Access Control Standards
Many healthcare data breaches are reported each year that involve unauthorized individuals gaining access to electronic protected health information (ePHI) stored on unsecured servers, including on-premises servers and those of cloud service providers. Without proper...
HHS Advises HIPAA Covered Entities to Address Vulnerabilities in PACS Servers
A TLP:White Alert has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) regarding vulnerabilities identified in Picture Archiving Communication Systems (PACS) that hospitals and other healthcare providers and research institutions use for...
HIPAA Breaches Rise by 56% during First Four Months of 2021
The HIPAA breaches reported during April 2021 show a huge increase in the number of data breaches recorded from January to April 2021 compared with the same period in 2020. The amount of HIPAA breach cases recorded during this period has risen by 56% to 201, up from...
Squirrel Hill Health Center & La Clinica de la Raza Infiltrated by Malware Attacks
On January 28, 2021 malware was discovered on databases holding private patient at the data La Clinica de la Raza in Oakland, CA. The clinic is now getting in touch with a range of patients to inform them that their protected health information may have been breached....
Roper St. Francis Healthcare Phishing Attack Impacts Approximately 190,000 People
Roper St. Francis Healthcare has made contact with 189,761 patients to make them aware that a portion of their protected health information was included in the staff employee email account to which access was illegally obtained. In late October 2020 the email security...
Former Member of Staff Causes HIPAA Breach at Northwestern Memorial Hospital
An update on the Departments of Health and Human Services' (HHS) Office for Civil Rights (OCR) breach portal has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a range of patients working at Chicago...
University of Minnesota Physicians & McLeod Health Experience Email Account Breaches
University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the time period between January 30 and January 31, 2020...
Wakefern Food Corporation Settles HIPAA Breach Case with NJ Attorney General for $235,000
Following claims of breaches of federal and state legislation, linked to a data breach involving the protected health information of 9,700 customers of two ShopRite supermarkets in Millville, New Jersey and Kingston NY, Wakefern Food Corporation has agreed to pay...
$48.2 Million In HIPAA Penalties Paid by Anthem to Settles State Attorneys General Data Breach Investigations
Anthem Inc. has come to an agreement to settle actions by state attorneys general in different US states in relation to the 2014 78.8 million record data breach. Along with the $48.2 million financial penalty, Anthem has committed to implementing a number of...
Orthopedic Clinic Agrees to $1.5 Million Settlement to Resolve Multiple HIPAA Violations
The Athens Orthopedic Clinic has agreed to pay $1.5 million and comply with a corrective action plan in order to resolve allegations of multiple HIPAA violations made against the clinic by HHS’ Office for Civil Rights. In June 2016, a journalist working for...
1 Million Impacted in Blackbaud Data Breach
Another four healthcare suppliers have broadcast HIPAA breach alerts in relation to the Blackbaud ransomware attack and data breach. Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had been impacted, an...
Increasing Netwalker Ransomware Attacks Leads to FBI Flash Alert Warning
The Federal Bureau of Investigation (FBI) has released a (TLP:WHITE) FLASH alert following a rise in attacks using Netwalker ransomware. Netwalker is a new threat on the ransomware scene, first spotted in March 2020 after attacks on a transportation and logistics...
Grays Harbor Community Hospital Ransomware Lawsuit May be Settled for $185,000
Following mediation talks, there has been an agreement to a proposed settlement between Grays Harbor Community Hospital and Harbor Medical Group and the representative plaintiff in a proposed class action lawsuit connected to a June 2019 ransomware attack that lead to...
Serious Flaws Discovered in Apache Guacamole Remote Access Software
Several security flaws have been discovered in the remote access system, Apache Guacamole, a system which has been implemented by many companies to allow administrators and employees to access Windows and Linux devices remotely. The system has proven popular since the...
COVID-19 Contact Tracing & Exposure Notification Apps Protected in Bipartisan Bill
A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19. One of three bills introduced, the Exposure Notification Privacy Act is was formulated...
COVID-19 Threat Resources & NSA Cybersecurity Guidance for Teleworkers
The National Security Agency has release cybersecurity guidance for teleworkers to help enhance security when staff are working remotely. The guidance has been made available primarily for U.S. government employees and military service members, but it is also...
Stockdale Radiology and Affordacare Urgent Care Clinics Targeted in Ransomware Attacks
Stockdale Radiology in California has revealed that patient privated data has been compromised due to a ransomware attack that took place on January 17, 2020.An internal review confirmed that the hackers gained access to patients’ first and last names, addresses,...
COVID-19 Pandemic Results in Easing of HIPAA Enforcement by HHS
It has been announced that the Department of Health and Human Services (HHS) will be easing the sanctioning of penalties in relation to specific data privacy breaches during the COVID-19 pandemic. The Notice of Enforcement Discretion applies to breaches of the HIPAA...
156,400 People Have PHI Breached in Personal Touch Home Care Ransomware Attack
The Lake Success, NY-located home health company, Personal Touch Home Care (PTHC), has begun contacting clients to advise them that a ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc. may have resulted in a portion of their...
LabCorp Patients Personal & Health Data Exposed in Website Error
Experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system used by the clinical laboratory network LabCorp. While the system was password protected, the experts discovered found a flaw in the part of...
HIPAA Violation Case Settled Between Ambulance Company & OCR for $65,000
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a $65,000 HIPAA violation settlement has been agreed with West Georgia Ambulance, Inc., to address multiple breaches of Health Insurance Portability and Accountability Act Rules....
130,000-Record Data Breach Results in Legal Action Against Kalispell Regional Healthcare
A legal action is being taken against Kalispell Regional Healthcare in Montana in relation to a phishing attack in which cybercriminals obtained access to employee email accounts including the protected health information of almost 130,000 clients. The impacted email...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute