HIPAA Updates

The Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Privacy Rule to strengthen protections for reproductive health care data and bolster patient-provider confidentiality. The proposed […]

The Secretary of the Department of Health and Human Services will not be renewing the COVID-19 Public Health Emergency (PHE), which is set to expire at 11:59 pm on May 11, 2023. That means the […]

The Department of Health and Human Services’ Office for Civil Rights received more than 51,000 complaints in 2022 about violations of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic […]

A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified […]

The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty […]

President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion […]

Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court […]

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to […]

Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. […]

A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and […]

In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices […]

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible […]

HHS’ Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications […]

The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement […]

The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put […]

Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra […]

The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) […]

The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many […]

The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. […]

New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between […]

The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are […]

The Omaha, Nebraska-based pediatric care provider Children’s Hospital & Medical Center (CHMC) has agreed to pay a $80,000 financial penalty to resolve an investigation into an alleged violation of the Right of Access provision of […]

In Illinois Lake County Health Department has revealed that it has been impacted by two separate data breaches that could have impacted the protected health information (PHI) of approximately 25,000 patients. The initial breach took […]

Many healthcare data breaches are reported each year that involve unauthorized individuals gaining access to electronic protected health information (ePHI) stored on unsecured servers, including on-premises servers and those of cloud service providers. Without proper […]

A TLP:White Alert has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) regarding vulnerabilities identified in Picture Archiving Communication Systems (PACS) that hospitals and other healthcare providers and research institutions use for sharing […]

The HIPAA breaches reported during April 2021 show a huge increase in the number of data breaches recorded from January to April 2021 compared with the same period in 2020. The amount of HIPAA breach […]

On January 28, 2021 malware was discovered on databases holding private patient at the data La Clinica de la Raza in Oakland, CA. The clinic is now getting in touch with a range of patients to […]

Roper St. Francis Healthcare has made contact with 189,761 patients to make them aware that a portion of their protected health information was included in the staff employee email account to which access was illegally […]

An update on the Departments of Health and Human Services’ (HHS) Office for Civil Rights (OCR) breach portal has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a […]

University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the […]

Following claims of breaches of federal and state legislation, linked to a data breach involving the protected health information of 9,700 customers of two ShopRite supermarkets in Millville, New Jersey and Kingston NY, Wakefern Food […]

Anthem Inc. has come to an agreement to settle actions by state attorneys general in different US states  in relation to the 2014 78.8 million record data breach. Along with the $48.2 million financial penalty, […]

Another four healthcare suppliers have broadcast HIPAA breach alerts  in relation to the Blackbaud ransomware attack and data breach. Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had […]

The Federal Bureau of Investigation (FBI) has released a (TLP:WHITE) FLASH alert following a rise in attacks using Netwalker ransomware. Netwalker is a new threat on the ransomware scene, first spotted in March 2020 after […]

Following mediation talks, there has been an agreement to a proposed settlement between Grays Harbor Community Hospital and Harbor Medical Group and the representative plaintiff in a proposed class action lawsuit connected to a June […]

Several security flaws have been discovered in the remote access system, Apache Guacamole, a system which has been implemented by many companies to allow administrators and employees to access Windows and Linux devices remotely. The […]

A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19. One of three bills introduced, the Exposure […]

The National Security Agency has release  cybersecurity guidance for teleworkers to help enhance security when staff are working remotely. The guidance has been made available primarily for U.S. government employees and military service members, but […]

Stockdale Radiology in California has revealed that patient privated data has been compromised due to a ransomware attack that took place on January 17, 2020.An internal review confirmed that the hackers gained access to patients’ […]

It has been announced that the Department of Health and Human Services (HHS) will be easing the sanctioning of penalties in relation to specific data privacy breaches during the COVID-19 pandemic. The Notice of Enforcement […]

The Lake Success, NY-located home health company, Personal Touch Home Care (PTHC), has begun contacting clients to advise them that a ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc. may have resulted […]

Experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system used by the clinical laboratory network LabCorp. While the system was password protected, the experts discovered found […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a $65,000 HIPAA violation settlement has been agreed with West Georgia Ambulance, Inc., to address multiple breaches of Health Insurance Portability […]

A legal action is being taken against Kalispell Regional Healthcare in Montana in relation to a phishing attack in which cybercriminals obtained access to employee email accounts including the protected health information of almost 130,000 […]

Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within […]

Sarrell Dental, an Alabama-based not-for-profit Children’s dental and optical service clinic, has suffered a ransomware attack in which the protected health information of its patients may have been infiltrated. Sarrell Dental is the largest dental […]

A phishing attack on Bonita Springs, FL-based NCH Healthcare System was noticed on June 14, 2019 when suspicious email activity on its payroll database. The investigation indicated that 73 employees had replied to phishing emails […]

A physicians’ network for patients based in Southwest Louisiana called Imperial Health is contacting over 111,000 patients to make them aware that a portion of their protected health information has potentially been illegally obtained as […]

Adirondack Health is notifying almost 25,000 patients that a portion of their protected health information has potentially been obtained by a cyber criminal from the Vermont-based organization. The data may have included patients’ names, dates […]

The Ullico Inc. subsidiary, Union Labor Life Insurance (ULLI), is alerting more than 87,000 plan members that a portion of their protected health information (PHI) has been exposed due to a staff member responding to […]

A ransomware attack has resulted in widespread file encryption at the Southeastern Council on Alcoholism and Drug Dependence (SCADD) in Lebanon, CT. The attack was discovered on February 18, 2019 when problems started to be […]

UConn Health is making contact with almost 326,000 clients that some of their personal data was accessible due to a phishing attack on some of its staff members. UConn Health discovered the phishing breach on […]

Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) illegally obtains in a  hacking attack in 2014 have been offered compensation in relation to the violation of their private Private Health […]

A ransomware attack that has possibly resulted in the theft of plan subscriber’ protected health information has been reported by a business associate of Blue Cross Blue Shield of Michigan. This is the second recent data […]

After an employee set up a mail forwarder to broadcast emails to a personal email account, Choice Rehabilitation of Creve Coeur, MO has discovered an unauthorized person illegally logged into a that corporate email account. […]

A phishing attack has potentially been compromised  the private personal data of 8,400 patients of the Humana-owned Family Physicians Group in Orlando who are are being notified as a result of the breach. Family Physicians […]

Notification are being sent to existing and former patients of the Dental Center of Northwest Ohio in Toledo to advise them that some of their protected health information may have been exposed due to a […]

Following the installation of ransomware and malware on a server belonging to Mind & Motion Developmental Centers of Georgia, it has been revealed that the group responsible which may have been able to access to […]

Almost 48,000 patients and guarantors may had their the payment information compromised Baylor Scott & White Medical Center in Frisco in a privacy breach which was noticed recently. The medical center, which is jointly operated […]

6,450 patients of Prairie Fields Family Medicine based in Fremont, NE are being made aware that their protected health information may have been compromised after it was included in an unencrypted spreadsheet that was sent […]

Cancer Centers of America’s Western Regional Medical Center, located in Bullhead City, has revealed that a staff email account has been hacked following a phishing email attack. The phishing email seems to have been broadcast […]

Georgia Spine and Orthopaedics of Atlanta (GSOA) is contacting thousands of patients to make them aware that some of their protected health information has been made accessible, and possibly stolen, due to a phishing attack. […]

AccuDoc Solutions Inc., a supplier of healthcare billing services, has discovered a major data privacy breach in which the protected health information of 2,650,000 patients of Atrium Health was accessed by hackers. Morrisville, NC-based AccuDoc Solutions […]

FHN Healthcare, which runs FHN Memorial Hospital in Freeport, IL, and a group of family healthcare centers located in northwest Illinois, has discovered that a laptop computer storing the protected health information of 4,458 clients […]

In October, the Centers for Medicare & Medicaid Services (CMS) revealed that the HealthCare.gov online portal had been hacked and the sensitive data of around 75,000 individuals had possibly been obtained. This week, the CMS […]

Vancouver, Washington, based Southwest Washington Regional Surgery Center has been hit by a phishing attack that has lead to the exposure of 2,393 patients’ protected health information. The breach was restricted to a single staff […]

Virginia based Inova Health System has started to contact 12,331 patients to advise them that some of their protected health information has been obtained by an unauthorized person. Law enforcement contacted Inova Health System on […]

Upstate University Hospital in Syracuse, NY, is getting in touch with 1,216 patients to advise them that some of their protected health information (PHI) has been impermissibly accessed by a former member of staff. Upstate […]

Around 10,000 patients of Raley’s Pharmacy are being contacted to inform them that some of their protected health information (PHI) has potentially been impacted in a data breach. On September 24, 2018, a laptop computer […]

Jones Eye Clinic and its affiliated surgery center, CJ Elmwood Partners, L.P, in Sioux City, IA has revealed that the protected health information of up to 40,000 of its patients may have been compromised.The private […]

Michigan Medicine is contacting over 3,600 patients to make them aware of an impermissible disclosure of a restricted amount of their protected health information. In early September 2018, the Michigan Medicine Development Office initiated a […]

Biomarin Pharmaceutical, based in Novato, CA-based has discovered two staff email accounts have been compromised due to a phishing attack in which a non-permanent employee’s login details were obtained by the hacker. The attack was […]

Letters have been mailed to approximately 21,000 individuals on medical assistance by the Minnesota Department of Human Services to alert them of a potential breach of their protected health information (PHI) due to two phishing […]

A data breach, that saw the highly sensitive protected health information of 93 lower-income HIV positive individuals stolen by unauthorized individuals, will go to trial after a lawsuit submitted by Lambda Legal on behalf of […]

A not-for-profit 115-bed community hospital in Ogdensburg, NY, Claxton-Hepburn Medical Center has sacked several employees for accessing patient health records without official permission.The PHI breaches were identified during an internal review. It is not yet obvious […]

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is contacting 1,567 plan subscribers that a portion of their protected health information has been impermissibly made accessible by one of its business partners. A BCBSRI vendor […]

A former staff member of the emergency department of Brooklyn’s Kings County Hospital is accused of stealing the protected health information of at least 100 patients while employed there. The same person is accused of […]

Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) was hit by a ransomware attack on June 30 this year. File-encrypting software was uploaded to an FDIP server and encrypted a wide range of file types […]

Reliable Respiratory, a Norwood, MA-based respiratory care organisation has been subjected to a phishing attack that has impacted several thousand of its clients. A cyberattack was first noticed on July 3, 2018, after the detection […]

The New Mexico Department of Health is trying to ascertain how the private medical records of some of its clients came to fall from a truck while being taken from the hospital to a secure […]

A mailing mistake that was sent to Missouri Care subscribers reminding them to reserve well-child visits has resulted in the accidental disclosure of the personal data of approximately 20,000 children to other Missouri Care subscribers. […]

Authentic Recovery Center, a West Los Angeles-based drug and alcohol treatment center, is contacting 1,790 clients to inform them that some of their personally identifiable information (PII) and protected health information (PHI) may have been […]

A survey carried out by Ovum for analytics firm FICO has pointed to the fact that there has been a sharp rise in companies signing up for cybersecurity insurance, but the healthcare sector in general […]

Central Colorado Dermatology (CCD) has made contact with over 4,000 clients that some of their protected health information (PHI) has possibly been obtained by cyber criminals during a ransomware attack on its IT systems. An […]

InterAct of Michigan, a provider of mental health and substance abuse treatments through health centers in Kalamazoo and Grand Rapids, has found an unauthorized person has obtained access to the email account of a staff […]

Over 258,000 people have had their personal health information, personal identification information and/or tax information accessible online due to a data security incident in Adams County, Wisconsin. A possible security breach was discovered on March […]

A group of urgent care clinics in Atlanta, Chicago, Austin, Dallas, Fort Worth, and Houston, MedSpring Urgent Care has identified a breach that occurred when an unauthorized individual has gained access to an email account […]