Many healthcare data breaches are reported each year that involve unauthorized individuals gaining access to electronic protected health information (ePHI) stored on unsecured servers, including on-premises servers and those of cloud service providers. Without proper...
HHS Advises HIPAA Covered Entities to Address Vulnerabilities in PACS Servers
A TLP:White Alert has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) regarding vulnerabilities identified in Picture Archiving Communication Systems (PACS) that hospitals and other healthcare providers and research institutions use for...
HIPAA Breaches Rise by 56% during First Four Months of 2021
The HIPAA breaches reported during April 2021 show a huge increase in the number of data breaches recorded from January to April 2021 compared with the same period in 2020. The amount of HIPAA breach cases recorded during this period has risen by 56% to 201, up from...
Squirrel Hill Health Center & La Clinica de la Raza Infiltrated by Malware Attacks
On January 28, 2021 malware was discovered on databases holding private patient at the data La Clinica de la Raza in Oakland, CA. The clinic is now getting in touch with a range of patients to inform them that their protected health information may have been breached....
Roper St. Francis Healthcare Phishing Attack Impacts Approximately 190,000 People
Roper St. Francis Healthcare has made contact with 189,761 patients to make them aware that a portion of their protected health information was included in the staff employee email account to which access was illegally obtained. In late October 2020 the email security...
Former Member of Staff Causes HIPAA Breach at Northwestern Memorial Hospital
An update on the Departments of Health and Human Services' (HHS) Office for Civil Rights (OCR) breach portal has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a range of patients working at Chicago...
University of Minnesota Physicians & McLeod Health Experience Email Account Breaches
University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the time period between January 30 and January 31, 2020...
Wakefern Food Corporation Settles HIPAA Breach Case with NJ Attorney General for $235,000
Following claims of breaches of federal and state legislation, linked to a data breach involving the protected health information of 9,700 customers of two ShopRite supermarkets in Millville, New Jersey and Kingston NY, Wakefern Food Corporation has agreed to pay...
$48.2 Million In HIPAA Penalties Paid by Anthem to Settles State Attorneys General Data Breach Investigations
Anthem Inc. has come to an agreement to settle actions by state attorneys general in different US states in relation to the 2014 78.8 million record data breach. Along with the $48.2 million financial penalty, Anthem has committed to implementing a number of...
1 Million Impacted in Blackbaud Data Breach
Another four healthcare suppliers have broadcast HIPAA breach alerts in relation to the Blackbaud ransomware attack and data breach. Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had been impacted, an...
Increasing Netwalker Ransomware Attacks Leads to FBI Flash Alert Warning
The Federal Bureau of Investigation (FBI) has released a (TLP:WHITE) FLASH alert following a rise in attacks using Netwalker ransomware. Netwalker is a new threat on the ransomware scene, first spotted in March 2020 after attacks on a transportation and logistics...
Grays Harbor Community Hospital Ransomware Lawsuit May be Settled for $185,000
Following mediation talks, there has been an agreement to a proposed settlement between Grays Harbor Community Hospital and Harbor Medical Group and the representative plaintiff in a proposed class action lawsuit connected to a June 2019 ransomware attack that lead to...
Serious Flaws Discovered in Apache Guacamole Remote Access Software
Several security flaws have been discovered in the remote access system, Apache Guacamole, a system which has been implemented by many companies to allow administrators and employees to access Windows and Linux devices remotely. The system has proven popular since the...
COVID-19 Contact Tracing & Exposure Notification Apps Protected in Bipartisan Bill
A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19. One of three bills introduced, the Exposure Notification Privacy Act is was formulated...
COVID-19 Threat Resources & NSA Cybersecurity Guidance for Teleworkers
The National Security Agency has release cybersecurity guidance for teleworkers to help enhance security when staff are working remotely. The guidance has been made available primarily for U.S. government employees and military service members, but it is also...
Stockdale Radiology and Affordacare Urgent Care Clinics Targeted in Ransomware Attacks
Stockdale Radiology in California has revealed that patient privated data has been compromised due to a ransomware attack that took place on January 17, 2020.An internal review confirmed that the hackers gained access to patients’ first and last names, addresses,...
COVID-19 Pandemic Results in Easing of HIPAA Enforcement by HHS
It has been announced that the Department of Health and Human Services (HHS) will be easing the sanctioning of penalties in relation to specific data privacy breaches during the COVID-19 pandemic. The Notice of Enforcement Discretion applies to breaches of the HIPAA...
156,400 People Have PHI Breached in Personal Touch Home Care Ransomware Attack
The Lake Success, NY-located home health company, Personal Touch Home Care (PTHC), has begun contacting clients to advise them that a ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc. may have resulted in a portion of their...
LabCorp Patients Personal & Health Data Exposed in Website Error
Experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system used by the clinical laboratory network LabCorp. While the system was password protected, the experts discovered found a flaw in the part of...
HIPAA Violation Case Settled Between Ambulance Company & OCR for $65,000
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a $65,000 HIPAA violation settlement has been agreed with West Georgia Ambulance, Inc., to address multiple breaches of Health Insurance Portability and Accountability Act Rules....
130,000-Record Data Breach Results in Legal Action Against Kalispell Regional Healthcare
A legal action is being taken against Kalispell Regional Healthcare in Montana in relation to a phishing attack in which cybercriminals obtained access to employee email accounts including the protected health information of almost 130,000 clients. The impacted email...
Phishing Attacks Warning Issued to Patients of Salem Health Hospitals & Clinics and Delta Dental of Arizona
Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within a day of the accounts being accessed and the...
Sarrell Dental Ransomware Attack IMpacts 391,472 Patients
Sarrell Dental, an Alabama-based not-for-profit Children’s dental and optical service clinic, has suffered a ransomware attack in which the protected health information of its patients may have been infiltrated. Sarrell Dental is the largest dental services clinic in...
NCH Healthcare System Phishing Attack Impacts 73 Email Accounts
A phishing attack on Bonita Springs, FL-based NCH Healthcare System was noticed on June 14, 2019 when suspicious email activity on its payroll database. The investigation indicated that 73 employees had replied to phishing emails and disclosed their account...
111,000 Patients Impacted in Imperial Health Ransomware Attack
A physicians’ network for patients based in Southwest Louisiana called Imperial Health is contacting over 111,000 patients to make them aware that a portion of their protected health information has potentially been illegally obtained as part of a ransomware attack....
25,000 Adirondack Health Patients Impacted by Email Account Hack
Adirondack Health is notifying almost 25,000 patients that a portion of their protected health information has potentially been obtained by a cyber criminal from the Vermont-based organization. The data may have included patients’ names, dates of birth, Medicare ID...
Union Labor Life Insurance Phishing Attack Leads to Exposure of PHI
The Ullico Inc. subsidiary, Union Labor Life Insurance (ULLI), is alerting more than 87,000 plan members that a portion of their protected health information (PHI) has been exposed due to a staff member responding to a phishing email. As is often the case in...
Forescout Study: Serious Holes in Healthcare Cybersecurity
Healthcare cybersecurity's poor state has been emphasised by a recent Forescout study. The study showed the healthcare sector is using legacy software, vulnerable protocols are extensively in use, and medical devices are not properly safeguarded. 75 global healthcare...
25,148 Patients Impacted in Ransomware Attack on the Southeastern Council on Alcoholism and Drug Dependence
A ransomware attack has resulted in widespread file encryption at the Southeastern Council on Alcoholism and Drug Dependence (SCADD) in Lebanon, CT. The attack was discovered on February 18, 2019 when problems started to be noticed with its network. The investigation...
14,305 Patients of Main Line Endoscopy Centers Affected by Phishing Attack
Main Line Endoscopy Centers, a group of outpatient endoscopy facilities based the Malvern, Bala Cynwyd, and Media regions of Pennsylvania, has notices an unauthorized person obtained access to the email account of one of its staff members following a response to a...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute