Mass General Brigham based in Boston, MA, reported the termination of two employees because of a privacy breach discovered on April 4, 2024. According to the investigation of the health system, the two employees permitted a third person, who wasn't working at Mass...
HPH Sector Warned About Qilin Ransomware Group Attacks
The healthcare and public health (HPH) sector has been cautioned about the Qilin ransomware group that has been attacking healthcare providers because of their dependence on uptime and the sensitive data they maintain. About 7% of ransomware attacks were conducted on...
American Health Information Management Association (AHIMA) Accreditation for ComplianceJunction
ComplianceJunction’s training course, “HIPAA Training for Organizations,” has recently received accreditation from the American Health Information Management Association (AHIMA). AHIMA (American Health Information Management Association) is a global nonprofit...
Adventist Health Resolves HIPAA Violation
California Attorney General Rob Bonta has reported reaching a settlement with Adventist Health Hanford concerning alleged violations of California’s Confidentiality of Medical Information Act (CMIA), the Health Insurance Portability and Accountability Act (HIPAA), the...
Cyberattack on Native American Health Center in California
Native American Health Center (NAHC) is a nonprofit government-qualified health center that provides services to the local community (American Indians and Alaska Natives) in the California Bay Area. The health center encountered a cybersecurity attack on November 19,...
Union Petitions Remediation Steps Following Ransomware Attack on Ascension
The cyberattack on Ascension has led to the shutdown of some hospitals' critical systems for over three weeks. Although Ascension has downtime procedures in place, doctors are under pressure because of the burden of using pen and paper for recording, and many have...
New Cybersecurity Awareness Training For Healthcare Organizations
ComplianceJunction has released a new online training course designed to enhance cybersecurity awareness among front-line staff at healthcare organizations. The course complements existing HIPAA training and provides a comprehensive approach to managing and securing...
Cencora Cyberattack Affects Pharmaceutical Companies
Cencora, Inc. (earlier known as AmerisourceBergen), and its Lash Group affiliate, were impacted by a cyberattack. Cencora reported the incident in a Securities and Exchange Commission (SEC) filing in February 2024. During that time, the scope of the data breach is not...
15 State Attorneys General Questions the American Privacy Rights Act
The American Privacy Rights Act (APRA), the replacement of the American Data Privacy and Protection Act (ADPPA), has been questioned by 15 State Attorneys General who are asking Congress not to move forward with the recommended government data privacy legislation in...
Advisory on Black Basta Ransomware Attacks on Healthcare Organizations
All healthcare and public health (HPH) sector {organizations|providers} received {an alert|a warning} to {apply|employ} mitigations against Black Basta ransomware attacks, {because|since} the ransomware-as-a-service (RaaS) group is attacking the HPH sector. In 2023,...
$163K Penalty for Home Health Agency Recommended After of Home Health Worker Died
The Occupational Safety and Health Administration (OSHA) has recommended penalizing a home healthcare company with $163,627 for allegedly failing to safeguard workers against serious dangers of work violence. OSHA cited New England Home Care Inc., and Jordan Health...
UHG CEO Confronted by Senators in Change Healthcare Cyberattack Hearing
UnitedHealth Group (UHG) CEO Andrew Witty recently gave a testimony at a House subcommittee hearing. The Senators confronted Witty concerning the Change Healthcare ransomware attack and because one-of-three Americans might be impacted. Witty apologized for the...
13.4 Million Individuals Affected by Kaiser Permanente Website Tracker Breach
Kaiser Permanente Health Plan Inc. is informing 13.4 million people about disclosing some of their personal information to third parties including X (Twitter), Microsoft (Bing), and Google due to the use of tracking codes on its web pages and applications. This is the...
Data Breach Reports by American Healthcare Systems, Rutgers Robert Wood Johnson Medical School and Cherry Health Services
American Healthcare Systems and Rutgers Robert Wood Johnson Medical School have spotted email incidents due to the unauthorized access/disclosure of patient information, while Cherry Health Services suffered a ransomware attack. Email Security Incident at Randolph...
Cyberattack on Greylock McKinnon Associates and Group Health Cooperative of South Central Wisconsin
Medicare Data Compromised in Boston Consulting Agency Data Breach A data breach at Boston consulting agency, Greylock McKinnon Associates, Inc., (GMA) affected 341,650 persons. Based on the GMA breach notification, the agency discovered a security incident on May 30,...
West Caldwell Care Center to Pay $100,000 CMP to Settle HIPAA Right of Access Violation
The HHS Office for Civil Rights issued one more financial penalty for a HIPAA Right of Access violation. Essex Residential Care, LLC, also known as Hackensack Meridian Health, West Caldwell Care Center in New Jersey, was directed to pay a $100,000 civil monetary...
Avem Health Partners and Roper St. Francis Healthcare Opted to Settle Data Breach Lawsuits
Avem Health Partners Pays $1.45 Million to Settle Class Action Data Breach Lawsuit Avem Health Partners agreed to pay a $1.45 million settlement to settle claims associated with a 2022 data breach affecting the protected health information (PHI) of 271,303 persons....
63% of Identified Exploited Vulnerabilities are in Hospital Networks
Each regular U.S. hospital has 10 to 15 medical devices, so this means a 1,000-bed hospital can have about 15,000 medical devices, which considerably increases the attack surface. Medical devices may include clinical IoT devices, imaging devices, and surgery devices....
ComplianceJunction HIPAA Training Receives Accreditation from SCCE, Offers 2.6 CEUs to Healthcare Workers
ComplianceJunction's training course, "HIPAA Training for Organizations," has recently received accreditation from the Society of Corporate Compliance and Ethics (SCCE). The SCCE supports compliance and ethics professionals across the industry as part of the...
UnitedHealth Group’s Financial Assistance Program and HIPAA Compliance Investigation of Change Healthcare
Financial Assistance Program Offered by UnitedHealth Group On March 8, 2024, about 2 weeks after the ransomware attack on Change Healthcare, UnitedHealth Group presented a schedule on when it is trying to have its systems and services available. UnitedHealth Group...
Data Breach Reports by Santa Clarita Community College District, Mental Health Center of North Central Alabama, and Cogdell Memorial Hospital
87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, found abnormal activity in its computer network. After securing its network, a third-party cybersecurity agency looked into the...
Green Ridge Behavioral Health Ransomware Attack and Empress Ambulance Service Lawsuit Settlement
Ransomware Attack on Green Ridge Behavioral Health Results in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled an alleged Health Insurance Portability and Accountability Act (HIPAA) violations with a behavioral...
HIPAA Audit Program Review and Approved Texting of Patient Data and Patient Orders
OCR Wants Opinions to Develop HIPAA Audit Program The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is having a HIPAA Audit Review Survey and is looking for comments from entities that need to undertake HIPAA compliance audits to get data...
Teaching Hospital Student Error Exposed PHI for More than a Year
The University of Iowa Hospitals and Clinics (UIHC) notified HHS’ Office of Civil Rights of a data breach attributable to an error by a student employee which exposed the Protected Health Information (PHI) of 5,292 patients to the Internet for more than a year....
Medical Center Settles Alleged Privacy Rule Violations for $80,000
St. Joseph’s Medical Center in Yonkers, NY, has agreed to settle alleged Privacy Rule violations for $80,000 and must comply with a corrective action plan to address the cause of the alleged violations – namely that members of the workforce impermissibly allowed a...
$4.3 Million Settlement of Lawsuit for HIPAA Training Failures to Go Ahead after Appeal
A previously approved $4.3 million settlement of a class action lawsuit for HIPAA training failures and non-compliance with the Security Rule can go ahead after an appeal against the amount deducted for attorneys’ fees was dismissed. In February 2022, Logan Health – a...
Lack of HIPAA Cybersecurity Training Contributes Towards $350,000 Violation Settlement
The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security...
Patients Concerned About Health Information Privacy
An American Medical Association (AMA) patient privacy survey has confirmed that patients are worried that their healthcare data is no longer being kept private and confidential. More must be done to protect medical information and strengthen trust. Virtually every...
New Report Further Strengthens Correlation between Cyberattacks and Increased Patient Mortality
The new report from Proofpoint not only provides further evidence of a correlation between cyberattacks and increased patient mortality but also suggests healthcare organizations are better prepared and more resilient against security incidents. In 2018, Dr. Sung Choi...
OCR Proposes HIPAA Changes to Prohibit PHI Disclosures to Law Enforcement for Abortion Prosecutions
The Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Privacy Rule to strengthen protections for reproductive health care data and bolster patient-provider confidentiality. The proposed update is in response to...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute