Electronic Frontier Foundation (EFF), a non-profit civil liberties organization, wrote to Attorneys General in Arkansas, Missouri, Florida, and Texas to ask for an investigation of crisis pregnancy centers (CPCs) in their states concerning probable privacy violations...
SonicWall and Apple released patches for critical zero-day vulnerabilities found in their products. Covered entities using these products need to update their HIPAA training to include the implementation of patches or updating the firmware of impacted devices. Threat...
Tennessee Attorney General Jonathan Skrmetti filed a complaint in the U.S. District Court for the Eastern District of Tennessee in Knoxville questioning the lawfulness of the revised HIPAA Privacy Rule passed by the Department of Health and Human Services to reinforce...
The Health and Human Services Commission (HHSC) in Texas discovered multiple agency workers who have violated the HIPAA Privacy Rule. The workers were found to have accessed the information of 61,000 people who acquired agency services with no legitimate work reason...
Comparitech recently publicized a report that showed how much work ransomware groups have been doing. The groups attack networks, encrypt files, and then compel the victims to pay ransom. Comparitech’s analysts found 5,461 ransomware attacks successfully executed in...
The HHS’ Office for Civil Rights (OCR) has reported its first HIPAA enforcement for 2025 to settle alleged HIPAA Rules violations. Electronic medical records and billing support services provider, Elgon Information Systems based in Massachusetts, paid an $80,000...
A dental practice in Indianapolis has consented to pay the Office of the Indiana Attorney General (OIG) a $350,000 financial penalty to settle several alleged violations of national and state legislation associated with an unreported ransomware attack and data breach...
Hypertension Nephrology Associates (HNA) based in Willow Grove, Pennsylvania made a decision to pay $625,000 to resolve a class action litigation that resulted from a data breach in January 2024. HNA discovered unauthorized system access on February 6, 2024 after...
Addiction rehabilitation center American Addiction Centers, Inc. based in Brentwood, TN recently reported a cybersecurity incident that impacted 410,747 present and past patients whose protected health information (PHI) may have been stolen. The notification letter...
In April 2024, the Illinois Department of Human Services (IDHS) suffered an email phishing attack in which several employees were misled into sharing their credentials. The attacker accessed email accounts that included the public assistance account details of over...
A bipartisan bill presented in the Senate requires the Department of Health and Services (HHS) to revise the HIPAA rules to boost cybersecurity throughout the healthcare industry and offer funds to support healthcare organizations with low resources to follow...
The healthcare and public health sector (HPH) issued an alert about a continuing phishing campaign that uses the DocuSign e-signature software to impersonate popular companies. The target of the phishing campaign is to mislead company staff into allowing their billing...
The Critical Infrastructure Security and Resilience Month is celebrated this November. One month is devoted to increasing knowledge of why fortifying critical infrastructure security and resilience is important. The U.S. Cybersecurity and Infrastructure Security...
Microsoft tracked a foreign threat actor called Midnight Blizzard (also known as APT29, Cozy Bear). It is performing a spear phishing campaign attacking companies in several sectors, such as academia, government, defense, information technology, non-governmental...
Several Oracle products are affected by critical vulnerabilities that threat actors are exploiting. The security researchers who discovered the vulnerability named it The Miracle Exploit. This vulnerability affected all Oracle online systems and Oracle Fusion...
Two men from Sudan were accused of their involvement in several cyberattacks on company networks, government organizations, and critical infrastructure organizations in the U.S. They were also connected to the attack on Cedars-Sinai Medical Center located in Los...
Great Expressions Dental Centers decided to resolve a class action lawsuit arising from a 2023 data breach that affected the personal data and protected health information (PHI) of 1,925,397 people. Great Expressions Dental Centers based in Bloomfield Hills, MI, which...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Communications Security Establishment Canada (CSE), the National Security Agency (NSA), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and the Australian Federal...
Gryphon Healthcare has reported a security incident wherein the files of approximately 400,000 people with protected health information (PHI) had been accessed by unauthorized individuals. Gryphon Healthcare based in Houston, TX is a revenue cycle, coding, HIPAA...
Omni Family Health, a healthcare provider with centers across Kings, Kern, Fresno, and Tulare counties in California, has informed patients and staff about the potential theft of their protected health information (PHI) in a recent cyberattack. The organization...
A global law enforcement campaign called Operation Cronos has led to the arrest of four people who are allegedly involved in LockBit ransomware attacks and the shutdown of nine servers tied to the LockBit ransomware network. These actions are included in the third...
The State of Ransomware in Healthcare 2024 report by Sophos revealed that ransomware attacks on healthcare organizations continue to rise, even as incidents in other industries have declined. Across all sectors, the percentage of organizations reporting a ransomware...
The Centers for Medicare and Medicaid Services (CMS) reported a data breach to the Department of Health and Human Services (HHS) that affected 3,112,815 people. This breach, initially announced by CMS and Wisconsin Physicians Service Insurance Corporation (WPS)...
CorrectCare Integrated Health LLC (CorrectCare) settled a class action lawsuit associated with a 2022 data breach impacting approximately 600,000 individuals. The court gave the final approval for the settlement that cost CorrectCare $6.49 million. Third-party...
The lawsuit against IU Health and IU Health Associates filed by Attorney General Todd Rokita of Indiana related to violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA) has been dismissed. The case...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a report detailing the findings from risk and vulnerability assessments (RVAs) conducted across various organizations, including state, local, tribal, and territorial (SLTT) entities,...
The Wisconsin Physicians Service Insurance Corporation (WPS) and Centers for Medicare & Medicaid Services (CMS) are notifying approximately 947,000 people about the compromise of some of their protected health information (PHI) and personally identifiable...
Texas Attorney General Ken Paxton took legal action against the Department of Health and Human Services (HHS) and its Secretary Xavier Becerra, for the alleged legitimacy of a new HHS final rule about reproductive healthcare privacy. The rule, HIPAA Privacy Rule to...
Software solutions provider Young Consulting (also known as Connexure) based in Atlanta services the employer stop-loss insurance industry. It recently encountered a BlackSuit ransomware attack that compromised the medical insurance data of 954,177 persons. The...
Ransomware continues to be a threat in 2024, with recent reports about its persistence, profitability, and evolving tactics. Despite efforts by law enforcement to combat these cyberattacks, ransomware groups show no signs of retreating. A report by blockchain analysis...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute