There was a provision included in the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009, for the Department of Health and Human Services to share a portion of HIPAA settlements with those affected by HIPAA breaches. There has...
Aultman Health Foundation Phishing Attack Impacts up to 42,600 Patients
Aultman Health Foundation, which operates Aultman Hospital in Canton, OH, is alerting around 42,600 patients that some of their protected health information may have been accessed due to a phishing attack. Unauthorized and unknown people succeeded in obtaining access...
Healthcare Organizations Slow to Adopt DMARC
By implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) Standard, healthcare organizations can identify and restrict email spoofing and abuse of their domains; however, relatively few healthcare groups are using DMARC for spam...
Release Form for HIPAA
If your organization is governed by some (Business Associates) or all (Covered Entities) of the Privacy Rule, it is necessary to obtain a valid release form for HIPAA compliance before Protected Health Information (PHI) is used or disclosed for a purpose not required...
Minnesota Ransomware Attack Impacts Over 6,500 Patients
Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-based health organization has suffered a ransomware attack that targeted several computers that stored patients’ protected health data. The ransomware attack was identified on March 31, 2018. Patient...
LifeBridge Health Data Breach Affects 538,000 Patients
Baltimore-based healthcare provider LifeBridge Health has revealed, in a press release issued on May 16, that it had encountered a data breach. While the release made no reference to number of patients impacted at the time of it being issued, additional information...
SamSam Ransomware Attack Hits Indiana Physicians Group
A May 17, 2018 ransomware attack that took part of the network belonging to Allied Physicians Group of Michiana out of action following the encryption of several files on its network. At present it remains unclear whether any protected health information encrypted. A...
Data Breach Impacts 2,553 Patients of Eye Care Surgery Center
The protected health information of 2,553 patients of Eye Care Surgery Center, Inc., of Baton Rouge, LA has been stolen following the theft of a A laptop computer containing. The theft in question was noticed by Eye Care Surgery Center on February 26, 2018. While it...
10-Month Exposure of PHI at 8,300 Cerebral Palsy Research Foundation of Kansas Patients Revealed
An error has caused a database utilized by Cerebral Palsy Research Foundation of Kansas (CPRF) to have its safeguard switched off for 10 months, making the protected health information (PHI) of 8,300 patients accessible. The demographic database that was affected was...
17,639 Individuals Notified of Capital Digestive Care PHI Exposure
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that did not have proper security controls, exposing the protected health information of up to 17,639...
17,639 Clients Notified of Capital Digestive Care PHI Exposure
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that dd not have appropriate security controls, exposing the protected health information of up to...
Cyberattacks Lead to Freezing of Healthcare IT Security Budgets
A recently-published Black Book Research report shows that approximately 90% of healthcare groups have encountered a data violation since Q3 2016, yet IT security investment at 88% of hospitals remains at 2016 figures. This information is the result of a survey of...
AWS Costs Reduced by 60% by Tristar Medical Group
Healthcare groups are, more and more, using the cloud to meet their IT requirements, but while there are many benefits to be had from moving applications, infrastructure and data center operations to the cloud, managing cloud costs remains a major Obstacle. Many...
Abbot Laboratories Defibrillator Flaws Alert Issued by FDA
The U.S. Food and Drug Administration has released an alert regarding certain Abbott Laboratories implantable cardiac devices that have cybersecurity weaknesses that could possibly be targeted to alter the usability of the devices. A number implantable cardiac...
1,000 Patients of es Moines Crisis Observation Center have PHI Exposed
Over a period of three and a half years, 1,071 patients of Des Moines Crisis Observation Center, who received medical services at the operated by Polk County Health Services Inc., have been contacted to advise them that some of their protected health information has...
Potential PHI Compromise May Have Impacted 582,000 Patients of California Dept. of Developmental Services
582,174 patients of the California Department of Developmental Services (DDS) is contacting customers to inform them that their protected health information has possibly been compromised. Last February 11, 2018, some people broke into the DDS legal and audits offices...
UnityPoint Health Phishing Attack Compromises Several Employee Email Accounts
It has been discovered that UnityPoint Health employee accounts have been compromised and accessed by unauthorized persons. The employee email accounts were initially accessed on November 1, 2017 and went on for a period of three months until February 7, 2018, when...
Baptist Health Notifies Almost 1,500 Patients That Credit Card Details May Have Been Accessed
It has been discovered that a former employee of Baptist Health’s West Kendall Baptist Hospital in Miami, FL obtained the credit card details of patients and used the data to make fraudulent purchases. The improper use of credit cards was first noticed by Baptist...
Integrated Rehab Consultants Patients Not Made Aware of PHI Breach for 18 Months
Physiatry Group Integrated Rehab Consultants based in Chicago, IL-based is issuing notification letters to impacted patients alerting them of the exposure of some of their protected health information in line with HIPAA requirements. However, the breach was not first...
Middletown Medical Data Breach Impacts 63,500 Patients
A improperly configured security setting on a radiology interface has lead to the exposure of tens of thousands of patients’ protected health data. A multi-specialty physicians’ organization based in Middleton, NY, Middletown Medical, first noticed the misconfigured...
4,000 Patients Notified of Texas Health Resources Email Account Breach
Texas Health Resources, a group providing services to over 1.7 million patients in North Texas, is alerting ‘fewer than 4,000 patients’ that a portion of of their sensitive information may have been obtained by an unauthorized person. The data breach may have happened...
UnityPoint Health Phishing Attack Impacts Several Staff Email Accounts
It has been discovered that a number of email accounts of staff members of UnityPoint Health have been accessed by unauthorized individuals. Staff email accounts were first accessed on November 1, 2017 and went on for a duration of three months, ending on February 7,...
ONC Publishes Patient Guidebook on Health Record Access
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has released a new patient guidebook on health record access. The guidebook goes through how patients can access their health data, offers advice for checking health...
2,100 Chesapeake Regional Healthcare Patients PHI Breached in Hard Drives Theft
Chesapeake Regional Healthcare has found that two hard drives storing the protected health information (PHI) of around 2,100 patients ave gone missing from the Chesapeake Regional Medical Center campus located in Chesapeake, Virginia. The data saved on the devices...
Data Breach Notification and Information Security Laws Refreshed in Oregon
Oregon has reviewed its data breach notification law to enhance protections for state citizens whose personal information is exposed in a data violation. State governor Kate Brown put her signature to Senate Bill (SB 1551) in March, which brings several regulations up...
Poor Patching Practices in Healthcare Revealed on Ponemon Institute Study
A recent survey carried out by the Ponemon Institute for ServiceNow has unveiled that healthcare and pharmaceutical companies are not keeping up to date on patching. Weaknesses are not being patched quickly leaving organizations susceptible to attack. The survey was...
Major Problem with Insider Breaches Proving a Serious Issue in Healthcare Sector: Verizon Report
Verizon has published its yearly Protected Health Information Breach Report which digs deep into the main factors behind the breaches, why they happen, the motivations of internal and external threat actors, and the main dangers to the confidentiality, integrity, and...
$418,000 Fine for Virtua Medical Group for Violations of HIPAA and New Jersey Law
A network of physicians linked to more over that 50 medical practices in New Jersey, Virtua Medical Group, has been hit with a massive financial penalty by the New Jersey Attorney General’s Office for failing to safeguard the privacy of over 1,650 patients whose...
Phishing Attack at CareFirst BCBS Impacts 6,800 Members
A targeted phishing attack carried out on CareFirst Blue Cross Blue Shield has lead to the exposure of 6,800 plan subscriber’ protected health data. The attack was first discovered by CareFirst on March 12, 2018, resulting in a complete review of their systems, which...
Family Members of 14,000 Subscribers Impacted by Data Breach
The Special Agents Mutual Benefit Association (SAMBA) health plan is warning almost 14,000 people in relation to a February 2018 protected health information breach. The data breach targeted eligible family members of clients who were covered by the Federal Employees...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute