Mark Wilson
What Happens In Case a HIPAA Complaint is Filed?
When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming a group health plan member, … Read more
Oakbend Medical Center Experiences Ransomware Attack
During the Labor Day weekend, Oakbend Medical Center based in Richmond, TX, encountered a ransomware attack, which began on September 1, 2022, resulting in the encryption of files in its network. The IT team of the medical center had to … Read more
Henderson & Walton Women’s Center & Genesis Health Care Inc. Report Data Breaches
Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the … Read more
Health-ISAC Releases Guidance to help CISOs Implement Zero Trust Security Architectures
Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has … Read more
2.65 Million Victims of OneTouchPoint Ransomware Attack
The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is … Read more
LastPass Data Breach Results in Source Code Theft
LastPass, the company offering the most widely used password management solution worldwide, reported a cyberattack and security breach. As per LastPass, there are close to 30 million users of its password manager tool globally, which include 85,000 business clients. Notifications … Read more
HC3 Advisory About Growing Vishing Attacks and the Risks of Social Engineering
The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people by malicious actors to advance … Read more
Independent Case Management & Conifer Health Solutions Report Cyberattacks
Independent Case Management (ICM) based in Little Rock, AR, a provider offering home and community-based assistance for persons with mental and developmental handicaps, recently informed 3,307 persons about the potential theft of some of their protected health information (PHI) in … Read more
Florida Orthopaedic Institute to Pay $4 Million to Settle Class Action Data Breach Lawsuit
Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired … Read more
Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona
Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on … Read more
55% of Healthcare Providers Encountered a Third-Party Data Breach in the Past Year
Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, … Read more
Data Breaches Announced by Allegheny Health Network, St. Luke’s Health System, & Goldsboro Podiatry
St. Luke’s Health System based in Boise, ID, has just submitted a data breach report to the HHS’ Office for Civil Rights that affected 31,579 patients. The breach happened in May 2022 at Kaye-Smith, which is a billing vendor of … Read more
Data Breaches Announced by Blue Cross and Blue Shield of Massachusetts and Blue Shield of California
Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has lately affirmed that a data breach at a business associate led to the compromise of the protected health information (PHI) of several of its health plan members. The breach took place … Read more
$500,000 Ransom Payment Seized by the Department of Justice
The U.S Department of Justice made an announcement that it seized approximately $500,000 in Bitcoin from North Korean threat actors that used the Maui ransomware to attack healthcare companies in the U.S.A. The Cybersecurity and Infrastructure Security Agency (CISA) and … Read more
Cyber Safety Review Board Claims Log4j Vulnerabilities Very Prevalent and Will Remain for Years
The Cyber Safety Review Board (CSRB), started by President Biden last February 2022, has released a report about the Log4j vulnerability (CVE-2021-44228) as well as linked vulnerabilities that were identified at the end of 2021. The vulnerabilities have an impact … Read more
President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe
President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare … Read more
Google Tells About New Ways to Secure User Privacy on Healthcare Stuff
Google has reported that it is going to do something to enhance the privacy security for consumers of its services. Google has always favored a complete, national privacy law that covers consumer data to make certain there is reliability all … Read more
Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices
Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of allegations that the mental health … Read more
Fitzgibbon Hospital, Christiana Spine Center, and Diskriter Encounter Ransomware Attacks
On June 25, 2022, a representative of a threat group known as DAIXIN Team shared details with regards to a ransomware attack and information theft incident that occurred at Fitzgibbon Hospital located in Marshall, Missouri. Stolen data was published to … Read more
Patient Data Compromised Due to Data Breaches in 3 HIPAA-Covered Entities
Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. Eye Care Leaders stated it … Read more
ONC and OCR Launch Modified Security Risk Assessment Tool
The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). … Read more
Santa Barbara County Department and Baptist Health Report Cyberattack
Medical Record Breach at Santa Barbara County Department of Behavioral Wellness Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, … Read more
OCR to Create Video on Recognized Security Practices in the HITECH Act
The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate … Read more
Atlassian Announces Fix for Maximum Severity Largely Exploited Vulnerability in Confluence Server and Data Center
Atlassian has developed a patch to resolve a critical zero-day vulnerability that has an effect on all supported models of Confluence Server and Data Center. The vulnerability, which is monitored as CVE-2022-26134 has the highest CVSS severity rating of 10. … Read more
Injured Workers Pharmacy Faces Legal Action Due to Email Account Breach
The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of 75,771 consumers. IWP is a … Read more
Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server
An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, … Read more
Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Atlanta Perinatal Associates
Social Action Community Health System (SAC Health) has lately advised 149,940 patients regarding the theft of documents that contain their protected health information (PHI) in a break-in at an off-site storage place that keep patient records. SAC Health discovered the … Read more
Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach
Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people … Read more
McKenzie Health System & Omnicell Report Cyberattacks
McKenzie Health System in Sandusky, MI, has just begun informing 25,318 individuals regarding the theft of some of their protected health information (PHI) due to a recent security incident that interrupted the operations of a number of its systems. The … Read more
New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies
The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and … Read more
FBI Announcement on BEC Scams Reveals Losses Up to $43 Billion
The Federal Bureau of Investigation (FBI) has released a public service statement cautioning about the risk of Business Email Compromise/Email Account Compromise (BEC/EAC) frauds. The number of attacks documented by the FBI Internet Crime Complaint Center (IC3) and the sum … Read more
Data Breaches Reported by La Casa de Salud and Valley View Hospital
La Casa de Salud, New York The human services organization Acacia Network based in New York City has lately informed the HHS’ Office for Civil Rights regarding an email account breach that was discovered on July 17, 2020. Based on … Read more
HHS Alerts HPH Sector Concerning Insider Threats in Medical Care
A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding … Read more
HHS Alerts the HPH Sector Regarding Hive Ransomware
The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. … Read more
SuperCare Health Faces Lawsuit Concerning 318,000-Record Data Breach
A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March 28, 2022. The incident involved … Read more
Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms
Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when … Read more
Final Guidance on Effective Enterprise Patch Management Published by NCCoE
The National Cybersecurity Center of Excellence (NCCoE) has introduced the finalized versions of two Special Publications that offer guidance on business patch management practices to avoid taking advantage of vulnerabilities in IT solutions. Cybercriminals and nation-state threat actors exploit unpatched … Read more
How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security
The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with 5 or fewer licensed providers … Read more
Dental Practices Penalized for Breach of HIPAA Rules
$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because a patient sent a complaint … Read more
Security Breaches Reported by Chelan Douglas Health District, Liberty of Oklahoma Corporation, and East Tennessee Children’s Hospital
Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. The breach notice posted on … Read more
OCR: HIPAA Security Rule Compliance Could Avert and Mitigate the Majority of Cyberattacks
Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking and also other IT incidents. … Read more
South Denver Cardiology Associates Reports Data Breach Impacting 287,000 Individuals
South Denver Cardiology Associates (SDCA) has recently reported that it experienced a cyberattack in January 2022 that led to the access and possible theft of files that contain patient data by attackers. Strange network activity was noticed on January 4, … Read more
DataHealth, JDC Healthcare Management, and Dr. Douglas C. Morrow Report Hacks and Ransomware Attacks
DataHealth DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the … Read more
HIPAA Policies and Procedures
The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going to be uninformed of how … Read more
PHI of 10,000 Persons Compromised Caused by Houston Health Department Portal Glitch
The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible for roughly 3,500 website users … Read more
Cyberattack Reported by Logan Health Medical Center and NHS Management
Logan Health Medical Center located in Kalispell, MT has recently commenced informing a number of patients that hackers obtained access to a file server that contained patient files in a highly sophisticated criminal attack. The medical center noticed the security … Read more
Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach
Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 … Read more
Deadline for Reporting 2021 PHI Breaches Affecting Fewer Than 500 People
The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit is 60 days since the … Read more
Latest Phishing Kits Used to Bypass Multi-Factor Authentication
Phishing attacks make it possible for threat actors to get credentials, but with multi-factor authentication (MFA), it is tougher for phishing attacks to become successful. With MFA activated, aside from a username and password, an additional way of authentication is … Read more
Data Breaches Announced by Suncoast Skin Solutions, South City Hospital, The Colorado DHS and Raveco Medical
Suncoast Skin Solutions, a network comprised of 22 medical, surgical, and cosmetic dermatological care clinics based in Florida, lately commenced informing 57,730 patients regarding a ransomware attack it uncovered on July 14, 2021. Suncoast stated upon discovery of the attack, … Read more
