Mark Wilson
Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022
The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of … Read more
Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack
Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the … Read more
The University of Arkansas for Medical Sciences and Sacramento County Reported Email Breaches
The University of Arkansas for Medical Sciences and Sacramento County recently reported email-related breaches of protected health information (PHI). HIPAA Violation by an Employee of the University of Arkansas for Medical Sciences (UAMS) The University of Arkansas for Medical Sciences … Read more
Accellion Offers $8.1 Million Settlement for Class Action FTA Data Breach Case
The technology company Accellion based in Palo Alto, CA offered an $8.1 million settlement to handle a class action data breach legal action that was submitted on behalf of affected individuals of the attack on the Accellion File Transfer Appliance … Read more
What are the Penalties for HIPAA Violations?
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and … Read more
Millennium Eye Care and Duneland School Corporation Cyberattack
Data of Millennium Eye Care Patients Stolen by Ransomware Gang A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file … Read more
State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach
The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA … Read more
HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect
The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In … Read more
Pharmacy Hospital and Dental Practice Report Hacking Cases Affecting Over 355,000 Individuals
An attacker acquired access to BioPlus Specialty Pharmacy Services, an IT network located in Altamonte Springs, FL. Files containing sensitive patient data were accessed by the attacker. The pharmacy discovered the attack on November 11, 2021, and took prompt action … Read more
OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk … Read more
New Jersey Penalizes Hackensack Healthcare Companies for HIPAA Violations
The New Jersey Division of Consumer Affairs has agreed to resolve a data breach investigation that identified violations of the federal Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act. Regional Cancer Care Associates located … Read more
PHI of 750,000 Oregon Anesthesiology Patients Restored After the Ransomware Attack
On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information. Subsequent to the attack, its IT … Read more
Email Account Breaches Impact PHI of 40,000 Individuals
Three healthcare providers have reported data breaches that affected the email accounts of employees. The occurrences potentially resulted in the exposure and likely theft of the protected health information (PHI) of around 40,000 people. Region IV Area Agency on Aging … Read more
Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association
The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New … Read more
Lifting of Class Certification Order Associated With Data Breach Lawsuit Versus West Virginia University Health System
West Virginia University Health System is dealing with a class-action lawsuit because of a compromise of the protected health information (PHI) of 7,445 patients, however, the Supreme Court of Appeals of West Virginia has lifted the class certification order. The … Read more
HC3 Alerts Healthcare Sector Concerning Threat of Zero-day Attacks
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has published a notification to the healthcare and public health industry concerning a rise in financially inspired zero-day attacks, teaching mitigation strategies that must be implemented to minimize risk to a low … Read more
82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months
Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices … Read more
PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches
The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Persons Exposed Because … Read more
JEV Plastic Surgery & Medical Aesthetics and UNC Health Reported Data Breaches
JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has began sending notifications to 1,620 patients concerning the exposure of some of their protected health information (PHI) because of a security breach. Malware was discovered which granted an … Read more
Ransomware Attacks Reported by Victory Health Partners and Strategic Benefits Advisors
Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information … Read more
42% of Healthcare Companies Have Not Established an Incident Response Plan
Ransomware attacks, hacks, and other IT security problems are the cause of major data breach reports sent to the Department of Health and Human Services’ Office for Civil Rights, although data breaches concerning physical documents are likewise common. The Verizon … Read more
PHI Exposed in Tech Etch Ransomware Attack and UNC Hospitals Data Theft
Tech Etch located in Plymouth, MA makes precision-engineered thin metal pieces, versatile printed circuits, and EMI/RFI shielding. It has reported a ransomware attack that resulted in the potential compromise of the personal data and protected health information (PHI) of present … Read more
Highlighting the Importance of Cybersecurity This Cybersecurity Awareness Month
The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity Information for Businesses One research … Read more
University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach
University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise … Read more
19,000 People Impacted by Ransomware Attack on Directions for Living
The non-profit behavioral health service provider Directions for Living based in Clearwater, FL experienced a ransomware attack last July 17, 2021. When Directions for Living found out about the attack, it let law enforcement and got third-party computer forensics experts … Read more
New Jersey Infertility Clinic Settles HIPAA Violatioin and Diamond Data Breach
A New Jersey infertility clinic has reached a settlement with the state and will pay a $495,000 penalty fee for its violation of the HIPAA and New Jersey laws as it did not implement appropriate cybersecurity action. Diamond Institute for … Read more
CISA Released Insider Threat Self-Assessment Tool
Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to … Read more
What is a HIPAA Subpoena?
Lately, the U.S. Department of Justice has been pursuing healthcare criminal acts and investigations frequently entail the issuance of a HIPAA subpoena. The subpoena pressures HIPAA-regulated entities to give data including patient health records that they are not allowed to … Read more
Data Breaches at Horizon House and Samaritan Center of Puget Sound
Horizon House, Inc. based in Philadelphia, PA provides mental health and residential treatment services. It reported a hacking incident that affected its IT systems resulting in the potential compromise of the protected health information (PHI) of 27,823 people. Horizon House … Read more
Alaska DHSS Claims May 2021 Cyberattack Has Potential Effect on All Alaskans
The Alaska Department of Health and Social Services (DHSS) will commence sending notification letters to all people in the state informing them about the possible exposure of their personal and health data due to a highly advanced cyberattack performed by … Read more
Patient Information Exposed Through Walgreens Covid-19 Test Registration System
The personal records of persons who got a COVID-19 test at a Walgreens pharmacy were exposed on the web as a result of vulnerabilities found in its COVID-19 test registration program. It is at this time not clear how many … Read more
DuPage Medical Group Faces Lawsuit for July 2021 Ransomware Attack
Two DuPage Medical Group patients are filing a lawsuit against the healthcare company subsequent to a July 2021 ransomware attack whereby patients’ protected health information (PHI) was exposed. DuPage Medical Group encountered a ransomware attack in the middle of July. … Read more
NCCoE Publishes Final Cybersecurity Practice Guide on Mobile Application Solo Sign-On for First Responders
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. … Read more
Unauthorized Individuals Accessed CareATC Email Accounts
Population health management firm CareATC based in Tulsa, OK, has learned that unauthorized people have accessed the email accounts of two workers and possibly acquired access to the personal data of patients and workers. CareATC started an investigation on June … Read more
SonicWall Threat Report Indicates Substantial Growth in Ransomware Attacks
SonicWall publicized a Cyber Threat Report update last July, which affirmed a significant rise in cyberattacks beginning 2020. From January to June of 2021, cryptojacking attacks went up by 23%, encrypted threats went up by 26%, IoT attacks increased by … Read more
Contact Tracing Survey Data of 750,000 Hoosiers Disclosed On the Web
The personal information of 750,000 Hoosiers compiled during a COVID-19 contact tracing survey done by the Indiana Department of Health was compromised on the web and downloaded by a firm not approved to gain access to the data. The survey … Read more
UNM Health Data Breach Impacts Over 637,000 Individuals
UNM Health found out that an unauthorized third party acquired access to its system and possibly viewed and copied files from that included patients’ protected health information (PHI). The healthcare provider discovered the security incident on June 4, 2021 and … Read more
Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients
Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an unauthorized medical record access occurrence … Read more
Phishing Attacks at Academic HealthPlans and Wayne County Hospital
Academic HealthPlans, Inc. (AHP) learned that an unauthorized person has obtained access to the email accounts of two workers after they responded to phishing emails. AHP was informed of a potential breach upon detecting suspicious activity in its Microsoft Office … Read more
Record GDPR Penalty of $886 Million Issued to Amazon
The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, 2018, the GDPR has been … Read more
Florida Heart Associates Serving at 50% Capacity for 2 Months Since a Ransomware Attack
Florida Heart Associates based in Fort Myers, FL encountered a ransomware attack on May 19, 2021 and has brought about significant and ongoing interruption to its services. Medical practice is just running at about 50% capacity for two months since … Read more
CaptureRx Confronting Multiple Class Action Lawsuits Due to the Ransomware Attack Impacting 2.4 Million Patients
CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known as CaptureRx, offers IT assistance … Read more
Impact of Elekta Ransomware Attack on Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Confirmed
Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider. Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain … Read more
Kaseya Security Update Resolves Vulnerabilities Exploited in KSA Ransomware Attack
Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers and their clients. The vulnerabilities … Read more
Healthcare Employees Took Legal Action Against Amazon Alleging Alexa Devices Violated HIPAA
Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen for words and phrases that … Read more
Exploit Available for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was called PrintNightmare and is monitored … Read more
Bill Requiring the Texas State AG to Publish Data Breach ‘Wall of Shame’ Gets Approval
The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General. … Read more
UofL Health and Jawonio Report Email Data Breaches
UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address. The healthcare system in Louisville, KY sent breach notification letters to impacted patients on June 7, … Read more
Bipartisan Group of Senators Present Federal Data Breach Notification Bill
A bipartisan group of senators has presented a federal data breach notification law- the Cyber Incident Notification Act of 2021 – that calls for all federal institutions, contractors, and companies that have command over critical infrastructure to report considerable cyber … Read more
Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services
Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such … Read more
