Mark Wilson
HSCC Requests Biden to Give Financing to Strengthen Cybersecurity Posture of the Medical Industry
The Healthcare and Public Health Sector Coordinating Council (HSCC) has prompted President Biden to give more funds and support to strengthen the cybersecurity posture of the medical care industry to boost toughness against cyberattacks. In the latest letter given to … Read more
Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients
Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked … Read more
Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage
The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months where cyberattacks were reported at … Read more
420,433 People Affected by Health Plan of San Joaquin Email Security Breach
Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely viewed or obtained sensitive data. … Read more
Is it a HIPAA Violation to Require Confirmation of Vaccine Status?
There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence of being vaccinated against COVID-19 … Read more
Ransomware Gangs Use New Triple Extortion Tactics
After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and … Read more
President Biden Signs Expansive Executive Order to Enhance Federal Networks Cybersecurity
On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and present a cyber threat response … Read more
PHI Compromised Because of the University of Florida Health Shands, St. John’s Well Child and Family Center and St. Paul’s PACE Breaches
University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission. The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the worker’s access to medical documents … Read more
NIST Wants Feedback on Designed Updates to HIPAA Security Rule Implementation Guidance
The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of the guidance that ought to … Read more
Three Actively Exploited Zero-Day Vulnerabilities in SonicWall Email Security
Three zero-day vulnerabilities were found in SonicWall Email Security solutions are being actively exploited in the wild by one or more threat actors. The vulnerabilities may be chained to obtain admin access to enterprise systems and do code execution. SonicWall … Read more
Higher Ransom Payment Due to Accellion FTA Data Exfiltration Extortion Attacks
The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of 2021 were healthcare ransomware attacks, … Read more
Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare
The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services … Read more
Montefiore Medical Center Staff Laid Off and Belden Class Action Lawsuit
Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have accessed patient health records without … Read more
Hackers Stole the PHI of Over 200,000 Washington D.C. Health Plan Members
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted Health Plans, discovered a breach … Read more
What is Texas HB 300?
What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. What is Texas HB 300? … Read more
Over 1.2 Million Health Net Members Impacted by Cyberattack on Accellion
A number of healthcare companies have lately affirmed they were impacted by the Accellion cyberattack last December 2020. The attack was connected to the Clop ransomware gang since its leak website had published parts of the stolen data from the … Read more
Data Breaches at Mobile Anesthesiologists Patients, Haven Behavioral Healthcare and Heart of Texas Community Health Center
Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, and allowed public access of … Read more
UPMC and Charles Hilton and Associates Charged With Class Action Lawsuit Due to 36,000-Record Breach
University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages … Read more
Data Breaches at California Department of State Hospitals and Eyemart Express
The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology job and got access to … Read more
Data Breaches at New London Hospital, Child Focus and Orlando Health South Lake Hospital
New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. A third-party cybersecurity agency helped … Read more
Phishing Attack on Saint Alphonsus Health System, Saint Agnes Medical Center and Southeastern Minnesota Center for Independent Living
Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus detected … Read more
Virginia Consumer Data Protection Act Approved
Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will be effective on January 1, … Read more
PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management
Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, … Read more
Online Storage Vendor Pays Ransom to Retrieve Healthcare Data Stolen During Cyberattack
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care services provider received notification on … Read more
100% of Screened mHealth Applications Prone to API Attacks
The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by cybersecurity agency Approov. Ethical hacker … Read more
$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case
The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of … Read more
Ransomware Attacks on Ramsey County and Crisp Regional Health Services and Vulnerability in Vaccine Scheduling Application
The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a ransomware attack on its vendor … Read more
Brandywine Urology Consultants Data Breach Lawsuit Dismissed Because of Lacking Evidence of Harm
The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of the breach. Brandywine Urology Consultants … Read more
Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches
The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third … Read more
$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case
Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 … Read more
Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network
Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late October 2020. The subsequent investigation … Read more
Emisoft Reports No Less Than 560 Ransomware Attacks on U.S. Healthcare Facilities in 2020
Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 … Read more
Twitter Paid $544,000 Penalty for its GDPR Data Breach Violations
Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last January 2019. On January 8, … Read more
OCR to Have Enforcement Discretion in Relation to the Use of Internet or Cloud-based Scheduling Software for COVID-19 Vaccination Sessions
The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the event of HIPAA rules violations … Read more
M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. Anderson Cancer Center. The Civil … Read more
Advantages of Healthcare Text Messaging Emphasized by New Analysis
Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a … Read more
HIPAA Alliance Market Equals Healthcare Companies With HIPAA-Compliant Trade
A new platform which simplifies the procedure of searching for HIPAA-compliant business associates has been launched this week. The HIPAA Alliance Market has been developed to match up HIPAA covered objects with reliable dealers that have been impartially confirmed as … Read more
Highmark BCBS of Delaware Probes Data Break Impacting 19K People
Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of … Read more
$475K Settlement for Late HIPAA Break Notice
The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded … Read more
108 L.A. County Workers Impacted by Phishing Attack – 756K Affected
The County of Los Angeles took some time to publicize it was the sufferer of a big phishing attack, particularly bearing in mind the attack was found out within a day of the May, 2016 break. However, the announcement had … Read more
OCR Alerts Protected Bodies of Danger of DDoS Attacks
Over the past few weeks, there has been a rise in Denial of Service (DOS) and Distributed Denial of Service (DDoS) assaults. The assaults include inundating systems with requests and information to affect those systems to collapse. The attacks have … Read more
UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches
The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent … Read more
Seguin Dermatology Declares Ransomware Assault ePHI Access Possible
Texas-centered Seguin Dermatology has begun notifying patients of a ransomware assault that has likely led to electronic protected health information being wrongly accessed. The assault happened around or on September 12, 2016, and affected a computer network used by the … Read more
Kaiser Permanente Alerts Members of ePHI Revelation
Kaiser Permanente is alerting a few of its associates of a website formation mistake that led to the revelation of a few of their safeguarded health information. Luckily, the mistake was swiftly known and ePHI was just revealed for about … Read more
Operations Annulled After 3 UK Hospitals are Paralyzed by Computer Infection
Cyberattacks on healthcare suppliers in the U.S. are happening at a frightening speed; nevertheless, it’s not just U.S healthcare companies which are targeted by cybercriminals. During the weekend, a big security case was informed by a National Health Service Trust … Read more
Analysis Emphasizes Danger of PHI Revelation from Unencrypted Healthcare Pagers
Several healthcare suppliers have now changed from pagers to more safe types of communication. Safe text messaging platforms permit safeguarded health info to be communicated swiftly and efficiently between doctors and care team associates. Those platforms include the necessary safety … Read more
St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case
The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement … Read more
OCR Alerts of FTP Weaknesses in NAS Appliances
The Division of Health and Human Services OCR has released a notice to HIPAA protected bodies as well as their business associates of a surge in assaults on network attached storage (NAS) appliances. The appliances are being assaulted using a … Read more
Assistance on HIPAA as well as Cloud Computing Released by HHS
The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the … Read more
Main Ohio Urology Consortium Notifies 300K Patients of PHI Thievery
Patients of Central Ohio Urology Consortium whose safeguarded health information was thieved and displayed live in August have now been informed of the safety break. Although it’s not sure precisely when the hack happened, the data thieved in the cyberattack were put … Read more
