Compliance and Regulations
Stay up-to-date of data protection regulations updates and industry compliance standards evolution. Learn about HIPAA, GDPR and data protection laws, compliance requirements specific to your industry, and stay up-to-date on legal developments affecting security practices. Stay inform on notable data breaches and security incidents related.
How Often Do You Have To Do HIPAA Training?
How often you have to do HIPAA training depends on factors such as material changes to HIPAA policies and procedures, the frequency of security awareness training, the outcomes of risk analyses and evaluations, and employers’ … Read more
HIPAA Security Awareness Training
HIPAA security awareness training should have the objective of showing members of the workforce why it is important to protect the confidentiality, integrity, and availability of individually identifiable health information as well as explaining cybersecurity … Read more
OMB’s Review of the Proposed Change to the HIPAA Security Rule
In December 2023, the Department of Health and Human Services (HHS) published its cybersecurity strategy for the healthcare sector, detailing a list of actions to be implemented to improve cybersecurity across the healthcare industry, including … Read more
UMC Health’s EHR System is Back After Ransomware Attack
UMC Health System based in Lubbock, Texas reported the progress of its recovery from the ransomware attack in September. The ransomware attack impacted several systems, including the systems used by Texas Tech Physicians and Texas … Read more
Choosing the Right HIPAA Compliance Software
HIPAA compliance software helps a covered entity deal with the issues of HIPAA by streamlining and automating compliance and undertaking comprehensive risk management processes. Smaller organizations that have less than 100 employees assign the responsibility … Read more
Crossing Borders: International Data Transfers
The European Court of Justice’s July 16th 2020 Schrems II judgment had major implications for the use of US cloud services. Since that case, every US cloud service provider has been obliged to verify the … Read more
Minimum Cybersecurity Standards Proposed in Healthcare Bill
A new bill known as the “Health Infrastructure Security and Accountability Act of 2024,” has been introduced to the U.S. Senate to strengthen cybersecurity standards for healthcare information systems. This legislative proposal aims to implement … Read more
New Bill Tackles Chinese Cyber Threats to US Infrastructure
The U.S. House Homeland Security Committee has introduced new legislation aimed at strengthening the nation’s cybersecurity defences against threats from China. This bill establishes an interagency task force to assess the risks by state-sponsored cyber … Read more
Why Cyberattackers Target Third-Party Vendors
Recent big data breaches that affected third-party vendors like Change Healthcare targeted critical security risk management issues for business associates and vendors. These breaches have proven the necessity of security measures and comprehensive monitoring of … Read more
OSHA’s New Online Database of Reported Severe Workplace Injuries
The Department of Labor’s Occupational Safety and Health Administration (OSHA) has introduced a new online dashboard designed to simplify searching its severe injury report database and tracking workplace injury trends in states under federal OSHA … Read more
HIPAA Compliance on Resume
Including HIPAA compliance on a resume is important for candidates in healthcare, IT, administration, and other fields handling sensitive health information. Including this skill emphasizes an understanding of patient privacy and data protection standards, making … Read more
57% More Active Ransomware Groups in H1 2024
Searchlight Cyber1 reported a 57% increase in the number of active ransomware groups. In H1 of 2023, 46 active ransomware groups were identified from posts on dark web data leak sites compared to 72 active … Read more
Atlantic General Hospital Pays $2.25 Million to Resolve Data Breach Lawsuit
Atlantic General Hospital in Berlin, MD, has proposed a $2.24 million settlement to resolve a class action lawsuit associated with a ransomware attack in 2023. The settlement proposal was given preliminary approval by the court. … Read more
Data Security: Business advantage rather than regulatory burden
What comes to mind first when the words ‘Data security’ are mentioned to most workers? Chances are, it is thoughts of things like; frequent password changes, oversensitive spam folders, the inability to make personal calls … Read more
EPA Urged to Develop a Strategy to Address Cybersecurity Risks in Water Sector
The U.S. water and wastewater systems are dealing with an increasingly serious threat from cyberattacks, which could have lasting consequences for public health and environmental safety. A report from the U.S. Government Accountability Office (GAO) … Read more
Deadman’s Data: Personal data relating to the deceased under GDPR
In effect since May 25th, 2018 the General Data Protection Regulation (GDPR), is a landmark piece of legislation in data protection. GDPR has revolutionized how personal data is managed across the European Union (EU). The … Read more
10 Million Unique Acadian Ambulance Records Stolen by Daixin Team
Acadian Ambulance reported a cyberattack in June 2024 that upset the functionality of selected computer systems. Daixin Team said it was behind the ransomware attack and threatened to release the stolen information to the public … Read more
NextGen Healthcare Faces Legal Battle Over 2023 Data Breaches
Overview of the Data Breaches The health information technology company “NextGen Healthcare”, is currently embroiled in a legal battle following two data breaches that took place in 2023. These incidents exposed sensitive patient information, leading … Read more
$3.4M Settlement Proposed by Nationwide Vision/Sightcare to Resolve Class Action Lawsuit
A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included … Read more
312,000 Patients Impacted by Texas Retina Associates Cyberattack
Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network … Read more
Is it a Violation of HIPAA to Email Medical Records?
It is not a violation of HIPAA to email medical records as long as the reason for emailing PHI is a required, permissible, or excepted reason under the Privacy Rule, as long as the disclosure … Read more
What are the HIPAA Email Rules?
The HIPAA email rules are that email can only be used to send, receive, or store Protected Health Information (PHI) if the reason for PHI being disclosed is consistent with the Privacy Rule, and if … Read more
Sisense Data Breach Impacts About 20,000 Aptihealth Patients
The digital mental health solutions company Aptihealth based in Saratoga Springs, NY has reported the exposure or theft of the protected health information (PHI) of 19,805 patients. It uses its digital platform to provide mental … Read more
512,000 Consulting Radiologists Patients Affected by Cyberattack
Consulting Radiologists is a radiology services firm based in Edina, Minnesota. The companybegan sending personal notifications to approximately 512,000 patients impacted by a cyberattack in February 2024. Consulting Radiologists provides 22 hospitals and clinics with … Read more
Columbia University Irving Medical Center Patient Data Exposed Online
Columbia University Irving Medical Center (CUIMC) submitted a data breach report to the HHS’ Office for Civil Rights on May 6, 2024 indicating that 29,629 individuals were affected. New York-Presbyterian (NYP) and CUIMC were informed … Read more
Ascension Confirms Initial Access Vector and Data Theft During a Ransomware Attack
Ascension has reported the theft of files from a few servers during its latest ransomware attack. Some files included personally identifiable information (PII) and protected health information (PHI). The attackers accessed servers that were employed … Read more
MicroDicom DICOM Viewer Two New High Severity Vulnerabilities
The MicroDicom DICOM Viewer medical image viewer was found to have two high-severity vulnerabilities. One vulnerability can result in arbitrary code execution. The other vulnerability could enable an attacker to get sensitive data, put new … Read more
Legal Basis for Monitoring Healthcare Employees
The monitoring of employees has become an indispensable practice for organizations to guarantee security, productivity, and compliance with regulations. Sensitive patient data is handled in the healthcare sector every day, making the stakes even higher. … Read more
Large Healthcare Companies Need to Improve Cybersecurity Measures
Senate Finance Committee chair, Senator Ron Wyden sent a letter to the Department of Health and Human Services (HHS) through Secretary Xavier Becerra asking big healthcare organizations to improve their cybersecurity protocols. One factor in … Read more
Designed Receivable Solutions Lawsuit Due to 500M-Record Data Breach
Revenue cycle management company, Designed Receivable Solutions based in Cypress, CA, is facing a class action lawsuit associated with a data breach that impacted more or less half a million people. The company detected an … Read more
Health Data of Texas Panhandle Centers Patients Exposed in October 2023 Data Breach
Certified Community Behavioral Health Clinic, Texas Panhandle Centers (TPC) based in Amarillo, TX uncovered unauthorized access to its computer network and the compromise of 16,394 patients’ personal data and protected health information (PHI). TPC, which … Read more
New Reproductive Health Care Privacy Rule Released Under HIPAA
The Final Rule ensures the privacy protection of the health records of women, their members of the family, and physicians who are seeking, getting, offering, or assisting legal reproductive health care. The Biden-Harris Administration and … Read more
Warning Against Different Types of Business Email Compromise Attacks
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) is warning the healthcare and public health (HPH) sector concerning business email compromise (BEC) attacks. BEC attacks refer to a type … Read more
Class Action Suits for Cybersecurity Breaches
What is a class action? Since the 1820 case of West v. Randall, the class action lawsuit has been firmlyestablished as a powerful tool in the federal judicial system of the USA. A class actionenables … Read more
Discovered Vulnerabilities in GE Healthcare Ultrasound Products and in Desktop Windows Manager
11 Vulnerabilities Discovered in GE HealthCare Ultrasound Products About 12 vulnerabilities were discovered in GE HealthCare Vivid Ultrasound devices that threat actors can exploit to access and modify patient information, and possibly install ransomware to … Read more
How to Make ChatGPT HIPAA Compliant
The way to make ChatGPT HIPAA compliant is to deploy anonymizing software between users and the ChatGPT program in order that no Protected Health Information is disclosed to ChatGPT. However, when using this solution, it … Read more
Settlement of Class Action Lawsuits by Gifted Healthcare and Presbyterian Healthcare Services
Settlement Offered to Settle Gifted Healthcare Data Breach Lawsuit Gifted Healthcare has offered to settle a class action lawsuit that claimed negligence for not implementing appropriate cybersecurity steps that resulted in a data breach. The … Read more
PHI Exposed in Tennessee Eye Clinic Network, Somerset Dental Las Vegas and Catholic Medical Center Cyberattacks
BianLian Threat Group Attacks Tennessee Eye Clinic Network Politzer and Durocher, PLC, also called Optometric Physicians of Middle Tennessee (OPMT), submitted a hacking incident report to the HHS Office for Civil Rights that impacted the … Read more
Orrick, Herrington & Sutcliffe Settles Lawsuit and Ernest Health’s Recent Lawsuit
Orrick, Herrington & Sutcliffe Pay $8 Million to Settle Class Action Data Breach Lawsuit The law agency Orrick, Herrington & Sutcliffe based in San Francisco, CA is paying $8 million to settle a class action … Read more
Planned Parenthood Los Angeles Settles Lawsuit and Children’s Healthcare of Atlanta Pixel-Related Lawsuit
Planned Parenthood Los Angeles Settles Class Action Data Breach Lawsuit for $6 Million Reproductive healthcare services provider Planned Parenthood Los Angeles located in Los Angeles County proposed a $6 million settlement to take care of … Read more
Social Media and HIPAA Compliance
The challenge with social media and HIPAA compliance is that covered entities and business associates cannot disclose Protected Health Information unless the disclosure is permitted by the Privacy Rule. This restriction should apply to members … Read more
How to Make Microsoft 365 HIPAA Compliant
The way to make Microsoft 365 HIPAA compliant so it can be used to create, receive, store, or transmit Protected Health Information is to subscribe to a plan that supports HIPAA compliance and configure each … Read more
How to Make Google Workspace HIPAA Compliant
The way to make Google Workspace HIPAA compliant is to subscribe to a Workspace Plan that supports HIPAA compliance, agree to the terms of Google’s Business Associate Addendum, and configure the core services included in … Read more
Credential Harvesting Prevention and Alert Against Volt Typhoon Threat
HHS Offers Guidance on Credential Harvesting Mitigations The Health Sector Cybersecurity Coordination Center (HC3) has given a healthcare and public health (HPH) sector advisory regarding credential harvesting, a frequent tactic employed in cyberattacks on the … Read more
Does Zelle Need to be HIPAA Compliant?
Zelle does not need to be HIPAA compliant before covered entities can use the fund transfer service to collect payments from patients and plan members because of an exemption in HIPAA for payment processors. However, … Read more
Is it Necessary for Ivy Pay to be HIPAA Compliant?
It is necessary for Ivy Pay to be HIPAA compliant if a healthcare provider who qualifies as a HIPAA covered or hybrid entity wants to use the payment processing software for functions that involve uses … Read more
Reports of Cyberattacks and Data Breaches by Valley Oaks Health, Sycamore Rehabilitation Services, Humana Inc., and Jewish Home Lifecare
50,000-Record Data Breach at Valley Oaks Health, Indiana Valley Oaks Health based in Niles, IL recently informed 50,352 persons concerning a breach of its system environment. Unauthorized persons acquired access to sections of its system … Read more
HIPAA Security Audit Requirements
The HIPAA security audit requirements are that covered entities and business associates conduct a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI and implement security measures sufficient … Read more
Does PayPal Need to be HIPAA Compliant to Accept Payments for Healthcare?
PayPal does not need to be HIPAA compliant to accept payments for healthcare due to an exemption in HIPAA that applies to all banks and financial institutions for payment processing. However, banks and financial institutions … Read more
Email Account Breaches Reported by McKenzie County Healthcare System and Maryville Addiction Treatment Centers
Email Account Breach Reported by McKenzie County Healthcare System McKenzie County Healthcare System located in North Dakota has discovered unauthorized access to the email account of a staff member. The breach was discovered on or … Read more