Improve Cyber Resilience with Operation Winter SHIELD
The Federal Bureau of Investigation has issued Operation Winter SHIELD guidance identifying ten actions that organizations can take to improve cyber resilience. Overview Of Operation…
Read MoreHIPAA Enforcement News
Falcon Healthcare Settles Data Breach Litigation
9,542 individuals Affected by Inotiv Ransomware Attack and Data Breach
CarePro Settles Class Action Data Breach Lawsuit for $1.3 Million
MMIS and E&E Systems’ Need to Enhance Security Controls
23andMe’s Settlement of Class Action Data Breach Lawsuit
15 Washington Children’s Hospital Nurses Terminated for Alleged HIPAA Violations
HHS Guidelines on Criminal Referrals for Regulatory Violations
Nurse Lost Her Job and Under HIPAA Violation Investigation for Livestreaming at Work
NIST Privacy Framework Update Includes Recent Cybersecurity Guidelines
The National Institute of Standards and Technology (NIST) has published a draft update on its Privacy Framework to include the most recent cybersecurity rules and…
PHI of 14,000 People Potentially Exposed Due to Hamilton County Breach
Officers at Hamilton County in Tennessee have stated that the protected health information (PHI) of 14,081 people was exposed in a security incident at a…
Infosys McCamish Systems Agrees to $17.5 Million Settlement to Resolve Data Breach Lawsuit
Infosys McCamish Systems agreed to settle multiple class action lawsuits that were filed because of a 2023 ransomware attack. The data breach involved unauthorized access…
Postponed Effective Date of HIPAA Final Rule for Modified Retail Pharmacy Standard
In December 2024, the Department of Health and Human Services released a Federal Register final rule changing the Retail Pharmacy Standards of the National Council…
Vulnerabilities Found in Critical Ivanti Connect Secure Appliances
Ivanti has issued patches for two vulnerabilities found in Connect Secure. The first vulnerability is a critical zero-day remote code execution vulnerability that threat actors…
HC3 Warning Published About Active Credential Harvesting Campaigns
The Health Sector Cybersecurity Coordination Center (HC3) published a new Analyst Note regarding credential harvesting, including an alert concerning an active credential harvesting campaign that…
OSHA’s Proposed Rule on Infectious Diseases Under Review by the White House
The White House Office of Information and Regulatory Affairs is doing one last review of a proposed rule by the Occupational Safety and Health Administration…
Cascade Eye and Skin Centers Pays $250,000 to Settle Alleged HIPAA Violations
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reached a $250,000 settlement with Cascade Eye and Skin Centers, P.C.,…
Verdaka to Pay $2.95 Million Penalty for Alleged FTC Act and CAN-SPAM Act Violations
A $2.95 million financial penalty payment is proposed by the Federal Trade Commission (FTC) for Verkada, a security camera vendor based in California, to settle…
AI Used in 40% of BEC Attacks
According to information provided by the Vipre Security Group, there’s a spike in business email compromise attacks in the previous year and cybercriminals are using…
Mandatory Minimum Cybersecurity Standards for Healthcare Proposed
The healthcare industry is facing more severe and sophisticated cyberattacks. Greater effort is necessary to strengthen protection, attacks will likely keep increasing. These attacks present…
Blackbaud Pays $6.75 Million to Settle Data Breach with California Attorney General
Blackbaud has decided to pay $6.75 million to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and California’s data privacy regulations…
Data Breaches at Superior Air-Ground Ambulance Service and Multnomah County Health Department
858K Individuals Impacted by Superior Air-Ground Ambulance Service Data Breach Superior Air-Ground Ambulance Service provides ambulance and Emergency Medical Services (EMS) in Indiana, Illinois, Michigan,…
2.4 Million Health Insurance Policyholders Affected by WebTPA Data Breach
Administration services provider to medical insurance and benefit plans, WebTPA based in Texas, recently began sending notification letters to 2,429,175 benefit plan members concerning the…
Data Breaches Reported by Ascension, Prudential Insurance Company of America and West Idaho Orthopedics and Sports Medicine
Investigation Of Ascension Cyberattack Ascension, a leading non-profit and Catholic health system in the U.S., has reported the investigation of a supposed cyberattack that has…
Data Breaches at Bay Oral Surgery & Implant Center, Aspire Health Alliance and Designed Receivable Solutions
Wisconsin Dental Surgery Center Email Account Breach Bay Oral Surgery & Implant Center (Bay Oral), a group of oral & maxillofacial dental surgery centers located…
Octapharma Plasma and Kisco Senior Living Cyberattacks and University of Wisconsin Hospitals and Clinics Authority Email Account Breach
OctaPharma Plasma Donation Centers Shut Down While Investigating Ransomware Attack The Swiss pharmaceutical company, Octapharma Plasma, encountered a cyberattack that impacted the systems at 190…
Epic Systems Stops Access for Selected Particle Health Customers Due to Patient Privacy Issues
Epic Systems has shut down access to information for a startup company called Particle Health after it alleged that the company was disclosing patient information…
Cyberattack on Chattanooga Heart Institute, Maxillofacial & Implant Surgery, and Battle Mountain General Hospital
Over 547,000 People Impacted by The Chattanooga Heart Institute Cyberattack on April 2023 The Chattanooga Heart Institute has found out that its April 2023 cyberattack…
Data Breaches Reported by Aveanna Healthcare, UNC Hospitals & School of Medicine, and Otolaryngology Associates
Aveanna Healthcare Email Account Breach Home health and hospice care provider, Aveanna Healthcare based in Atlanta, GA, announced a security breach of its email environment…
Credential Harvesting Mitigations and Warning Against Volt Typhoon Threat
Credential Harvesting Mitigations Shared by HHS The Health Sector Cybersecurity Coordination Center (HC3) has published a healthcare and public health (HPH) sector advisory concerning credential…
Data Breaches Reported by Weirton Medical Center, Plymouth Tube Company, KMJ Health Solutions, and Lake of the Woods County Social Services
Data Breach at Weirton Medical Center in West Virginia Weirton Medical Center based in West Virginia discovered suspicious activity inside its computer system on January…
HSCC’s 5-Year Strategic Plan for Healthcare Cybersecurity and Increased NIST CSF and HCIP Coverage Plan
HSCC’s 5-Year Strategic Program for Strengthening Healthcare Cybersecurity Healthcare cyberattacks are increasing in number and intensity every year. In 2023, around 740 healthcare data breach…
Data breach Reports by Northeast Orthopedics and Sports Medicine, Orlando VA Medical Center, and Kids Care Dental & Orthodontics
177,000 Patients Affected by Northeast Orthopedics and Sports Medicine Breach Northeast Orthopedics and Sports Medicine located in Nanuet, NY recently announced a cyberattack that affected…
Apria Healthcare Faces Lawsuit While Personal Touch Holding Corp Resolves Lawsuit
Apria Healthcare Faces Lawsuit Over HIPAA Violations Indiana Attorney General Todd Rokita is taking legal action against Apria Healthcare for violating the Health Insurance Portability…
ConnectWise ScreenConnect Vulnerabilities Alert and Second Ransomware Attack Victims Surveyed
Vulnerabilities identified in the remote desktop software ConnectWise ScreenConnect are being exploited to deliver a selection of different malicious payloads into enterprise environments. ConnectWise first…
OCR Submits HIPAA Compliance and Data Breaches Report to Congress
The Department of Health and Human Services (HHS) Office for Civil Rights has filed its annual report to Congress about compliance with the HIPAA Privacy,…
Data Brokers Misusing Geolocation Information Investigated
U.S. Senator Ron Wyden (D-OR) wrote to the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) requiring action to safeguard customers and…
Monitoring of Ransomware Practices Needs Improvement According to GAO
The Government Accountability Office (GAO) has discovered that many federal agencies that deal with risk for critical infrastructure sectors have evaluated or intend to monitor…
Cyberattacks and Data Breaches Reported by Navvis & Company and Other Healthcare Providers
462,000 Hawaiians Impacted by the Navvis & Company Data Breach Around 462,000 people who signed up for health plans with the Hawaii Medical Service Association…
Cyberattack on Columbus Regional Healthcare System, Aria Care Partners, and Coastal Hospice & Palliative Care
133K Records Exposed at Columbus Regional Healthcare System Columbus Regional Healthcare System in Whiteville, NC, submitted a report to the Maine Attorney General concerning a…
PHI Exposed at HMG Healthcare, First Choice Dental and Lone Peak Physical Therapy
HMG Healthcare Data Breach Impacts 80,000 People Healthcare services provider HMG Healthcare, LLC based in Texas recently reported the exposure and potential theft of the…
Integris Health Dealing with Multiple Class Action Lawsuits Due to a Cyberattack and Data Breach
Integris Health is facing some class action lawsuits because of a recent cyberattack that resulted in a data breach. Although there’s no confirmation yet from…
ProSmile Holdings, Valley Health System, Texas Behavioral Health Network, and City of Homer Affected by Data Breach
ProSmile Holdings Patients Affected by July 2022 Data Breach Dental service organization ProSmile Holdings, LLC in New Jersey, notified patients on December 22, 2023, regarding…
Data Breach Results in Multiple Lawsuits Against Fred Hutchinson Cancer Center
About 6 lawsuits were filed against the Fred Hutchinson Cancer Center because of a cyberattack and data breach that happened on the Thanksgiving weekend of…