Oregon State Hospital Email Account Compromised by Phishing Attack
Oregon State Hospital is preparing to notify patients that their protected health information (PHI) may have been compromised due to an employee responding to a…
Read MoreHIPAA News
Email Error Exposes PHI of 7,600 Independent Health Plan Members
CynergisTek Report Reveals Healthcare Organisations’ Failure to Comply with HIPAA Rules
Business Associate Data Breach Exposes Burrell Behavioral Health Patient Data
Maffi Clinics Arizona Experiences Ransomware Attack
Hospital Fires Staff for Snooping on Jussie Smollett’s Medical Records
IT Error Exposes 974,000 UW Medicine Patient Files
Anesthesia Associates of Kansas City Reports Theft of Surgery Schedules
Warning Issued Over Dräger Infinity Delta Patient Monitoring Devices
Credit Card Details Compromised in BJC Security Incident
BJC HealthCare have announced that the details of nearly 6,000 credit cards were compromised following a cybersecurity incident. BJC HealthCare, based in Missouri, discovered the…
Mind & Motion Centers Announces Ransomware Attack on Servers
Mind & Motion Developmental Centers have revealed that they have been the victims of a ransomware attack on their servers. Mind & Motion Developmental Centers,…
Over 1,800 Files Compromised in Metrocare Phishing Attack
A North Texas mental health services provider has announced that the sensitive files of over 1,800 patients have been compromised in a phishing attack. Metrocare…
Former Employee of Chilton Medical Center Sentenced in Equipment Theft Case
A former IT worker at a New Jersey medical centre has been sentenced to 5 years’ probation for the theft of IT equipment that stored…
Nurse Fired for Posting Details of Child’s Measles Diagnosis Online
A paediatric nurse at Texas Children’s Hospital has been fired after she posted details about a toddler’s measles diagnosis on an anti-vaxxer Facebook page. Posting…
New York Non-Profit Fined $200,000 for HIPAA Violation
The Arc of Erie County, a non-profit agency that supports children and adults with disabilities based in Buffalo, NY, was levied a $200,000 fine by…
Missouri Care Experiences Second Breach of PHI due to Mailing Error this Year
The protected healthcare information of nearly 20,000 children enrolled in the Missouri Medicaid Plan has been exposed due to a mailing error. The PHI was…
Legacy Health Falls Victim to Phishing Attack
Legacy Health, a non-profit hospital system based in Portland, Oregon, has recently announced that approximately 38,000 of their patients have had their protected health information…
Democrat Lawmakers Accuse Oklahoma VA of HIPAA Violations
Three Democrat lawmakers have accused the Oklahoma Department of Veteran Affairs of breaching the Health Insurance Portability and Accountability Act (HIPAA) by allowing their staff…
OCR Newsletter Emphasises Need for Secure Disposal of Electronic Devices
The Department of Health and Human Services’ Office for Civil Rights took the opportunity to remind HIPAA covered entities, which includes healthcare providers, health plans,…
HHS Secretary Azar Announces HIPAA Updates
While addressing the Heritage Foundation in earlier this month, Secretary of the Department of Health and Human Services (HHS), Alex Azar, announced that the HHS…
Flowers Offers to Settle with Data Breach Victims After A Four Year Legal Battle
A four year legal battle between victims of identity theft and a former employee at the Flowers Hospital of Dothan, Alabama, is approaching its end….
Nursing Home Employees Fired for Violating HIPAA Regulations
It has been revealed that employees at Thompson Health’s M.M. Ewing Continuing Care Center in Canandaigua, New York, have been caught breaching HIPAA privacy regulations…
Aetna Survey Results Reveal the Priorities of Healthcare Consumers
Aetna Inc., a Fortune 500 health insurance company, recently released the results of their “Health Ambitions Study”. The primary aim of the research was to…
Former Healthcare Worker Sees Jail Time for Violating HIPAA Rules
On June 29, 2018, the Department of Justice announced that a former patient information coordinator has been indicted by a federal grand jury for violations…
District Court Judge Confirms No Private Cause of Action for HIPAA Violations
The District court has ruled that patients have no right to take legal action for HIPAA violation. That is to say that there is no…
A Dozen Staff Members Suspended from Washington Health Systems Following HIPAA Violation
Washington Health Systems has suspended several of their staff members following allegations that they accessed patient health records without authorisation. The privacy breach is currently…
Results of Survey on Use of Mobile Technology by Healthcare Professionals Released
A recent survey on the use of mobile technology in medical situations has shown that 90% of hospitals and 94% of physicians have adopted mobile…
Recent HIPAA Lawsuits Filed in the Courts
Recently, several lawsuits have been filed in relation to alleged breaches of Health Insurance Portability and Accountability Act (HIPAA) Rules. Here, we provide an overview…
OCR Reiterates Importance of Physical Security Controls
In a recent statement, the Department of Health and Human Services’ Office for Civil Rights (OCR) has reminded covered entities (CEs) that HIPAA compliance requires…
LifeBridge Health Reports Second Largest Data Breach of the Year
Earlier this month, LifeBridge Health, a Baltimore-based healthcare provider, made a statement announcing that it had discovered a data breach in their organisation. An initial…
Department of Homeland Security Issues Warnings About Vulnerable Medical Devices
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT) have issued warnings to healthcare providers about vulnerabilities in several medical…
Capital Digestive Care Reports Patient PHI Compromised
In a recent statement the gastroenterology group Capital Digestive Care, based in Silver Spring, Maryland, announced that they have discovered a data breach in their…
Recent Report Shows Healthcare Professionals Unaware of Cybersecurity Threats
Wombat Security has recently published a report which has revealed that employees in the healthcare industry have a lack of understanding and awareness about common…
Study Published Revealing Increase in Mortality Rates Due to Data Breaches
Researchers Vanderbilt University, Tennessee, have released a study into the effects that breaches of healthcare data have on the affected individual’s health. The results of…
First Update of NIST’s Cybersecurity Framework Released
Earlier this month, the National Institute of Standards and Technology updated its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) with new guidelines and advice…
Former Receptionist Convicted of Stealing Patient Data from Dental Practice
A former receptionist at a New York dental practice has convicted of stealing the protected health information (PHI) of 653 patients at her formed place…
Verizon’s Protected Health Information Breach Report Released
The telecommunications company Verizon has released its annual Protected Health Information Breach Report. This report offers a detailed analysis into the main causes of breaches,…
Healthcare Data Breaches in Q1, 2018
In the first quarter of 2018, 77 healthcare data breaches were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR)….
Healthcare Employees Jailed for HIPAA Violations
To serve as a deterrent, the penalties for HIPAA violations can be severe. Violations by employees can attract a fine of up to $250,000 with…
Survey Shows Healthcare Industry Susceptible to Cyberattacks
The Ponemon Institute, which conducts research on privacy, data protection, and information security, has released the results of a survey of data breaches in healthcare…
New York Attorney General Settles With EmblemHealth for HIPAA Violation
The New York Attorney General has just announced a settlement with EmblemHealth for $575,000 following a HIPAA breach at the organisation in 2016. The breach…
Protenus Releases Healthcare Breach Barometer Report
Protenus, an organisation which aims to help healthcare organisations protect private patient data, regularly releases “Healthcare Breach Barometer” reports which compile their intelligence on healthcare…
Thirteen Employees Fired form MUSC For Snooping on Patient Data
The Post and Courier, the South Carolina newspaper, has released a report stating the Medical University of South Carolina (MUSC) terminated 13 employees last year…
UVa Breached Linked to Prolific Hacker
The University of Virginia Health System has notified nearly 2,000 patents that a hacker has used malware to gain access to their protected health information…
Deputy Director for Health Information Privacy at OCR Steps Down
The deputy director for health information privacy at the Department of Health and Human Services’ Office for Civil Rights, Iliana Peters, as just announced that…
Decatur Country General Hospital Discover Cyberattack on their Systems
In a recent announcement, Decatur County General Hospital in Tennessee revealed that it has been the victim of a cyberattack on their systems. Malware was…
Report Highlights the Increasing Threat of Ransomware Attacks
Vanson Bourne, a research company, has published a report on the nature of ransomware attacks entitled “The State of Endpoint Security Today”. The report has…
Aetna Violates HIPAA Rules Again with Mailing Accident
In July 2017, Aetna, a health care company, accidentally violated HIPAA Rules when it sent mail to members in which details of HIV medications were…
CIOX Health Sues HHS Over Update to HIPAA Rules
Earlier this month, CIOX Health, a medical record retrieval company, announced that it was suing the Department of Health and Human Services. The reason for…
North Carolina Bill Aims to Toughen Data Breach Notification Laws
In 2017, more than 5.3 million residents of North Carolina were reported to be victims of breaches of private data. In response to this alarming…
SAMHSA Regulations Changed by HHS
The Department of Health and Human Services has published its final rule on the Confidentiality of Substance Use Disorder Patient Records. This rule brings significant…
Washington Hospital Employee Fired Following Serious HIPAA Violation
An employee of Washington Hospital has been fired after taking pictures of a female patient’s genitals while she was unconscious. The patient, identified in the…
Data of 2,600 Children Exposed Following MBS Breach
Multi-State Billing Services (MBS) has reached a $100,000 settlement with the Massachusetts Attorney General’s office following a data breach which occurred in 2014. The data…
Oklahoma Department of Human Services Notifies OCR of Breach Nearly 18 Months Late
In April 2016, the Oklahoma Department of Human Services experienced a data breach which affected 47,000 people. In accordance with HIPAA’s Breach Notification Rule, notifications…
HHS Prepares to Launch HIPAA Administrative Simplification Optimization Project Pilot
The Department of Health and Human Services has announced that it is looking for volunteers for their HIPAA Administrative Simplification Optimization Project Pilot. Volunteers who…
Cottage Health Suffers Two Data Breaches in Two Years
Cottage Health, a health providers based in Santa Barbara, has settled for $2 million with California attorney general’s office. Cottage Health was investigated by the…
Man Sentenced to Jail for Multiple Counts of Fraud
A man linked who used the name “TheDarkOverlord” has been sentenced to serve three years in jail for fraud and blackmail offences at the Southwark…
Alex Azar Receives Presidential Nomination for Deputy Secretary of Department of Health and Human Services
Alex Azar, the former Deputy Secretary of the Department of Health and Human Services, is the favourite to take over from former Secretary Tom Price…
RBS Report Reveals Over 7 Billion Records Breached in 2017
Risk Based Security (RBS), a provider risk analysis tools and data breach information, has released a report analysing the data breaches which have occurred in…
HHS Deputy Director for Health Information Privacy Deven McGraw Leaves for Private Industry
In October, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), Deven McGraw, has resigned…
Lincare Suffer Breach of Sensitive Employee Data
In February 2017, Lincare Holdings Inc., a supplier of home respiratory therapy products, experienced a breach of sensitive employee data. The breach involved the exposure…
California Wildfires Result in Limited Waiver of HIPAA Sanctions
The Secretary of the U.S. Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and penalties in California. The waiver…
Kromtech Security Discovers PHI of 150,000 Patients Freely Available Online
Researchers at Kromtech Security, a security software company, have identified Amazon S3 bucket used by a HIPAA-covered entity. Amazon S3 buckets are a type of…
OCR Clarifies HIPAA Rules in Response to Las Vegas Attacks
The attack at the Las Vegas music festival earlier this month has prompted the Department of Health and Human Services’ Office for Civil Rights to…
Secretary of the U.S. Department of Health and Human Services Tom Price Steps Down
Having served less than eight months in the role, as Secretary of the U.S. Department of Health and Human Services for Tom Price is the…
Report Reveals Deficiencies in Anti-Phishing Training in Organisations
Cofense, a security software company formally known as PhishMe, recently conducted a survey which discovered that organizations from many different sectors are finding themselves unable…
Hurricane Irma Results in Limited Waiver of HIPAA Privacy Rule
The United States government has announced a public health emergency in areas of the US Virgin Islands, Puerto Rico, and Florida affected by Hurricane Irma….
OCR Reminds Covered Entities to Prepare for Public Health Emergencies
In addition to dealing with the devastating aftermath of Hurricane Harvey, hospitals in Texas and Louisiana had to ensure medical staff continue to comply with…
OCR Director Severino Announces Enforcement Priorities for 2017
The Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), Roger Severino, expressed his desires to find a suitably large…
Class Action Lawsuit Filed Against Aetna Following HIV Privacy Breach
Aetna, a health care company, faces a class action lawsuit following a privacy breach that saw the HIV positive status of up to 12,000 accidentally…
Delaware Updates Breach Notification Laws
Delaware now has the strictest breach notification requirements of any state following the first amendment to its data breach notification law in a decade. The…
Jessie’s Law Passed by US Senate to Help Those with Substance Abuse Issues
Senators Joe Manchin and Shelley Moore Capito, both of West Virginia, have announced that Jessie’s Law has been passed by the Senate. The legislation was…
Beazley’s Insights Report Published for First Half of 2017
Beazley, a specialist insurance company, its July 2017 Insights report. The twice-yearly report examines the causes of data breaches experienced by its clients. This report…