HIPAA News

HIPAA News October 22, 2021

American Osteopathic Association Notifies 27,500 People About the Data Theft in June 2020

Close to 27,500 people received notification about the stealing of some of their personal information when the American Osteopathic Association (AOA) experienced a cyberattack. AOA…

HIPAA News

CISA’s New Tool for Assessing Insider Threats

HIPAA News

Medtronic MiniMed Remote Controllers Recalled Because of Critical Cybersecurity Vulnerability

HIPAA News

19,000 Individuals Affected by Ransomware Attack on Florida Behavioral Health Service Provider

HIPAA News

Ransomware Attacks At Family Medical Center of Michigan & Buddhist Tzu Chi Medical Foundation

HIPAA News

Ransomware Attack on Desert Wells Family Medicine Brings about Permanent Loss of EHR Records

HIPAA News

LifeLong Medical Care & Beaumont Health Patients Affected by Data Breaches at Business Associates

HIPAA News

HIPAA’s Advantages and Disadvantages

HIPAA News

1.4 Million People Impacted by St. Joseph’s/Candler Ransomware Attack

HIPAA News August 13, 2021

NIST Wants Feedback on Draft Guidance About Developing Cyber Resilient Systems

The National Institute of Standards and Technology (NIST) has published an important update to its guidance on creating cyber-resilient systems. The draft of the revised…

HIPAA News August 6, 2021

Email Security Breaches At Prestera Center and Wisconsin Institute of Urology

Prestera Mental Health Center based in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or about April 1,…

HIPAA News July 29, 2021

UPMC Pays $2.65 Million to Resolve Employee Data Breach Lawsuit

UPMC has offered a $2.65 million payout to take care of a data breach legal action filed by workers affected by a data breach in…

HIPAA News July 22, 2021

CISA Releases Ransomware Readiness Assessment Audit Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a new tool to help organizations assess how proficiently they are equipped to safeguard against…

HIPAA News July 16, 2021

Impending Risk of Ransomware Attacks Exploiting Vulnerability in SonicWall SRA/SMA 100 Series VPN Devices

SonicWall has given an important security notice cautioning users of the Secure Remote Access (SRA) products and Secure Mobile Access (SMA) 100 series operating on…

HIPAA News July 9, 2021

Ransomware Attacks Reported by Hoya Optical Labs, Penn Foundation and Minnesota Community Care

Hoya Optical Labs Ransomware Attack Impacts Over 3,000 Patients Hoya Optical Labs has begun sending notifications to some patients concerning a ransomware attack that potentially…

HIPAA News July 1, 2021

Government Watchdog GivesGives 7 Suggestions to HSS to Boost Cybersecurity

The Government Accountability Office has publicized a report after an assessment of the organizational solution to the cybersecurity of the U.S. Department of Health and…

HIPAA News June 25, 2021

CVS Website with 1 Billion-Record Database of Searches Exposed on the Internet

A database that belongs to CVS Pharmacy having roughly 1 billion search records was compromised on the internet. The database contained data regarding searches done…

HIPAA News June 17, 2021

Data Breaches at Arizona Asthma and Allergy Institute, Nebraska Department of Health and Human Services and Stillwater Medical Center

Arizona Asthma and Allergy Institute mailed breach notification letters to 70,372 individuals who acquired services from October 1, 2015 to June 15, 2020. In accordance…

HIPAA News June 10, 2021

Humana and Cotiviti Confronting Class Action Suit Over 63,000-Record Data Breach

The medical insurance and healthcare company Humana in Louisville, KY, and its business associate Cotiviti are dealing with a lawsuit because of a data breach…

HIPAA News June 4, 2021

Scripps Health Ransomware Attack Impacts 147,000 Patients

Scripps Health, the second-largest healthcare provider in San Diego, has begun mailing breach notification letters to 147,267 patients to let them know about the theft…

HIPAA News May 27, 2021

More Healthcare Companies Report Latest Ransomware Attacks Impacting Patients

After the ransomware attack on Colonial Pipeline, several ransomware groups for example REvil and Avaddon stated that they have put in place new policies that…

HIPAA News May 22, 2021

Arizona Asthma and Allergy Institute Data Breach and Lost Exceltox Laboratories Documents

Arizona Asthma and Allergy Institute based in Peoria, AZ has found out that the protected health information (PHI) of approximately 50,000 patients was momentarily compromised…

HIPAA News May 14, 2021

CISA/FBI Give Guidelines for Avoiding Business Disruption from Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a notification concerning DarkSide ransomware in the aftermath of…

HIPAA News May 6, 2021

Network Intrusions and Ransomware Attacks Surpass Phishing as Principal Breach Cause

Network intrusion problems have overtaken phishing as the top cause of healthcare data security mishaps, which has been the principal cause of data breaches for…

HIPAA News April 29, 2021

PHI Potentially Breached in River Springs Health Plans Phishing Attack and Netgain Ransomware Attack

An unauthorized individual acquired access to a River Springs Health Plans employee’s email account and installed malware that possibly permitted the extraction of email account…

HIPAA News April 22, 2021

HHS Information Blocking and Interoperability Regulations Now Effective

The Department of Health and Human Services created the new information blocking and interoperability rules which were included in the 21st Century Cures Act. It…

HIPAA News April 16, 2021

Threat Groups Still Target COVID-19 Vaccine Cold Chain

Advanced persistent threat groups continue to target the worldwide COVID-19 vaccine cold chain, based on an up-to-date IBM Security X-Force report. X-Force researchers publicized a…

HIPAA News April 9, 2021

Third Party Data Breaches Documented by Apple Valley Clinic & BioTel Heart

Apple Valley Clinic based in Minnesota has begun sending notifications to 157,939 patients regarding the compromise of some of their protected health information (PHI) due…

HIPAA News April 2, 2021

Third-Party Data Breaches Affect Lexington Medical Center and CalViva Health

Wake Forest Baptist Health reported that an unauthorized person obtained access to the networks of Healthgrades Operating Co. Inc, its technology vendor from October 16…

HIPAA News March 27, 2021

Massachusetts Mental Health Clinic Pays $65,000 to Resolve HIPAA Right of Access Violation

Arbour Hospital, a mental health clinic based in Boston, MA, has resolved a HIPAA Right of Action case with the HHS’ Office for Civil Rights…

HIPAA News March 19, 2021

FBI: $4.2 Billion Losses Due to Cybercrime in 2020

The Federal Bureau of Investigation (FBI) has released its yearly Internet Crime Report. There were 791,790 complaints submitted to the FBI’s Internet Crime Complaint Center…

HIPAA News March 12, 2021

Arizona High Court Revives Privacy Violation Case Over Pharmacy ED Prescription Disclosure

The Arizona Supreme Court brought back a HIPAA violation legal action that a guy from Phoenix filed due to a privacy violation by a pharmacy…

HIPAA News March 5, 2021

IBM X-Force Report Shows Healthcare Cyberattacks Increased Twofold in 2020

The IBM X-Force released a new report that shows healthcare cyberattacks increased twofold in 2020 and 28% of attacks had been ransomware attacks. The significant…

HIPAA News February 26, 2021

Data Breaches at St. Margaret’s Health Spring Valley, Pitkin County, Colorado, and HarborChase Nursing Home

St. Margaret’s Health Spring Valley in Illinois is looking into a cyberattack that happened on February 20/21, 2021. The hospital’s IT team discovered the security…

HIPAA News February 19, 2021

Data Breaches at Granite Wellness Centers, Texas Spine Consultants, Southern California Center for Anti-Aging and Gastroenterology Consultants

PHI of 15,600 Patients Likely Affected in Ransomware Attack at Granite Wellness Centers Granite Wellness Centers located in Northern California encountered a ransomware attack last…

HIPAA News February 12, 2021

Cyberattack on Nebraska Medicine and Hackley Community Care

Nebraska Medicine began informing roughly 219,000 patients regarding a malware attack that permitted an unauthorized person to access and get hold of patient data. On…

HIPAA News February 5, 2021

Fertility App Developer Faces Lawsuit for Giving User Information with Chinese Companies Without Authorization

Easy Healthcare Corp. based in Burr Ridge, IL is facing a lawsuit for the alleged giving of sensitive user data to third-party companies located in…

HIPAA News January 29, 2021

Ransomware Attacks Are the Cause of About 50% of Healthcare Data Breaches

Tenable published a new report which revealed that more or less half of all healthcare data breaches are caused by ransomware attacks, and in most…

HIPAA News January 22, 2021

HHS Provides $20 Million to Widen COVID-19 Vaccine Information Sharing

The U.S. Department of Health and Human Services has offered $20 million to enhance data sharing between health information exchanges (HIEs) and immunization information systems….

HIPAA News January 15, 2021

2020 HIPAA Violation Cases and Penalties

The Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 19 cases of HIPAA violation in 2020. This year, OCR issued the…

HIPAA News January 7, 2021

NSA Publishes New Guidance on Eliminating Weak Encryption Protocols

The National Security Agency (NSA) has issued guidance to assist organizations in eliminating weak encryption protocols that threat actors are presently taking advantage of to…

HIPAA News January 2, 2021

House Approves the HIPAA Safe Harbor Bill to Reward HIPAA-Covered Entities that Adopt Cybersecurity Best Practices

The House Energy and Commerce Committee passed the HIPAA Safe Harbor Bill (HR 7988). The new bill is an attempt to modify the HITECH Act…

HIPAA News December 25, 2020

Ransomware Attack on GenRx Pharmacy and Additional Blackbaud Ransomware Attack Victims

GenRx Pharmacy in Scottsdale, AZ is notifying selected patients regarding the potential compromise of their protected health information (PHI) due to a ransomware attack. The…

HIPAA News December 19, 2020

Data Breaches at Cedar Springs Hospital, Konikoff Dental Associates and Travis County Health District

Cedar Springs Hospital located in Colorado Springs, CO is sending notification to a number of patients regarding the loss of a portable storage device that…

HIPAA News December 12, 2020

Vulnerability in VMWare Virtual Workspaces Exploited by Russian State-Sponsored Hackers

The U.S. National Security Agency (NSA) has given a cybersecurity alert regarding the campaign of Russian state-sponsored hacking groups to target a vulnerability identified in…

HIPAA News December 4, 2020

Potential Unauthorized PHI Access Could Result from Vulnerabilities in OpenClinic Application

Four vulnerabilities were identified in the OpenClinic application, the most severe of which can allow unauthorized users to circumvent authentication and view protected health information…

HIPAA News November 27, 2020

FBI Gives Advisory Concerning Escalating Ragnar Locker Ransomware Activity

A recent private industry alert from the Federal Bureau of Investigation (FBI) showed that threat actors employing Ragnar Locker ransomware have leveled up their attacks…

HIPAA News November 20, 2020

Microsoft Gives Alert to Office 365 Users Concerning the Ongoing Advanced Phishing Campaign

Office 365 users have been notified concerning the current phishing campaign that gathers user credentials. The attackers use advanced tactics to circumvent email security tools…

HIPAA News November 12, 2020

Phishing Campaign Utilizes Job Termination as Lure to Deliver Bazar and Buer Malware

The TrickBot botnet is being utilized to perform a new phishing campaign that distributes the Buer loader and Bazar backdoor malware. Research experts at Area…

HIPAA News November 6, 2020

Breaches at Alamance Skin Center, Perry County Memorial Hospital and BryLin Behavioral Health

A ransomware attack on Cone Health in Greensboro affected just one practice, Alamance Skin Center in Burlington, NC. The attack took place in late July…

HIPAA News October 29, 2020

Cyber Criminals Blackmail Psychotherapy Provider in Finland and its Patients

Vastaamo, a top psychotherapy service provider in Finland, has encountered a cyberattack that ended with stolen highly sensitive patient information. The attackers issued threats to…

HIPAA News October 23, 2020

6 Russian Hackers Facing Allegations of Offensive Cyber Campaigns Such as the 2017 NotPetya Wiper Attacks

The U.S. Department of Justice made a statement concerning the indictment of 6 Russian hackers for taking part in the 2017 NotPetya malware attacks and…

HIPAA News October 16, 2020

Healthcare Provider Pays $160,000 Penalty Over HIPAA Right of Access Violation

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued the 12th HIPAA penalty for this year 2020. With respect to…

HIPAA News October 9, 2020

Data Breaches at UMMA Community Clinic, Mayo Clinic and Seven Counties Service

Insider Breach at UMMA Community Clinic University Muslim Medical Association (UMMA) Community Clinic in Los Angeles found out that a former employee sent a secured…

HIPAA News October 1, 2020

Email Account Breaches at Alameda Health System, Stark Summit Ambulance and EyeMed Vision Care

Alameda Health System (AHS) based in Alameda, CA, an outpatient, inpatient, emergency, and wellness services provider within the East Bay area, discovered that an unauthorized…

HIPAA News September 24, 2020

Business Associate Pays $2.3 Million Fine for Breach of ePHI of 6M Individuals and Multiple HIPAA Violations

The Department of Health and Human Services’ Office for Civil Rights recently reported the 10th HIPAA violation fine of 2020. The most current financial penalty…

HIPAA News September 18, 2020

Court of Appeals Discharged Express Scripts HIPAA-Based Lawsuit

In 2019, five pharmacies took legal action against Express Scripts for misuse of patient information, which is a HIPAA violation. Express Scripts is the leading…

HIPAA News September 11, 2020

Privacy Risks Identified on Most Webpages Featuring COVID-19 Facts

JAMA published a new research article that revealed the fact that almost all websites providing COVID-19 facts have a third-party tracking code that poses a…

HIPAA News September 4, 2020

Bill on Genetic Information Privacy Act Passed by California Senate

A bill (SB-980) that secures the Genetic Information Privacy Act was passed by the California Senate. At the moment, California Governor Gavin Newsom just has…

HIPAA News August 27, 2020

Why a Comprehensive IT Asset Inventory is Important in Risk Analysis

The Office for Civil Rights reveals many companies fail to comply with risk analysis, which is an important HIPAA Security Rule requirement. While some HIPAA-covered…

HIPAA News August 21, 2020

Three Vulnerabilities Discovered in Philips SureSigns Vital Signs Monitors

There are three vulnerabilities with low- to medium-severity discovered in Philips SureSigns VS4 vital signs monitors. An attacker could exploit the vulnerabilities and access the…

HIPAA News August 14, 2020

PHI Exposed at Owens Ear Center, Blackbaud Inc and Premier Healthcare Partners Data Breaches

A ransomware attack on Owens Ear Center located in Fort Worth, Texas occurred on May 28, 2020 that resulted in patient information encryption. The encrypted…

HIPAA News August 7, 2020

Allergy and Asthma Clinic of Fort Worth Hacking Incident Affects 69,777 Patients

Allergy and Asthma Clinic of Fort Worth has identified an unauthorized person got access to its computer networks and probably acquired the billing data of…

HIPAA News July 31, 2020

$53 Million Cash Support Proposed to Improve Cybersecurity and Secure COVID-19 Research Data

There is a substantial weight of proof that indicate nation-state hacking groups are focusing on organizations doing COVID-19 research and developing the vaccine to get…

HIPAA News July 24, 2020

Small North Carolina Healthcare Provider to Pay $25,000 to Settle HIPAA Security Rule Violation

The HHS’ Office for Civil Rights (OCR) stated that the Metropolitan Community Health Services has agreed to pay $25,000 to settle its HIPAA Security Rule…

HIPAA News July 17, 2020

Microsoft Issues Patch to Fix Seious Wormable Windows DNS Server Vulnerability

Microsoft has issued a patch to fix a 17-year old wormable remote code execution vulnerability found in Windows DNS Server. The vulnerability may be taken…

HIPAA News July 10, 2020

Microsoft Stops COVID-19 Phishing Campaign and Gives Alert on Malicious OAuth Apps

Microsoft stopped a massive phishing campaign done in 62 nations. Microsoft’s Digital Crimes Unit (DCU) first recognized the phishing campaign last December 2019. The phishing…

HIPAA News July 3, 2020

St. Luke’s Health-Memorial Lufkin, Iowa Total Care and RiverPointe Post Acute Reported Breaches

CHI St. Luke’s Health-Memorial Lufkin in Texas sent notification letters to patients regarding the potential exposure of their protected health information (PHI). St Luke’s threat…

HIPAA News June 26, 2020

Georgia Hospital Facing Issues of Faking of COVID-19 Test Results Suspends Workers Over Suspected HIPAA Breach

Landmark Hospital of Athens located in Georgia suspended three staff members who are alleged of viewing, copying or exposing patient records. The likely HIPAA breach…

HIPAA News June 19, 2020

Millions of Connected Devices Impacted By Exploitable ‘Ripple20’ RCE TCP/IP Vulnerabilities

There were 19 zero-day vulnerabilities found in the TCP/IP communication software library which Treck Inc. created. Billions of interconnected gadgets spanning almost all industries, this…

HIPAA News June 12, 2020

Cyber Criminals Stole $107,000 from Kentucky Employees’ Health Plan Members in Two Attacks

The Commonwealth of Kentucky Personnel Cabinet submitted a report on two data breaches which happened in late April and in May. The attacks resulted in…

HIPAA News June 5, 2020

Class Action Lawsuit Filed Against Aveanna Healthcare Concerning 2019 Phishing Attack

The healthcare provider Aveanna Healthcare centered in Atlanta, GA is charged with a class action case because of a data breach that happened last summer…

HIPAA News May 28, 2020

Attacks on Web Application Double as Threat Actors Target Web Data

The 2020 Verizon Data Breach Investigations Report reveals that malware attacks are decreasing while hackers target information saved in the online. Verizon has been publishing…

HIPAA News May 22, 2020

Indiana Court of Appeals Decides in Favor of Respondeat Superior Claim in HIPAA Breach Lawsuit

The Indiana Court of Appeals reinstated the respondeat superior claim of Haley SoderVick who filed a legal case on Parkview Health System Inc. after a…

HIPAA News May 15, 2020

PHI Exposed at the Santa Rosa & Rohnert Park Oral Surgery, Ashtabula County Medical Center and Orchard Medical Consulting

Santa Rosa & Rohnert Park Oral Surgery on Portland, OR found out that an unauthorized individual got access to an employee’s email account. The provider…

HIPAA News May 8, 2020

Healthcare Employees in Michigan and Illinois Terminated for HIPAA Violations

Ann & Robert H. Lurie Children’s Hospital of Chicago dismissed a worker for inappropriate access of the healthcare data of patients with no permission over…

HIPAA News May 1, 2020

EFF Warns of Privacy and Security Threats with Google and Apple’s COVID-19 Contact Tracing Technology

The contact tracing technology that Apple and Google are developing may be invaluable in tracking individuals who have come into close contact with people confirmed…

HIPAA News April 24, 2020

Privacy Should Come First When Developing COVID-19 Contact Tracing Technology

One tool that could be used during the COVID-19 pandemic that is getting a lot of global attention in the past weeks is contact tracing…

HIPAA News April 18, 2020

Healthcare Customers Attempting to Purchase PPE and Medical Equipment Targeted by Scammers

The Federal Bureau of Investigation (FBI) has released an alert that cybercriminals are trying to steal from state institutions and healthcare sector customers that are…

HIPAA News April 10, 2020

INTERPOL Issues Warning Over Increase in Ransomware Attacks on Healthcare Organizations

INTERPOL gave a notification to hospitals about the continuous ransomware attacks throughout the 2019 Novel Coronavirus outbreak. Though a number of ransomware gangs have widely…

HIPAA News April 3, 2020

Cybersecurity Attacks on Tandem Diabetes Care, Foundation Medicine, Texas Network of Walk-in Clinics and Randleman Eye Center

Phishing Attack on Tandem Diabetes Care Patients A phishing attack on Tandem Diabetes Care, Inc. in San Diego, CA resulted in the access of some…

HIPAA News March 27, 2020