Elizabeth Hernandez

Elizabeth Hernandez works as a reporter for NetSec.news. Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: https://twitter.com/ElizabethHzone

Is it Possible to Have HIPAA Compliant Gmail?
Apr03

Is it Possible to Have HIPAA Compliant Gmail?

It is possible to have HIPAA compliant Gmail if you subscribe to a Google Workspace account that supports HIPAA compliance, if the products included in the Workspace account are configured to support HIPAA compliance, and if the Gmail service is used in compliance with the Privacy Rule standards relating to permissible uses and disclosures. When an individual or organization qualifies as a HIPAA covered entity or business associate,...

Read More
Survey Finds Change Healthcare Cyberattack Impacting Hospital Finances and Patient Care Access
Mar26

Survey Finds Change Healthcare Cyberattack Impacting Hospital Finances and Patient Care Access

The recent cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group, has sent affected the U.S. healthcare system greatly, marking it as one of the most consequential attacks in its history. Targeting a company responsible for processing 15 billion healthcare transactions annually, with a direct impact on one in every three patient records, the fallout has been severe. Patients across the nation have experienced concerning...

Read More
CISA and NSA Issue Guidance Sheets on Best Practices for Cloud Security
Mar25

CISA and NSA Issue Guidance Sheets on Best Practices for Cloud Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have jointly issued a series of five cybersecurity information sheets following increasing cyber threats targeting cloud environments. These resources are designed to assist organizations in strengthening the security posture of their cloud environments, providing invaluable guidance on best practices and recommended...

Read More
Joint Fact Sheet Warns of Volt Typhoon Threat to Critical Infrastructure
Mar19

Joint Fact Sheet Warns of Volt Typhoon Threat to Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and international partners, have issued a joint fact sheet urging critical infrastructure entities to heed the warning of potential attacks by Chinese state-sponsored actors. This alert follows a February 2024 cybersecurity advisory highlighting the presence of an advanced persistent threat group dubbed Volt Typhoon,...

Read More
Study Finds Alarming Vulnerabilities in Medical Devices
Mar18

Study Finds Alarming Vulnerabilities in Medical Devices

A recent comprehensive study conducted by Claroty, a leader in cyber-physical systems (CPS) protection, has highlighted concerning trends within healthcare cybersecurity. This research, outlined in Claroty’s State of CPS Security Report: Healthcare 2023, has revealed a concerning gap in the maintenance practices of medical devices within hospital environments, emphasizing their susceptibility to potential cyber attacks and the...

Read More
Google Agrees to Settle $5 Billion “Incognito” Privacy Lawsuit
Jan03

Google Agrees to Settle $5 Billion “Incognito” Privacy Lawsuit

Google has agreed to settle a $5 billion lawsuit that alleged it spied on people who used the Chrome Browser in incognito mode and the privacy modes of other Chromium browsers. The Google Chrome browser’s incognito mode includes greater privacy protections, allowing users to browse the Internet anonymously. A lawsuit – Brown et al v Google LLC et al – was filed in the U.S. District Court, Northern District of California in June...

Read More
Black Basta Generated At Least $107 Million in Ransoms Since April 2022
Dec05

Black Basta Generated At Least $107 Million in Ransoms Since April 2022

An investigation of the Black Basta ransomware group by Corvus Insurance and Elliptic has revealed the group obtained at least $107 million in ransom payments from more than 90 victims since April 2022. Black Basta is a Russia-linked ransomware-as-a-service (RaaS) operation, where affiliates are recruited to conduct ransomware attacks for a cut of the profits. The group emerged after the infamous Conti ransomware operation was shut...

Read More
Vaccine Manufacturers Targeted with Metamorphic Tardigrade Malware
Nov30

Vaccine Manufacturers Targeted with Metamorphic Tardigrade Malware

The biomanufacturing sector has been warned about targeted attacks involving Tardigrade malware – a sophisticated metamorphic variant of the SmokeLoader backdoor. Tardigrade malware is known to have been used in two cyberattacks on companies in the biomanufacturing sector in 2021. In the spring of this year, a large biomanufacturing facility was targeted and a second facility was infected with the malware in October. The attacks...

Read More
$130,000 Settlement Agreed with Two New Jersey Printing Companies to Resolve Alleged HIPAA Violations
Nov16

$130,000 Settlement Agreed with Two New Jersey Printing Companies to Resolve Alleged HIPAA Violations

An investigation conducted by the New Jersey Division of Consumer Affairs into an unauthorized disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents has been settled by New Jersey Acting Attorney General, Andrew Bruck. The two firms will pay financial penalties totaling $130,000 and have agreed to a consent order that requires them to make changes to their policies and procedures to improve data...

Read More
Personal and Health Information of 656,000 Patients of California Clinic Potentially Compromised
Nov03

Personal and Health Information of 656,000 Patients of California Clinic Potentially Compromised

Community Medical Centers in California has announced it suffered a cyberattack in October in which the personal and protected health information of more than 656,000 individuals was potentially compromised. Community Medical Centers is a nonprofit network of neighborhood health centers in Northern California serving patients in San Joaquin, Solano, and Yolo counties. The healthcare provider issued a notification to the Maine Attorney...

Read More
New Jersey Fines Infertility Clinic $495,000 for Multiple Violations of the HIPAA Rules
Oct19

New Jersey Fines Infertility Clinic $495,000 for Multiple Violations of the HIPAA Rules

An investigation conducted by the New Jersey Department of Law and Public Safety Division of Consumer Affairs into a HIPAA compliance data breach at an infertility clinic has been settled, with the clinic operator agreeing to pay a financial penalty of $495,000. Diamond Institute for Infertility and Menopause, LLC (Diamond) is based in Millburn, NJ, and operates two infertility clinics in the state and one in New York. The company...

Read More
Guidance on HIPAA and COVID-19 Vaccination Status Disclosures Issued by HHS
Oct06

Guidance on HIPAA and COVID-19 Vaccination Status Disclosures Issued by HHS

In the United States, HIPAA compliance rules restrict uses and disclosures of healthcare data, but there has been considerable confusion about HIPAA and COVID-19 vaccination status disclosures amongst the public, and even members of Congress. The U.S. Department of Health and Human Services’ Office for Civil Rights, the main enforcer of HIPAA, has now released guidance on HIPAA and COVID-19 vaccination status disclosures to help clear...

Read More
100 Million IoT Devices Affected by Zero-Day Flaw, Including Medical Devices
Sep24

100 Million IoT Devices Affected by Zero-Day Flaw, Including Medical Devices

A high-severity zero-day vulnerability in the Internet-of-Things (IoT) open-source platform NanoMQ has put more than 100 million devices at risk of attack. NanoMQ by EMQ is a real-time IoT monitoring platform that is used to delivers alerts when abnormal activity is detected in IoT devices. The platform is used in many settings, including industrial systems, manufacturing, healthcare, automobiles, and many more. The vulnerability,...

Read More
Pediatric Care Provider Fined $80,000 for HIPAA Right of Access Violation
Sep10

Pediatric Care Provider Fined $80,000 for HIPAA Right of Access Violation

A pediatric hospital in Omaha, NE has agreed to settle a Department of Health and Human Services’ Office for Civil Rights (OCR) HIPAA investigation and will pay a financial penalty of $80,000 to close the case. The investigation was launched in response to a complaint from a patient who was not provided with a copy of her late daughter’s medical records in a timely manner. HIPAA gives individuals the right to obtain a copy of their...

Read More
More than 600,000 Patients Affected by DuPage Medical Group Ransomware Attack
Sep09

More than 600,000 Patients Affected by DuPage Medical Group Ransomware Attack

On August 30, 2021, Downers Grove, IL-based DuPage Medical Group announced it has been affected by a ransomware attack. DuPage is the largest independent physician group in Illinois and has more than 900 physicians that provide over 19,000 appointments a day. Between July 12 and July 13, 2021, the group suffered a network outage, which was rapidly identified as a ransomware attack. The forensic investigation confirmed unauthorized...

Read More
288% Increase in Ransomware Attacks Between Q1 and Q2, 2021
Sep08

288% Increase in Ransomware Attacks Between Q1 and Q2, 2021

There was a massive 288% surge in ransomware attacks between the first and second quarters of 2021, according to research recently published by NCC Group. The Conti ransomware gang was the biggest threat in this period, having conducted 22% of the attacks. The Avaddon ransomware gang was also particularly active and was behind 17% of the attacks. The Avaddon ransomware-as-a-service (RaaS) operation is believed to have been shut down,...

Read More
80% of Global Organizations Suffer Further Attacks After Paying Ransomware Operators
Jun17

80% of Global Organizations Suffer Further Attacks After Paying Ransomware Operators

You suffer a ransomware attack and decide to pay the ransom to regain access to your data, but that may not be the end of it. Chances are that after paying you will be attacked again and will be issued with a further ransom demand. How frequently do these double attacks occur? According to a recent report by Cybereason, 80% of global organizations that paid a ransom experienced a further attack, often by the same threat group that was...

Read More
Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients
Jun11

Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

34,862 patients of Lafourche Medical Group, a Louisiana-based urgent care center operator, have been made aware that a security incident may have resulted in a portion of their of their protected health information being compromised. Lafourche Medical Group learned in March 2021 that an external accountant had replied to a phishing email that claimed to have been sent by one of the owners of Lafourche Medical Group. responding to the...

Read More
HIPAA Right of Access Case Settled for $5,000 by Diabetes, Endocrinology & Lipidology Center
Jun08

HIPAA Right of Access Case Settled for $5,000 by Diabetes, Endocrinology & Lipidology Center

According to the HHS’ Office for Civil Rights (OCR), a settlement agreement has been negotiated with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) in relation to a possible HIPAA Right of Access breach. DELC is a West Virginia-based healthcare supplier that focuses on treating endocrine disorders. In August 2019, a complaint was submitted to OCR which claimed that DELC had breached HIPAA when it didn’t respond...

Read More
NCSC Warns UK Educational Institutions of Increased Ransomware Threat
Jun07

NCSC Warns UK Educational Institutions of Increased Ransomware Threat

The UK’s National Cyber Security Center (NCSC) has issued a warning to the UK education sector following a recent spike in ransomware attacks on schools, colleges, and universities. Some of the recent attacks have resulted in the loss of school financial records, student coursework, and COVID-19 testing data. Ransomware attacks often involve the theft of data prior to the use of ransomware to encrypt systems. The attacks can have a...

Read More
SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID
Jun01

SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID

The Russian Advanced Persistent Threat (APT) group Nobelium – aka APT29/The Dukes/Cozy Bear – that was behind the SolarWinds Orion supply chain attack has been conducting a spear phishing campaign masquerading as the U.S. Agency for International Development (USAID). The emails are used to deliver malware and gain persistent access to the internal networks of the targeted companies. The spear phishing attacks were identified by...

Read More
Apple Patches Zero-day Flaw Actively Exploited by Shlayer Malware
Apr27

Apple Patches Zero-day Flaw Actively Exploited by Shlayer Malware

An actively exploited zero-day vulnerability in macOS has been patched by Apple. The vulnerability, one of the most serious flaws in macOS to be discovered, allows malware to bypass File Quarantine, Gatekeeper, and Notarization protections. The vulnerability – tracked as CVE-2021-30657 – is due to a logic flaw in the macOS policy subsystem that performs security checks on applications. The flaw was identified by security researcher...

Read More
New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case
Mar29

New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case

The HHS’ Office for Civil Rights (OCR) has revealed a settlement has been agreed with Ridgewood, NJ-based Village Plastic Surgery to resolve a potential breach of the HIPAA Right of Access provision of the HIPAA Privacy Rule. As per the terms of the settlement, Village Plastic Surgery will pay a $30,000 fine and will implement a corrective action plan that includes the creation of policies and processes covering patient medical record...

Read More
AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach
Mar15

AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach

A settlement has been reached between a coalition of 41 state Attorneys General and American Medical Collection Agency (AMCA) to resolve a case stemming from a data breach involving the protected health information of 21 million Americans. The data breach was the largest healthcare data breach to be reported in 2019. AMCA specializes in small debt collections from patients of medical testing facilities. From August 1, 2018 until March...

Read More
U.S. Healthcare Data Breach Report for January 2021
Feb24

U.S. Healthcare Data Breach Report for January 2021

January witnessed a 48% month-over-month drop in the number of large healthcare data breaches, down from 62 breach incidents in December to 32 in January, according to an analysis by HIPAA Journal. While this is well beneath the 38 data breaches that are reported on average each month, it is still more than 1 data breach every day. There would have been a major drop in the amount of breached records were it not for a major data breach...

Read More
Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident
Feb22

Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident

In California, Laguna Hills-based Harvard Eye Associates has been affected by a cyberattack on its online storage vendor and the protected health information (PHI) of 29,982 patients could possibly have been stolen. The storage vendor made Harvard Eye Associates aware, on January 15, 2021, that cybercriminals had obtained access to its computer databases and stole data. While it was not known if files were encrypted to prevent access,...

Read More
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
Feb18

US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020

An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...

Read More
Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach
Feb05

Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach

It has been discovered by the Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, that its web hosting provider failed to address vulnerabilities which were targeted by hackers to obtain access to its web portal and the protected health information of those applying for membership since 2013. Florida Healthy Kids had an agreement with Jelly Bean Communications Design, LLC to arrange the hosting of its...

Read More
UK Residents Warned of COVID-19 Vaccine Phishing Emails Seeking Financial Information
Jan26

UK Residents Warned of COVID-19 Vaccine Phishing Emails Seeking Financial Information

UK residents are being warned about a new phishing campaign that spoofs the National Health Service (NHS) and asks recipients to confirm that they want to receive the COVID-19 vaccine. The UK’s vaccination program is now well underway, with more than 6.5 million people already given the first dose of one of the approved COVID-19 vaccines, with the most vulnerable groups and NHS workers being prioritized. However, it is likely to take...

Read More
2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware
Jan25

2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware

During 2020 – according to the latest State of Ransomware report from the New Zealand-based cybersecurity firm Emsisoft – healthcare, education, and government entities were the main focus of ransomware threat groups with 2,354 attacks being registered. Towards the end of 2019 ransomware was being extensively used in cyberattacks on the healthcare industry. The attacks dwindled in the first half of 2020 but rose...

Read More
More Than 37 Billion Records Were Exposed in Data Breaches in 2020
Jan25

More Than 37 Billion Records Were Exposed in Data Breaches in 2020

A new report from Risk Based Security suggests the number of data breaches fell by 48% globally in 2020; however, the number of breached records increased by 141% to 37 billion. The data for the Risk Based Security 2020 Year End Report came from crawls of the Internet to find information on data breaches, with all cases then subject to manual review. The researchers identified 3,932 breaches that had been disclosed in 2020 and. The...

Read More
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Jan06

Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...

Read More

Saint Francis Healthcare Data Breach Lawsuit Settled for $350,000

In relation to September 2019 ransomware attack on Ferguson Medical Group (FMG), a $350,000 settlement has been reached between Saint Francis Healthcare System and patients impacted by the attack.  FMG was purchased by Saint Francis after a cyberattack resulted in many important records being inaccessible. They tried to retrieve all impacted records via backups, though some were could no be rescued. These files included medical...

Read More
10th HIPAA Fine Under Right of Access Initiative Revealed by Office for Civil Rights
Nov08

10th HIPAA Fine Under Right of Access Initiative Revealed by Office for Civil Rights

The 10th financial penalty under its HIPAA Right of Access enforcement initiative has been revealed by the U.S. Department of Health and Human Services’ Office for Civil Rights. California-based Riverside Psychiatric Medical Group has committed to paying a financial penalty of $25,000 to settle a possible HIPAA Right of Access breach and will implement a corrective action plan to see to it that compliance with this provision of the...

Read More
City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights
Nov03

City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights

In Connecticut the City of New Haven has committed to paying a $203,400 financial penalty to the Department of Health and Human Services’ office for Civil Rights to compensate for a HIPAA violation case.  An OCR investigation was initiated in May 2017 following a receipt of data breach notification originating in New Haven on January 24. OCR investigated if the City of New Haven was responsible for HIPAA violations. Following this...

Read More
Ireland Facebook Ordered to Stop Data Transfers to US by Irish DPO
Sep11

Ireland Facebook Ordered to Stop Data Transfers to US by Irish DPO

A preliminary order has been handed down by Ireland’s Data Protection Commission (DPC) ordering Facebook to stop sending personal data transfers from Ireland to the United States. This order is a result of the European Union Court ruling in July, referred to as Schrem II, that stated it is illegal for any personal data being transferred from the EU to the US if it can be monitored by US government agencies or federal authorities. What...

Read More
TikTok Data Management Being Investigated by CNIL in France
Aug15

TikTok Data Management Being Investigated by CNIL in France

It has been revealed that the data protection authority in France, the CNIL, is about to review the data operations of TikTok. TikTok has been trying to appoint the Data Protection Commission (DPC) in Ireland as its lead authority in Europe. It has done so by establishing a base in Ireland to manage private data for EU-based users. Due to this the group believes that the investigation in France may be deemed invalid. The DPC is...

Read More
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
Aug03

PHI of Customers Stolen in Looting Incidents at Cub Pharmacies

A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...

Read More
Lack of Encryption & Other HIPAA Breaches Leads to $1m HIPAA Penalty for Lifespan
Jul11

Lack of Encryption & Other HIPAA Breaches Leads to $1m HIPAA Penalty for Lifespan

The HHS’ Office for Civil Rights has sanctioned a $1,040,000 HIPAA penalty on Lifespan Health System Affiliated Covered Entity (Lifespan ACE)after identifying systemic noncompliance with the HIPAA Rules. Lifespan is a not-for-profit health system located in Rhode Island that has many healthcare provider affiliates in the state. On April 21, 2017, a breach report was submitted with OCR by Lifespan Corporation, the parent company and...

Read More
Portals Accessed Using Stolen Credentials of Health Plan Members
Jul03

Portals Accessed Using Stolen Credentials of Health Plan Members

Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...

Read More
Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks
May15

Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks

Saint Francis Healthcare Partners in Connecticut has begun making contact with 38,529 patients to make them aware that a portion of their protected health information may have been stolen by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email database. The attack took place on December 30, 2019 but it was not until March 20, 2020 that the forensic...

Read More
COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks
May13

COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks

There has been a sharp increase in the number of COVID-19 themed cyberattacks in the past two weeks according to Check Point. Check Point has been tracking phishing attacks and other cybersecurity incidents and identified 192,000 COVID-19 themed attacks in the past two weeks. Most of the cyberattacks were phishing attacks where authorities on SARS-CoV-2 such as the World Health Organization (WHO) and the Centers for Disease Control...

Read More
HIPAA Violations in Michigan and Illinois Lead to Healthcare Workers Being Fired
May08

HIPAA Violations in Michigan and Illinois Lead to Healthcare Workers Being Fired

A staff member at Ann & Robert H. Lurie Children’s Hospital of Chicago has been fired accessing the medical records of patients without the appropriate authorization over a period of 15 months. The privacy violations were discovered when, after reviewing access logs, the hospital found that a staff member had viewed the medical records of 4,824 patients without authorization between November 2018 and February 2020. The range of...

Read More
Malicious COVID-19 Domains Taken Down and New Blocklists Released
May06

Malicious COVID-19 Domains Taken Down and New Blocklists Released

Cybercriminals have registered large numbers of COVID-19 themed domains which are being used for a variety of scams. Internet service providers are being ordered to take down the websites but given the sheer number of malicious websites that have been set up, that process is taking some time. In the United Kingdom, Her Majesty’s Revenue and Customs (HMRC) has ordered internet service providers to take down 292 COVID-19 themed websites...

Read More
30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack
Feb13

30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack

Fondren Orthopedic Group, an association of private orthopedic surgery practitioners in Houston and the surrounding areas, experienced a cyberattack that affected certain parts of its IT system on November 21, 2019. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Quick action was taken to limit the infection and its systems...

Read More
16,167 Patients Hit by Hospital Sisters Health System Email Breach
Feb13

16,167 Patients Hit by Hospital Sisters Health System Email Breach

Hospital Sisters Health System has recently found out that an email security breach in August 2019 led to unauthorized people obtaining access to emails and email attachments that included the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the...

Read More
Novel Coronavirus Outbreak Prompts HHS Covered Entity HIPAA Data Sharing Warning
Feb03

Novel Coronavirus Outbreak Prompts HHS Covered Entity HIPAA Data Sharing Warning

In response to the 2019 Novel Coronavirus outbreak, the Department of Health and Human Services has released a bulletin to make HIPAA-covered entities aware of the allowable methods for sharing patient information during outbreaks of infectious disease and other emergency situations, In the news release, the HHS confirmed that at such times, the protections of the HIPAA Privacy Rule still apply and healthcare organizations must...

Read More
False Allegations of HIPAA Violations Result in Georgia Man Being Charged
Jan14

False Allegations of HIPAA Violations Result in Georgia Man Being Charged

Following the discover of a complex scheme to set up an acquaintance in relation to breaches violations of the Health Insurance Portability and Accountability Act (HIPAA), a Georgia man has been charged. The man in question, 43-year-old Jeffrey Parker, claimed that he was a whistleblower reporting HIPAA breaches committed by a nurse.Mr Parker made the breaches known to the hospital where the person was employed, and official...

Read More
Survey: Cost of Healthcare Data Breaches Predicted to Reach $4 Billion in 2020
Jan04

Survey: Cost of Healthcare Data Breaches Predicted to Reach $4 Billion in 2020

Healthcare sector data breaches are taking place at an unprecedented level. The healthcare data breach figures for 2019 have yet to be drawn up, but so far 494 data breaches of more than 500 records have been made known to the HHS’ Office for Civil Rights and more than 41.11 million records were exposed, stolen, or impermissibly disclosed in 2019. That makes 2019 the worst year on record for healthcare data breaches and the second...

Read More
2019 HIPAA Enforcement
Jan02

2019 HIPAA Enforcement

2019 was another period with stringent HIPAA compliance enforcement evident. Action taken by the Department of Health and Human Services’ Office for Civil Right (OCR) lead to has resulted in 10 financial penalties. $12,274,000 has been paid to OCR in 2019 to resolve HIPAA violation cases. 2019 witnessed two civil monetary penalties sanctioned and settlements were agreed with eight groups, one less than 2018. In 2019, the average fine...

Read More
14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate
Jul16

14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate

Nemadji Research Corporation, an outfit working with California Reimbursement Enterprises, has revealed that an unauthorized person obtained access to the email account of a staff emmber and may have viewed or copied the protected health information (PHI). California Reimbursement Enterprises is a business associate of several healthcare centers and hospitals in California and operates to provide a patient eligibility and billing...

Read More
Amazon CloudFront & HIPAA Compliance
Jul16

Amazon CloudFront & HIPAA Compliance

Amazon CloudFront is a web service that enables users to optimize the speed of their web content delivery via the Internet and for website hosting. Normally, when a website is viewed, the visitor experiences some latency loading static and dynamic content. The reason for this is viewers will not make a direct connection to the content, instead they will be directed through a path to reach the server where the content can be seen. The...

Read More

HIPAA Compliance & IBM Cloud

IBM provides a cloud platform to help groups create their mobile and web services, build native cloud apps, and host their infrastructure along with a wide variety of cloud-based services for the capture, analysis, and processing of data. The platform has already been configured by many healthcare suppliers, payers, and health plans, and applications and portals have been developed to provide patients with better access to their...

Read More
Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software
Jun21

Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software

In Maryland two healthcare providers have been impacted by a possible data breach that took place at their business associate, Meditab Software Inc.Meditab supplies EMR and practice management software to healthcare providers and its systems include patient data. In March 2019, Meditab found some protected health information (PHI) had been left unsecured. Meditab had established a portal to view statistics for its Fax Cloud services....

Read More
Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services
Jun10

Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services

The Oregon Department of Human Services (ODHS) is making contact with 645,000 clients to advise them that a portion of their personal information was possibly impacted due to a phishing attack. The phishing attack took place beginning on January 9, 2019 and lead to nine ODHS members of staff visiting links in emails and disclosing their login details. ODHS and the Department of Administrative Services Enterprise Security Office...

Read More
Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records
Jun07

Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records

It has been revealed that University of Chicago Medicine has discovered more than 1.68 million of its records have been exposed due to a misconfigured server. The records were saved on a misconfigured ElasticSearch server which had mistakenly had protections removed allowing it to be accessed over the internet without the requirement for any authentication. The misconfiguration permitted a database to be accessed which included...

Read More
Healthcare Data Breach Report for April 2019
May21

Healthcare Data Breach Report for April 2019

April 2019 was the worst month recorded, to date, for healthcare data breaches. More data breaches were made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) during April than other other month since healthcare data breach reports were first reported in October 2009. In April, 46 healthcare data breaches were made known to OCR, which is a 48% increase from March and 67% higher than the average number...

Read More
Legal Action: Court Told Hospital Worker Shared Patient Information
May16

Legal Action: Court Told Hospital Worker Shared Patient Information

A legal action has been submitted against Atchison Hospital in Kansas by a rape victim who claims an x-ray technician at the hospital got in touch with her attacker and disclosed sensitive data about the treatment she received at the hospital. According to a report in the Kansas City Star, after being raped, the woman sought treatment at the hospital. She was given a rape kit examination, and allegedly made it clear to the hospital...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
1,100 Spectrum Health Lakeland Patients Affected by Phishing Attack
May11

1,100 Spectrum Health Lakeland Patients Affected by Phishing Attack

Spectrum Health Lakeland has revealed that a breach, the second the group has suffered in as many months, has exposed the protected health information (PHI) of some of its clients. The previous breach took place at Wolverine Services Group and affected around 60,000 of its patients. The latest incident involved an unauthorized person obtaining access to an email account due to the response to a phishing email. As was the case with the...

Read More

Extensive HIPAA Failures Lead to $3 Million Fine for Touchstone Medical Imaging

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed that a settlement has been agreed between with the Franklin, TN-based diagnostic medical imaging services firm, Touchstone Medical Imaging. The settlement resolves many breaches of HIPAA Rules identified by OCR during the review of a 2014 data breach. Touchstone Medical Imaging has agreed to a settlement of $3,000,000 in relation to the violations...

Read More
American Baptist Homes of the Midwest Reports Ransomware Attack
May10

American Baptist Homes of the Midwest Reports Ransomware Attack

American Baptist Homes of the Midwest (ABHM), a supplier of assisted living and assisted care centers around the U.S Midwest, has reported a security breach involving the use of ransomware on its systems. The attack began on or around March 10, 2019. The attack was detected quickly, but only after the encryption routine had kicked off. The attack was disabled and affected accounts were secured, but not in time to prevent widespread...

Read More
Delayed Breach Response Costs Tennessee Medical Imaging Firm $3 Million
May08

Delayed Breach Response Costs Tennessee Medical Imaging Firm $3 Million

It is not possible to prevent all healthcare data breaches, but when a breach is experienced it must be investigated and mitigated promptly. Delaying the breach response and notifications can prove extremely costly, as the Tennessee medical imaging firm Touchstone Medical imaging discovered. On May 9, 2014, Touchstone Medical Imaging was notified by the FBI that an FTP server had been left unsecured. At the same time, the HHS’ Office...

Read More
Sharecare Health Data Services Issues Alert 8 Months After Breach Discovery
Mar16

Sharecare Health Data Services Issues Alert 8 Months After Breach Discovery

Sharecare Health Data Services (SHDS), a San Diego firm that provides secure electronic exchange and medical records management services for healthcare groups, has contacted some of its clients to advise them that hackers gained access to parts of its systems that contained sensitive patient data. SHDS discovered abnormal network activity on June 26, 2018, leading to an in-depth investigation. The investigation showed cyber criminals...

Read More
16,440 Patients Affect by Breach at Kentucky Counseling Center
Mar06

16,440 Patients Affect by Breach at Kentucky Counseling Center

Kentucky Counseling Center (KCC) has uncovered a list of 16,440 clients has been illegally taken and shared with another person. A current member of staff is thought to have accessed and copied patient information without authorization, uploading the data to an anonymous file sharing service, and then sending a hyperlink to the list to a former staff member of KCC. The former staff member was sent the link to the patient list on...

Read More

PHI Incident at Rush University Medical Center Impacts up to 45,000 Patients

Rush University Medical Center is contacting around 45,000 patients to advise them that their PHI has been exposed due to a data incident at a financial services vendor. Rush discovered the incident on January 22, 2019. A member of staff of the financial services vendor was found to have shared a file containing patients’ PHI to an unauthorized third party in May 2018. The sort of information in the file varied from patient to patient...

Read More
Pawnee County Memorial Hospital Malware Attack Impacts 7,000 Patients
Feb14

Pawnee County Memorial Hospital Malware Attack Impacts 7,000 Patients

Pawnee County Memorial Hospital in Pawnee City, Nebraska, is contacting 7,038 clients that some of their protected health information has possibly been accessed by a cyber criminal. On November 29, 2018, the hospital were advised that malware had been downloaded which allowed an unauthorized person to obtain access to its email system. Malware was placed into the hospital’s email system when a staff member opened a malicious email...

Read More
Georgia Eye Associates Email Breach Impacts 24,000 Patients
Feb14

Georgia Eye Associates Email Breach Impacts 24,000 Patients

EyeSouth Partners has revealed that a cyber criminal has obtained access to a staff member’s email account and may have viewed/obtained the electronic protected health information (ePHI) of up to 24,000 clients. EyeSouth Partners is a registered business associate of Georgia Eye Associates, South Georgia Eye Partners, Cobb Eye Center, and Georgia Ophthalmology Associates. EyeSouth Partners became aware, on October 25 last year,...

Read More

$3m HIPAA Settlement Agreed Between Cottage Health and OCR

A HIPAA penalty settlement of $3,000,000 has been agreed between the Department of Health and Human Services’ Office for Civil Rights (OCRand the Santa Barbara, CA-based healthcare provider Cottage Health in relation to a HIPAA compliance breach. Cottage Health runs four different hospitals in California, including Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta Valley Cottage Hospital and Cottage Rehabilitation...

Read More
6,092 Patients of FABEN Obstetrics and Gynecology Alerted about Ransomware Attack
Feb01

6,092 Patients of FABEN Obstetrics and Gynecology Alerted about Ransomware Attack

FABEN Obstetrics and Gynecology has been hit by a ransomware hacking attack on a server that stored patients’ protected health information (PHI). The ransomware was discovered on November 21, 2018 and lead to widespread file encryption. A review was initiated to determine the extent of the attack and whether any patients’ PHI was obtained or downloaded by the hackers. A review of the files stored on the server showed that files...

Read More
Criminal HIPAA Violation Leads to Probation for Physician
Jan20

Criminal HIPAA Violation Leads to Probation for Physician

Following pleading guilty to a criminal violation of HIPAA Rules, a physician has received 6 months’ probation as an alternative to a jail term and financial penalty for the wrongful disclosure of patients’ PHI to a pharmaceutical company. The Department of Justice in Massachusetts heard the legal case in conjunction with a case against Massachusetts-based pharma firm Aegerion. In September 2017, the Novelion Therapeutics subsidiary...

Read More
Around 1,000 Lebanon VA Medical Center Patients have their PHI Impermissibly Disclosed
Jan18

Around 1,000 Lebanon VA Medical Center Patients have their PHI Impermissibly Disclosed

It has been discovered the protected health information of hundreds of elderly patients of Lebanon VA Medical Center in Pennsylvania has been impermissibly disclosed to a family member of a veteran. The data breach, which took place in November 2018, involved a member of staff at Lebanon VA Medical Center emailed a document to a family member of a veteran who was seeking nursing home facilities. The list should have included nursing...

Read More
AJMC Study: Following a Data Breach Hospitals’ Advertising Expenditure Rises 64%
Jan08

AJMC Study: Following a Data Breach Hospitals’ Advertising Expenditure Rises 64%

In a recent study published in the American Journal of Managed Care Sung J. Choi, PhD and M. Eric Johnson, PhD looked into how advertising expenditures at hospitals changed in the aftermath of a data breach. The study, showed that hospitals invest an average o f64% more on advertising spending in the year after a data breach. Advertising expenditures were discovered 79% higher over the two-year period after a data breach. The authors...

Read More
Q3 2018 Healthcare Data Breach Report Published
Nov09

Q3 2018 Healthcare Data Breach Report Published

A Q3 2018 healthcare data breach report from Protenus shows there has been a significant reduction in healthcare data breaches compared to the previous quarter. In Q2, 142 healthcare organizations reported data breaches compared to 117 in Q3. However, due to some large breaches in Q3, the total number of exposed records was substantially higher. Between July and September, the health records of 4,390,512 patients were exposed,...

Read More
Anthem Data Breach Settlement of $16 Million Agreed with OCR
Oct16

Anthem Data Breach Settlement of $16 Million Agreed with OCR

The largest ever healthcare data breach in the United States has attracted the largest ever fine for noncompliance with HIPAA Rules. The Anthem data breach settlement of $16 million eclipses the previous highest HIPAA fine of $5.55 million and reflects not only the severity of the Anthem Inc data breach, which saw the protected health information of 78.8 million plan members stolen, but also the extent of noncompliance with HIPAA...

Read More
Failure to Encrypt ePHI Costs Cancer Treatment and Research Center $4.34 Million
Jun19

Failure to Encrypt ePHI Costs Cancer Treatment and Research Center $4.34 Million

The Department of Health and Human Services’ Office for Civil Rights has announced its third HIPAA financial penalty of 2018. The $4.34 million civil monetary penalty is the fourth largest HIPAA penalty ever issued to resolve HIPAA violations. While most covered entities and business associates agree to settle HIPAA violations and pay the penalty, on rare occasions the penalties are contested, and the case goes before an...

Read More
582,000 Patients Warned of Potential PHI Compromise by California Dept. of Developmental Services
Apr27

582,000 Patients Warned of Potential PHI Compromise by California Dept. of Developmental Services

A recent survey carried out with hackers, incident responders, and penetration testers has showed that most can gain access to a targeted system in around 15 hours, but 54% of hackers take under five hours to gain access to a system, and identify and obtain sensitive data. The data comes from the second yearly Nuix Black Report and its survey of 112 hackers and penetration testers, 79% of which were located in the United States. Those...

Read More
Email Account Breach Impacts 4,000 Patients of Texas Health Resources
Apr16

Email Account Breach Impacts 4,000 Patients of Texas Health Resources

Texas Health Resources is sending notifications to ‘fewer than 4,000 patients’ that some of their Private Health Information may have been seen by an unauthorized persons. The Arlington-based health care provider, a supplier to over 1.7 million patients in North Texas, says that the data breach may have happened as early as October 2017, although they did not identify it until January 17, 2018, when law enforcement alerted the the...

Read More
Missing Hard Drives from Chesapeake Regional Healthcare Contained PHI of 2,100 Patients
Apr09

Missing Hard Drives from Chesapeake Regional Healthcare Contained PHI of 2,100 Patients

Chesapeake, Virginia based Chesapeake Regional Healthcare has reported that two hard drives containing the protected health information (PHI) of approximately 2,100 patients are missing from their Chesapeake Regional Medical Center campus at that location. The private health information stored on the devices in question relates to patients who participated in research at its Sleep Center between April 2015 and February 2018. it is...

Read More
Improper Disposal of PHI is Common According to JAMA Study
Apr05

Improper Disposal of PHI is Common According to JAMA Study

A recently completed study (published in JAMA) has emphasized  just how often hospitals are disposing of PHI in an unsafe fashion. While the study was completed in Canada, which is not subject to HIPAA, the results emphasize a critical area of PHI security that is often neglected. Incorrect Destruction of PHI is More Commonplace than Previously Thought Researchers at St. Michael’s Hospital in Toronto reviewed recycled paperwork at...

Read More
Breach Notification Act Passed by Alabama State Senate
Mar09

Breach Notification Act Passed by Alabama State Senate

The Alabama Data Breach Notification Act (Senate Bill 318) has been sent for consideration to the House of Representatives after the Alabama Senate last week unanimously passed it. Alabama is one of the two remaining states still yet to introduce legislation that requires companies to send notifications to people whose personal information is accessed in data breaches. South Dakota, the other state yet to introduce legislation, is...

Read More
NY Attorney General Fines EmblemHealth €575,000 for HIPAA Breach
Mar08

NY Attorney General Fines EmblemHealth €575,000 for HIPAA Breach

A mailing mistake by EmblemHealth in 2016 that resulted in the Health Insurance Claim Numbers of 81,122 plan subscribers printed on the exterior of envelopes has resulted in the New York Attorney General applying a $575,000 settlement fine. Despite that all mailings have a unique patient identifier on the envelope, in this case the potential for damage was high as Health Insurance Claim numbers are formed using the Social Security...

Read More
New York Surgery & Endoscopy Suffers Record Data Breach Affected 135,000 Patients
Mar06

New York Surgery & Endoscopy Suffers Record Data Breach Affected 135,000 Patients

A malware infection has potentially allowed hackers to gain access to the medical records of as many as 135,000 patients at St. Peter’s Surgery & Endoscopy Center, located in New York So far in 2018, this is the second largest healthcare data breach reported and the most serious seen in New York state since the 3,466,120-record data breach at Newkirk Products, Inc. in August 2016. The St. Peter’s Surgery & Endoscopy...

Read More
Kansas Department for Aging and Disability Services Experiences 11,000-Record Breach
Mar06

Kansas Department for Aging and Disability Services Experiences 11,000-Record Breach

It has been discovered that an employee at Kansas Department for Aging and Disability Services (KDADS) sent an unauthorized email to a group of KDADS business associates that included the protected health information of almost 11,000 individuals. The email was issued to individuals who had already signed a business associate agreement with KDADS which disallows them from disclosing or using inappropriately any emailed protected health...

Read More
5,123 Individuals Impacted by Flexible Benefit Service Corporation Breach
Mar06

5,123 Individuals Impacted by Flexible Benefit Service Corporation Breach

Chicago-Il-based general agency and benefit administrator Flexible Benefit Service Corporation (Flex) has revealed that a phishing attack resulted in an unauthorized person gaining access to a corporate email account. The security breach was first noticed on December 6, 2017 when an email account of a company worker was found to be sending phishing emails. The email account was compromised after a single worker replied to a phishing...

Read More
HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations
Mar04

HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has issued anti-phishing advice for healthcare organizations. The warning and advice comes after several major phishing attacks in healthcare. The risk from phishing is greater than ever before and healthcare organizations are being extensively targeted. If technical controls are not implemented and the workforce is not trained to recognize phishing attacks, data...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
HIPAA Compliance and Citrix ShareFile
Feb22

HIPAA Compliance and Citrix ShareFile

ShareFile was purchased by Citrix Systems during 2011 and the service is offered as a suitable data sync, file sharing, and collaboration service for the healthcare sector. it is vitally important for anyone considering using it to consider HIPAA compliance and Citrix Fileshare. It is a safe file sharing, data storage and collaboration service that permits large files to be easily sent within a company, with remote workers, and with...

Read More
HIPAA Compliance and Amazon CloudFront
Feb20

HIPAA Compliance and Amazon CloudFront

Amazon CloudFront is a web tool that permits users to quicken web content delivery across the Internet. In most case, when a website is visited, the visitor encounters some latency accessing static and dynamic pieces of content. This is due to the fact that web visitors will not make a direct connection to the content, instead they will be taken through a path to log onto the server where the content can be obtained. The path can...

Read More
HIPAA $100,000 Fine Applied After Illinois Business Closes
Feb16

HIPAA $100,000 Fine Applied After Illinois Business Closes

HIPAA covered organization and their business associates must continue to adhere to Rules even when they close down. The HHS’ Office for Civil Rights (OCR) has reinforced this point with a $100,000 fine for FileFax Inc., for violations that happened after the business had ceased operating. FileFax is a Northbrook, IL-based firm that supplies medical record storage, maintenance, and delivery facilities for HIPAA covered organizations....

Read More
Western Washington Medical Group Patients Impacted by HIPAA Breach
Feb12

Western Washington Medical Group Patients Impacted by HIPAA Breach

842 patients of Western Washington Medical Group have had their protected health information exposed when files including sensitive health information were disposed of with regular trash in November 2017. The breach occurred when the janitorial service used by the medical group removed the contents from shredding bins along with regular trash. Instead of sensitive documents being permanently terminated in adherence with HIPAA Rules,...

Read More
CarePlus Health Warns 11,200 Subscribers of PHI Breach
Feb07

CarePlus Health Warns 11,200 Subscribers of PHI Breach

A privacy incident has been suffered by Miami, FL-based CarePlus Health Plans where certain plan subscribers’ protected health information were mistakenly shared with other plan subscribers. Benefits statement explanations were sent to its plan subscribers on January 9 and January 16, 2018, although on January 17, CarePlus noticed that some of the statements had been sent to the wrong recipients. The EoB statements included details...

Read More
Lost Device Means PHI of 660 Eastern Maine Medical Center Patients Could Be at Risk
Feb06

Lost Device Means PHI of 660 Eastern Maine Medical Center Patients Could Be at Risk

A portable hard drive that has gone missing from the State Street facility, in Bangor, ME of Eastern Maine Medical Center. The group is now notifying 660 clients that some of their protected health information could have been exposed. The missing device did not have encryption and data on the device could be accessed without no password requirement. While it has not been confirmed if it was stolen, but the device could not be located...

Read More
Forrest General Hospital Phishing Attack  Exposes Patients’ PHI
Feb05

Forrest General Hospital Phishing Attack Exposes Patients’ PHI

The PHI has of patients of Forrest Health’s Forrest General Hospital has potentially been obtained by a third party after access was gained to the email account of one of the employees of a business associate, Horne LLP. HORNE LLP is a provider of certain Medicare reimbursement procedures to Forrest General Hospital and due to this needs requires access to patients’ private health information. HORNE found email account breach on...

Read More
DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records
Jan28

DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records

A malware attack experienced at Westminster Ingleside King Farm Presbyterian Retirement Communities may have allowed the hackers to obtain the protected health information of thousands of its clients. The Washington D.C., located assisted living center had adapted a wide range of security solutions to stop unauthorized access to its systems, although on this occasion they were unable to prevent the attack. The malware was identified...

Read More
53,000 Pharmacy Patients Have PHI Exposed in Email Hack
Jan25

53,000 Pharmacy Patients Have PHI Exposed in Email Hack

Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack. A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered. Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It...

Read More
Hancock Health Hit by Ransomware Attack
Jan19

Hancock Health Hit by Ransomware Attack

Following a ransomware attack on Indiana-based organization Hancock Health last  Thursday, staff at the hospital had no choice but to move to using pen and paper to detail patient health information, while IT staff made efforts to obstruct the attack and regain access to encrypted files. The attack started around 9.30pm on Thursday night when files on its network started to be encrypted. The attack initially caused the network to run...

Read More

Registered Nurses ‘Happy’ With PHI Security According to University of Phoenix Survey

The results of a recent survey completed by the University of Phoenix College of Health Professions indicates registered nurses (RNs) are of the belief that their organization’s ability to prevent data breaches is of an acceptable level. The survey was transmitted to 504 permanent RNs and administrative workers across the USA. Respondents had held their position for a minimum of two years. Just under half of RNs (48%) and 57% of...

Read More
Unencrypted Hard Drive Results in the PHI of 9387 Patients’ Being Exposed
Jan15

Unencrypted Hard Drive Results in the PHI of 9387 Patients’ Being Exposed

In late November, the Framingham, MA-based Charles River Medical Associates based practice discovered one of its external hard drives was missing from its usual location. The missing device contained x-ray images, names, patient ID numbers, and birth details. All patients who had visited the Framingham radiology lab for a bone density scan since 2010 had their x-ray images obtained – almost 9,400 individuals. The hard drive was...

Read More
PHI Breach at Oklahoma State University Center for Health Sciences
Jan13

PHI Breach at Oklahoma State University Center for Health Sciences

An unauthorized individual has gained access to parts of the Oklahoma State University Center for Health Sciences (OSUCHS) network and may have accessed files containing billing details of Medicaid patients. The security breach was uncovered on November 7, 2017 with access to the network terminated the next day. Third party computer forensics experts were employed to carry out a comprehensive investigation to determine which areas of...

Read More