MicroDicom DICOM Viewer Vulnerabilities, Ivanti Connect Secure and Policy Secure Vulnerabilities and Threat Intelligence about Phobos Ransomware
Five Eyes Agencies Notifies of Persistent Exploitation of Ivanti Connect Secure and Policy Secure Vulnerabilities The Five Eyes Cybersecurity Agencies have given a notification that multiple threat actors are actively taking advantage of formerly exposed vulnerabilities in Ivanti Policy Secure And Ivanti Connect Secure gateways as of the beginning of December 2023. The vulnerabilities CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893...
Is it HIPAA Compliant to Use Marketo?
It is HIPAA compliant to use Marketo Engage to create, collect, maintain, and transmit Protected Health Information (PHI) if the automated marketing platform is part of an Experience Cloud for Healthcare subscription, if the subscription is supported by a Business Associate Agreement with Adobe, and if Marketo Engage is configured to comply with the appropriate Security Rule safeguards. Even when these conditions are met, it may also...
Choosing the Best Password Manager
Over the last few years, various surveys have claimed that the average Internet user has more than 100 online accounts that require login credentials. While these claims are possibly inflated to serve a purpose, many of us have more than twenty online accounts we use frequently, and probably another twenty online accounts we use from time to time. Remembering the login credentials for each online account, especially those we only use...
Does Bitwarden, Dashlane, or Keeper Offer Stronger Password Security?
Most password managers offer strong password security in much the same way – by encrypting data at rest and in transit so if data stored in a password manager is accessed or intercepted by a third party who does not have the decryption key, the data is indecipherable. However, some password managers make it easy for third parties to access your passwords without a decryption key. Password manager decryption keys are most often derived...
Which is more User-Friendly? Bitwarden, 1Password, or Dashlane?
To best answer the question which is more user-friendly – Bitwarden, 1Password, or Dashlane? – you have to look at the question from different perspectives. This is because someone who uses a vault-based password manager to save login credentials and autofill personal data is going to have different requirements to a business user or a system administrator. There are several factors to consider when evaluating the best...
How Does Bitwarden Compare to RoboForm and LastPass?
The Bitwarden password manager has lot of friends in the IT security industry due to being built on open-source software. Open-source software is regarded to be more secure and higher quality than proprietary or licensed software because it is constantly being reviewed and improved by the open-source community. However, platforms built on open-source software can also be difficult to use. Therefore, when Bitwarden was launched in...
Bitwarden vs Keepass Password Management Solutions
Bitwarden, KeePass, and KeePassXC are all good password management solutions for personal use. If you are looking for a personal password manager, choosing between these three can be a difficult task. To help you make a decision, we have reviewed all three solutions and highlighted some of the key features of each. Bitwarden Bitwarden is an open-source solution and, as such, has had its code assessed by bug hunters and the open-source...
Cost of Scripps Health Ransomware Attack Jumps to $113m
Universal Health Services, one of the largest healthcare providers in the United States, was attacked with Ryuk ransomware in September 2020 and it was initially claimed, in March 2021, that the financial damage caused by the attack equated to $67m in pre-tax losses, with the bulk of the costs due to the initial breach response, remediation, loss of acute care services, and a range of other expenses. The healthcare system manages 26...
Patients Redirected to Alternative Facilities in Wake of Memorial Health System Cyberattack
A suspected ransomware attack on the Memorial Health System, based in Marietta OH, has resulted in patents being redirected to alternative hospitals. The security breach occurred on Sunday morning and led to Memorial Health disabling its IT systems in order to prevent any additional damage being caused. Emergency protocols were quickly put in place as many of the IT systems were not accessible, and healthcare workers have started...
Best Linux Password Management Solutions
In the past, the demand for Linux password management solutions has been limited. Indirectly, the lack of demand was mostly due to the difficulty installing and troubleshooting proprietary software on Linux distributions (i.e., Oracle, Microsoft 365, etc.). Because of these issues, businesses were reluctant to use Linux distributions, developers stopped building Linux support into their apps, and businesses had no need to adopt Linux...
Best Small Business Password Managers
Choosing the best small business password managers is not as straightforward as you might think. Password managers for small businesses can vary in functionality and cost depending on the size of the business and the number of people who need access to business credentials. However, for a business of any size, it is important that passwords, credit cards details, and other information stored in the password manager are secure....
Password Recommendations from NCSC
The UK’s NCSC password recommendations have been refreshed recently and a new strategy is being shared that improves usability while also adhering to password strength requirements. There are many different schools of thought in relation to the creation of passwords, but all are based on the idea that passwords need to be complex enough so that they cannot be simply guessed, not only by humans, but also the algorithms used by hackers...
Password Management Security Review
Elsewhere on this site, we have compared commercial password managers for their ease of use and for their effectiveness as replacements for browser-based password managers such as Chrome and Firefox. We have also suggested why certain options are better for small businesses, where the skills may not exist to manage API integrations, directory synchronizations, and complex configurations. In this article, we´ll be looking at password...
Best Chrome Password Managers
If you browse the Internet and access online accounts using credentials stored in the Chrome browser, you might wonder why anybody might publish an article about the best Chrome password managers. The answer is straightforward. The Chrome password manager has its limitations and, while these limitations may not matter to some Chrome users, they matter to others. The Chrome password manager (more often called the Google password...
Gastroenterology Consultants Notifies Patients About January 2021 Ransomware Attack
Gastroenterology Consultants in Texas has started notifying patients about a cyberattack that took place on January 10, 2021 in which their protected health information was potentially compromised. Hackers infiltrated its network and deployed ransomware, which encrypted files rendering them inaccessible. The attackers may also have viewed or obtained files containing patient data prior to encrypting files. Gastroenterology...
Best Firefox Password Managers
If you use the Firebox browser and follow Internet security best practices, you may already be using the Firebox password manager. However, the “built-in” password manager for Firefox has limited capabilities and, in some circumstances, can expose your passwords, credit card details, and other sensitive data to bad actors. So, what are the alternatives to the default Firefox password browser, and which is best? The Firefox password...
What is a Recommended App for Password Sharing?
KeePass, Bitwarden and LastPass are all excellent tools when it comes to sharing passwords securely among employees within your organization. Selecting the correct one for your organization will depend on a range of factors including the level of security you need, how much you can invest, and the degree of control that your IT department needs over the solution. A password manager can greatly improve password security as it allows...
HIPAA Violation Results in Former Scripps Health Worker Being Charged for COVID-19 Unemployment Benefit Fraud
In a case being heard in San Diego, former Scripps Health employee Matthew Lombardo has been charged with felony HIPAA violations for obtaining and disclosing the protected health information of patients to his alleged co-conspirators. This is part of a Department of Justice investigation where nine San Diego residents have been charged in two separate indictments in connection with the theft of patients’ protected information and the...
Are Your Passwords Strong Enough?
In order to avoid your organization falling afoul of the ever-increasing attempts of cybercriminals to infiltrate business networks, it is important to invest some time and effort into improving password security. Passwords are often all that stand between a hacker and accounts containing sensitive data, and one compromised account could give a hacker the foothold they need to conduct a devastating ransomware attack. The single...
ClearBalance Phishing Attack Could Have Impacted More Than 200,000 Patients
ClearBalance, a San Diego-based loan provider that helps patients pay for their medical bills by offering payment plans, has reported that its suffered a phishing attack on March 8, 2021. A number of ClearBalance staff members were fooled into disclosing their login details, which allowed their email accounts to be accessed. ClearBalance discovered the attack on April 26, 2021 when an attempted fraudulent money transfer was detected....
Can Bitwarden be Hacked?
Bitwarden is a secure open-source password manager and a zero-knowledge solution, which means Bitwarden does not have access to the passwords in any user’s password vault and the source code of the solution is available for anyone to inspect. The security features of the password manager make it practically impossible to hack. Data are kept safe thanks to 256-bit AES encryption, a standard level of encryption which is deployed...
25,000 Patients Contacted About Lake County Health Department Data Breaches
The personal and protected health information of approximately 25,000 patients has potentially been impacted in two separate data breaches according to the Lake County Health Department in Illinois . The initial breach took place during 2019 when a Lake County Health member of staff sent an unencrypted email from their corporate email address to an internal employee’s personal email account. The email in question included a...
Brute Force Attack on Member Portal Impacts 30,000 Florida Blue Members
Following a brute force attack on the Florida Blue online member portal, the protected health information (PHI) of approximately 30,063 Florida Blue (Blue Cross and Blue Shield of Florida) may have been accessed or downloaded by unauthorized individuals. The attack, which began on June 8 2021, took place when unknown actors launched a brute force campaign which leveraged a massive database of user identifiers and matching passwords...
5 Best Free Password Managers
Most computers and mobile devices have free password managers built into their operating systems or browsers. For example, if you have a PC with a Mac operating system, you will have the Keychain password management system built into your computer. If you have an Android smartphone, you will have the Google password manager built into the default Chrome browser, and if you use Microsoft Edge on any device, that too has a built-in free...
How to Fix Cognitive Dissonance in Password Creation
A recent report has highlighted the lack of care of Internet users when it comes to their online activity. The 3rd Psychology of Passwords Report was based on a survey on 3,250 people globally to gauge their online behavior with regards to security and personal safety. Cybercriminal activity has increased as people spend more time online for business and leisure, and poor security practices have made it far too easy for hackers to...
Which Password Manager is the Best for Compatibility?
When it comes to password management for large companies, one of the most important aspects to consider, prior to investment, is the compatibility of each potential solution with all of the devices and operating systems on your network. Three of the most popular password management solutions are Bitwarden, LastPass and Dashlane. Picking the correct one for your company will depend on your specific requirements. Most of these solutions...
What are the Best Windows Password Managers?
If you use a PC running on Windows 8.1 or later, it comes with a built-in Windows password manager called Credential Manager. The Credential Manager not only saves passwords, but also Windows credentials for connecting automatically with a home or work network, certificate-based credentials for Smart Card logins, and generic credentials for allowing Microsoft apps such as OneDrive, Slack, and Xbox Live to use your PC´s resources....
Using Social Media Safely
There are very few individuals these days who do not use at least one social media platform for personal use or to promote their business. Due to this there is an onus on us all to be careful in relation to how much information we share across these platforms. Divulging too much information can give hackers the upper hand when it comes to trying to access our accounts to steal our private data and raid our financial accounts. A March...
Is Bitwarden the Most Secure Password Manager?
Bitwarden is a powerful password management solution with some great features and excellent security. You can easily create strong and unique passwords for all of your accounts, control access to passwords, share them securely between team members, and have the strongest possible privacy for your company without impacting the productivity your workers, but is it the most secure password manager on the market? Bitwarden provides the...
US Court of Appeals Ruling Suggests Legal Action Possible for Privacy Breaches Under 14th Amendment
A ruling by the U.S. Court of Appeals for the Fourth Circuit suggests individuals whose privacy has been violated could potentially take legal action under the 14th amendment, but has confirmed that there is no private cause of action under the Health Insurance Portability and Accountability Act (HIPAA) when an individual’s privacy is violated as a result of an improper disclosure of their protected health information. The case...
REvil Ransomware Attack Impacts University Medical Center of Southern Nevada
A ransomware attack on the University Medical Center of Southern Nevada (UMC) has resulted in an amount of patient data being stolen. The clinic released a statement saying it discovered suspicious activity on its network in June and moved swiftly to mitigate the attack by limiting access to its servers and databases. A review of the incident is ongoing and the relevant law enforcement agencies have been made aware of the attack. To...
Should you Switch to Bitwarden from LastPass?
If you’re currently considering changing the password management software you use, particularly a move away from LastPass following the changes that have recently been introduced to the free tier of the solution, it is well worth your while to take a look at one of the best free password managers currently available – Bitwarden. Bitwarden is widely considered to be the perfect free password manager on the market. It offers...
Is Bitwarden the Best Password Manager?
Available as an open-source password management software solution, Bitwarden is one of the strongest and easiest to use. Here we take a look at the various aspects of the solution that we feel makes Bitwarden such a good choice. Basic Bitwarden plans give you a great range of features, and for many users they will be sufficient and will give pretty much everything you could hope for in a free password management solution, such as the...
Lawsuit Filed Against Humana & Cotiviti Following 63,000+ Record Data Breach
Following the discovery of a data breach in December 2020, the health insurance and healthcare provider Humana and its business associate Cotiviti are facing legal action. A lawsuit was filed naming both companies on May 26, 2021 in the U.S. District Court for the Western District of Kentucky. The lawsuit alleges Humana mismanaged the records of members of its health insurance plans. The group had outsourced the duty of processing...
Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients
34,862 patients of Lafourche Medical Group, a Louisiana-based urgent care center operator, have been made aware that a security incident may have resulted in a portion of their of their protected health information being compromised. Lafourche Medical Group learned in March 2021 that an external accountant had replied to a phishing email that claimed to have been sent by one of the owners of Lafourche Medical Group. responding to the...
Best Password Manager for Android
Android is the most widely used mobile operating system – commanding 72% of the global market share – and most Android devices are supplied with Chrome as their default browser. As the Chrome browser uses the Google password manager to store user credentials securely, why might you need an alternative password manager for Android? The answer to this question depends on what you use your Android device for, what other...
HIPAA Right of Access Case Settled for $5,000 by Diabetes, Endocrinology & Lipidology Center
According to the HHS’ Office for Civil Rights (OCR), a settlement agreement has been negotiated with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) in relation to a possible HIPAA Right of Access breach. DELC is a West Virginia-based healthcare supplier that focuses on treating endocrine disorders. In August 2019, a complaint was submitted to OCR which claimed that DELC had breached HIPAA when it didn’t respond...
How Does Bitwarden Manage Your Passwords?
The Bitwarden password manager is one of the newest password management solutions available. It is an open source password manager, which means the code is available for anyone to review. It has excellent security and a great range of features, and it is also one of the most reasonably priced solutions with an excellent free tier. In this post we will delve into how Bitwarden works and how the solution manages your passwords. First of...
How to Create a Strong Master Password
In 2017, Verizon produced their annual Data Breach Investigations Report which revealed that just over 80% of breaches were due to the fact that weak or reused passwords were in place on the account and servers that cybercriminals eventually infiltrated. This highlights the importance of adding a strong password manager on your password manager. The master password means you only need to remember one password, but can create and store...
Will Biometric Password Managers Replace Traditional Passwords?
For some time there has been a great deal of speculation amongst the cybersecurity community that biometric password managers will eventually be able to take the place of traditional passwords and password management software. However, there are many issues with this potential development in cybersecurity.Here we will show what management software for traditional passwords, like Bitwarden, can offer and look at the weaknesses...
HIPAA Security Rule Violations Lead to $25,000 Settlement between Clinical Laboratory & OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) says a $25,000 HIPAA settlement has been agreed with Peachstate Health Management, LLC, dba AEON Clinical Laboratories, that resolves a HIPAA case involving several HIPAA Security Rule violations. CLIA-certified laboratory, Peachstate, supplies a variety of different services to HIPAA-covered entities, including clinical and genetic testing services through its...
Patients of Rehoboth McKinley Christian Health Care Services Informed of February 2021 Ransomware Attack
Rehoboth McKinley Christian Health Care Services (RMCHCS) has contacted patients to make them aware of a ransomware attack that hit the organization during February 2021 which may have compromised their protected health information (PHI). The breach has been reported to the HHS’ Office for Civil Rights as affecting 207,195 individuals. It was discovered that Conti ransomware hackers conducted the attack in February and stole a range...
What are the Driving Factors for Enterprises Behind Single Sign On (SSO) Solutions?
Single Sign-On or SSO allows system users to access a range of different devices and applications using just one set of credentials, for this reason it can be an invaluable tool for enterprises that wish to have a secure network while also making everything as easy as possible for network users. 5 Driving Factors for Enterprises Implementing SSO 1. Enhanced Security One of the main concerns about SSO is security is reduced, as only...
How to Avoid Using the Most Common Passwords
How to Avoid Using the Most Common Passwords When people create an online account requiring a username and password, many choose one of the most common passwords because they are easy to remember. The password may include a memorable string of keyboard characters (i.e., “qwerty”), a person´s name (i.e., “ashley”), the name of a device they are using (i.e., “samsung”), or some other phrase that means something to them (i.e.,...
Protecting Yourself from a Password Cracker
Protecting yourself and your organization from password crackers may appear to be an impossible mission, but it is much easier than you might imagine. You just need to have the right solution in place. There are dozens of password cracking applications available on darknet marketplaces, each with their own specific features, but they all work in a similar fashion and allow attackers to automate the process of password cracking and...
330K Patients Impacted in Ransomware Attack on New York Medical Group
Orthopedic Associates of Dutchess County has revealed that the protected health information (PHI) of some of its clients may have been impacted during a recent cyberattack. The New York medical group first noticed the security breach when suspicious activity was identified on its systems on March 5, 2021. Following this discovery, a review of the incident confirmed that systems had been accessed on or around March 1, 2021 by...
Data Breach Impacts Records of 200,000 Military Veterans
Online security expert Jeremiah Fowler has discovered an online database holding the protected health information (PHI) of approximately 200,000 U.S. military veterans was accessible until the issue was mitigated on April 18 of this year. The database was being used to store veterans’ identities, birth dates, contact details, medical data, appointment dates, unencrypted password details, and billing information. Access could be gained...
How Often Should Administrators & Network Users be Required to Change their Password?
It is common knowledge that passwords should be changed on a regular basis but there is much confusion about how often they should be changed. In addressing the question ‘how often should administrators and network users be required to change their password?’ there are a few things that we should consider. For those managing cybersecurity for a large company, network security must be considered along with meeting the...
NIST Password Recommendations
One of the best ways to protect online accounts is by following the Digital Identity Guidelines published by the National Institute of Standards and Technology (NIST). Although designed for federal agencies, the Guidelines have been the basis of personal and corporate online security for many years. However, in the most recent revision, some NIST password recommendations changed. The original NIST password requirements date back to...
Tackling Identity & Access Management Risks
The move to remote working by many companies both before and during the COVID-19 pandemic has seen considerable effort and investment in securing networks. One of the chief areas that businesses need to pay extra attention to is the creation of strong passwords. Poor password practices are frequently exploited by cybercriminals and poor passwords one of the main ways that cyberattacks succeed. The use of an Enterprise Password...
Is Incognito Mode Safe?
It is a common misconception that choosing to open a new browser window in Incognito Mode will mean that you are effectively operating under an invisible force field which will hide everything you do online from everyone else, but that is certainly not the case. Privacy modes have been added to many web browsers that offer a modicum of privacy, but they will not solve all privacy concerns at the click of a mouse. The reality is that...
How to Create the Perfect Master Password
When you use a commercial, vault-based password manager to secure passwords for online accounts, the vault itself has to be secured to prevent unauthorized access to your saved passwords. In order to secure the vault, you need to create the perfect master password and keep it separate from the password manager. Most people are familiar with browser password managers that offer to save your login credentials when you visit an online...
Why Passwords are Important
To explain why passwords are important, a simple analogy is to compare the login credentials you use to access an online account to your home. If you think of the username as being the equivalent of your physical address, the password is the key that enables you to enter the address. Similarly, the username identifies you to the website provider in the same way as a physical address would identify you to the Postal Service, but the...
HHS Information Blocking Regulations Now in Effect
Created by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking regulations are now in effect and are enforceable. The final rule described information blocking and introduced penalties for providers and certified health IT vendors who participate in activities that interfere with the access, transfer, and use of electronic health information (EHI). The final rule also established...
HIPAA Breaches at Montefiore Medical Center & Belden
It has been discovered that another Montefiore Medical Center employee has accessed patient information with no work reason for doing. It was made public that, during February 2020, a member of staff had accessed medical records without authorization over a period of five months in 2020 while another employee was found to have stolen the PHI of around 4,000 patients between January 2018 and July 2020. The most recent discovery...
Is 1Password, LastPass or Bitwarden Easier to Use?
One of the most important factors when evaluating password managers is ease of use. If a password manager is not easy to configure and populate, the potential exists for mistakes to be made in its set up. Similarly, if end users find using the password manager complicated, they will circumnavigate its controls with the potential consequences of using weak, re-used, or compromised passwords. This comparison of 1Password, LastPass, and...
What is the Best Password Manager for my Network & Devices?
In order to answer the question ‘What is the Best Password Manager for my Network & Devices?’ our team of experts has dedicated more than 10 hours to comparing and contrasting the app compatibility offered by Bitwarden, Keeper, and LastPass. All three are excellent password management options that feature strong security systems for individuals, families, and business users; however, even the strongest password...
Choosing the Best Password Manager
There are multiple websites offering advice on choosing the best password manager. Unfortunately, few distinguish between the best password manager for personal use and the best password manager for business use. Furthermore, although you may be a security-conscious individual, the assumption is often made that all visitors to password manager comparison sites are tech-savvy. This is not always the case. Most people are familiar with...
Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals
753,107 patients of NY-based provider of home health services Personal Touch Holding Corp are being made aware that a breach of their protected health information may have occurred. On January 27, 2021, Personal Touch was made aware that it had been impacted by a cyberattack that infiltrated its private cloud hosted by its managed service providers. The hackers encrypted the cloud-stored business files of Personal Touch and 29 of its...
New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case
The HHS’ Office for Civil Rights (OCR) has revealed a settlement has been agreed with Ridgewood, NJ-based Village Plastic Surgery to resolve a potential breach of the HIPAA Right of Access provision of the HIPAA Privacy Rule. As per the terms of the settlement, Village Plastic Surgery will pay a $30,000 fine and will implement a corrective action plan that includes the creation of policies and processes covering patient medical record...
HIPAA Right of Access Case Involving Massachusetts Mental Health Clinic Settled for $65,000
Following a HIPAA Right of Action investigation by the HHS’ Office for Civil Rights (OCR), Arbour Hospital, a mental health clinic in Boston, MA, has agreed to pay a $65,000 HIPAA fine. OCR was made aware of a possible breach of the HIPAA Right of Access on July 5, 2019. A patient of Arbour Hospital claimed he had asked for a copy of his medical records from the hospital on May 7, 2019 but had not been given with those records inside...
Multiple Lawsuits Filed by Victims of Accellion Ransomware Attack
The number of healthcare groups to reveal that they have been impacted by the ransomware attack on Accellion has grown, with two of the most recent victims listed as Trillium Community Health Plan and Arizona Complete Health. In December 2020, unauthorized people targeted zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance platform and illegally removed data of its customers before deploying CLOP ransomware....
Six-month Prison Term for Whistleblower Who Falsely Claimed Nurse Violated HIPAA
A six-month prison-term and $1,200 fine has been handed down to a Georgia man who falsely claimed a former acquaintance had violated patient privacy and breached the HIPAA compliance rules. Jeffrey Parker, 44, of Rincon, GA, claimed to be a HIPAA whistleblower in October 2019 and reported it HIPAA violations by an employee to the authorities. He claimed that there had been significant privacy breaches by a nurse at a Savannah, GA...
AllyAlign Health Ransomware Attack Impacts Tens of Thousands of Patients
Following an attempted ransomware attack that took place November 13, 2020, AllyAlign Health breach alerts have been sent to make members and providers aware of the privacy violation. According to the breach notification letters sent to affected individuals, the Glen Allen, VA-based Medicare Advantage health plan administrator discovered the attack on November 14, 2020. A review of the incident found the systems infiltrated by the...
U.S. Healthcare Data Breach Report for January 2021
January witnessed a 48% month-over-month drop in the number of large healthcare data breaches, down from 62 breach incidents in December to 32 in January, according to an analysis by HIPAA Journal. While this is well beneath the 38 data breaches that are reported on average each month, it is still more than 1 data breach every day. There would have been a major drop in the amount of breached records were it not for a major data breach...
Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident
In California, Laguna Hills-based Harvard Eye Associates has been affected by a cyberattack on its online storage vendor and the protected health information (PHI) of 29,982 patients could possibly have been stolen. The storage vendor made Harvard Eye Associates aware, on January 15, 2021, that cybercriminals had obtained access to its computer databases and stole data. While it was not known if files were encrypted to prevent access,...
US Fertility Facing Class Action Lawsuit Filed Over Ransomware Attack
Following a September 2020 ransomware attack and data breach that impacted 878,550 people, US Fertility is now facing a class action lawsuit for allowing it to occur. US Fertility is one of the largest providers of support services to infertility clinics in the United States. The company discovered on September 14, 2020 that ransomware had been used to encrypt files and its databases. The investigation showed that the cybercriminals...
Ransomware Fact Sheet Issued by the National Cyber Investigative Joint Task Force
The National Cyber Investigative Joint Task Force (NCIJTF) has published a ransomware factsheet in order to increase awareness of the threat of ransomware attacks and provide more information which can be used to address and prevent ransomware attacks. The fact sheet was created by an interagency group of over fifteen government bodies and is primarily intended to be implemented by police and fire departments, state, local, tribal and...
Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach
It has been discovered by the Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, that its web hosting provider failed to address vulnerabilities which were targeted by hackers to obtain access to its web portal and the protected health information of those applying for membership since 2013. Florida Healthy Kids had an agreement with Jelly Bean Communications Design, LLC to arrange the hosting of its...
Blackbaud Ransomware Attack Leads to Rady Children’s Hospital Class Action Lawsuit
In May 2020, the cloud software group Blackbaud was targeted and attacked with ransomware. As is typical in human managed ransomware attacks, data was stolen before file encryption took place. A portion of the stolen data included the fundraising databases of its healthcare customers. One of the impacted healthcare clients was Rady Children’s Hospital-San Diego, the biggest children’s hospital in California. A class action lawsuit has...
2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware
During 2020 – according to the latest State of Ransomware report from the New Zealand-based cybersecurity firm Emsisoft – healthcare, education, and government entities were the main focus of ransomware threat groups with 2,354 attacks being registered. Towards the end of 2019 ransomware was being extensively used in cyberattacks on the healthcare industry. The attacks dwindled in the first half of 2020 but rose...
More Stringent Application of HIPAA Right of Access Rules by OCR Results in $200,000 Penalty
There is further evidence of the increasingly stringent application of the HIPAA Right of Access Rules by the HHS’ Office for Civil Rights (OCR) on healthcare providers that are not providing patients with timely access to their medical records following the announcement that a settlement had been reached with Banner Health to bring a HIPAA Right of Access investigation to a conclusion for $200,000. Under the HIPAA Privacy Rule...
Ransomware Attack Impacts Lake Region Healthcare
On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The attack caused disruption to daily processes and procedures at its offices in Fergus Falls, Battle Lake, Ashby, and Barnesville. They moved swiftly to mitigate the attack and implemented their downtime procedures that had been developed for situations such as...
Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients
The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020. The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data. There has been no breach notification...
OCR Confirms HIPAA Rules on Disclosures of PHI to Health Information Exchanges
The Department of Health and Human Services’ Office for Civil Rights has published guidance on the Health Insurance Portability and Accountability Act (HIPAA) Rules related to disclosures of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). HIEs are organizations that facilitate the sharing of electronic PHI (ePHI) between more than two...
SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach
SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation to a 2019 data breach that exposed consumers’ personal private data. The Nevada-based emergency services provider was made aware by security expert Jeremiah Fowler in 2019 that it had an improperly configured Elasticsearch database that was leaking patient private data. The...
Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers
Three critical vulnerabilities have been found in Medtronic MyCareLink (MCL) Smart Patient Readers, which could be exploited by threat actors to gain access to protected health information, modify patient data, and take control of the paired cardiac device. The flaws are present in all versions of the MCL Smart Model 25000 Patient Reader. The first vulnerability, tracked as CVE-2020-25183, is an authentication protocol vulnerability....
Bill Passed by House Calling for HHS to Recognize Implementation of Cybersecurity Best Practices
The House Energy and Commerce Committee has passed a new bill (HR 7898) which seeks to amend the HITECH Act to require the Department of Health and Human Services to recognize whether cybersecurity best practices have been implemented by HIPAA-covered groups and business associates when making specific determinations, such as fines following security breaches or for other regulatory aims. The HIPAA Safe Harbor Bill, if passed into...
Meharry Medical College & MEDNAX Services Email Account Breaches Reported
Meharry Medical College located in Nashville, TN, has revealed that an email account breach may have lead to in the illegal access of the protected health information of up to 20,963 patients. The email account breach was first discovered around July 28, 2020 and was promptly mitigated. External technical experts were brought in to review the breach and discovered that the incident was kept to a single email account. On September 1,...
University of Cincinnati Medical Center HIPAA Right of Access Failure Results in $65,000 Fine
The 18th HIPAA financial penalty of 2020, the 12th fine under its HIPAA Right of Access enforcement initiative, has been revealed by HHS’ Office for Civil Rights. The most recent HIPAA compliance fine of $65,000 was sanctioned against the University of Cincinnati Medical Center, LLC (UCMC) and grew out of a complaint submitted by OCR on May 30, 2019 from a patient who had issued a request to UCMC on February 22, 2019 seeking an...
U.S. Data Breach Impacts 829,454 Luxottica Patients
The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of the private data of over 800,000 patients. Luxottica makes designer eyewear for numerous renowned fashion brands and owns many famous eyewear brands such as Ray-Ban. The group also manages the EyeMed vision benefits company and collaborates with LensCrafters, Target Optical, EyeMed, Pearle...
Saint Francis Healthcare Data Breach Lawsuit Settled for $350,000
In relation to September 2019 ransomware attack on Ferguson Medical Group (FMG), a $350,000 settlement has been reached between Saint Francis Healthcare System and patients impacted by the attack. FMG was purchased by Saint Francis after a cyberattack resulted in many important records being inaccessible. They tried to retrieve all impacted records via backups, though some were could no be rescued. These files included medical...
10th HIPAA Fine Under Right of Access Initiative Revealed by Office for Civil Rights
The 10th financial penalty under its HIPAA Right of Access enforcement initiative has been revealed by the U.S. Department of Health and Human Services’ Office for Civil Rights. California-based Riverside Psychiatric Medical Group has committed to paying a financial penalty of $25,000 to settle a possible HIPAA Right of Access breach and will implement a corrective action plan to see to it that compliance with this provision of the...
City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights
In Connecticut the City of New Haven has committed to paying a $203,400 financial penalty to the Department of Health and Human Services’ office for Civil Rights to compensate for a HIPAA violation case. An OCR investigation was initiated in May 2017 following a receipt of data breach notification originating in New Haven on January 24. OCR investigated if the City of New Haven was responsible for HIPAA violations. Following this...
Three Data Breaches Result in $1m HIPAA Penalty for Aetna
Aetna Life Insurance Company and the affiliated covered entity (Aetna) have settled a HIPAA compliance violation case with the Department of Health and Human Services’ Office for Civil Rights (OCR) and has agreed to pay a financial penalty of $1 million. OCR investigated Aetna after receiving three breach reports in 6 months in 2017 from the health insurer. The initial data breach was made known to OCR in June 2017 and was due to the...
OCR HIPAA Right of Access Initiative Results in 9th Financial Penalty
The HHS’ Office for Civil Rights (OCR) is maintaining the pace in its crackdown on healthcare groups that are 1005 adhering to the HIPAA right of access. Recently, OCR revealed that it is sanctioning its ninth enforcement action against a HIPAA-covered group in relation to the failure to provide patients with timely access to their medical records at a reasonable price. HIPAA allocates patients permission to view or receive a copy of...
Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty
Tennessee-based Community Health Systems and subsidiary CHSPCS LLC have settled a multiple-state action with 28 state attorneys general for $5 million. A joint investigation was launched headed by Tennessee Attorney General Herbert. H. Slatery III after a breach of the protected health information (PHI) of 6.1 million people in 2014. At the time, Community Health Systems owned, leased, or operated 206 hospitals. According to a 2014...
Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals on behalf of victims of the attacks could face sanctions risks for violating OFAC regulations. Victims of ransomware attacks that pay ransoms to cyber actors could similarly face steep fines from the federal government if it is discovered that the criminals behind the attacks are already...
Clinical Trial Software Provider Hit with Ransomware Attack
eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many of the company’s clientele, some of which are conducting Covid-19 vaccine trials. In the last year alone, eResearch Technology’s software was used in three quarters of all clinical trials carried out worldwide. The attack took place on September 20, 2020 forcing...
Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate
The Tennessee-based management company CHSPSC LLC, a supplier of services to a range of different subsidiary hospital operator companies and other affiliates of Community Health Systems, including legal, compliance, accounting, operations, human resources, IT, and health information management services, has been fined $2.3 million in relation to five potential violations of the HIPAA compliance rules. The fine was made public this...
7,777 Patients Impacted by Starling Physicians Email Breach
Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...
Five OCR HIPAA Fines for HIPAA Right of Access Failures
The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...
Updated Security Risk Assessment Tool Released by HHS
An updated version the Department of Health and Human Services’ Office for Civil Rights (OCR) Security Risk Assessment (SRA) Tool has now been released. The Office of the National Coordinator for Health Information Technology (ONC) developed the tool with the assistance of OCR in order to help small- to medium-sized healthcare suppliers comply with the security risk assessment requirements of the HIPAA Security Rule and the Centers...
MHealth App Developers and Cloud Services Providers New Resources made Available by OCR
New resources for mobile health app developers have been made available by the Department of Health and Human Services’ Office for Civil Rights (OCR). This comes with a planned update and rebranding of its Health App Developer Portal. The portal – Resources for Mobile Health Apps Developers – supplies information for mobile health app developers on the HIPAA Privacy, Security, and Breach Notification Rules and how they are relevant...
Citrix Endpoint Management/XenMobile Server Patches Released
Patches have been released to address two critical vulnerabilities in Citrix Endpoint Management (CEM) / XenMobile Server. The flaws could be exploited by an unauthenticated individual to access domain account credentials, take complete management of a XenMobile Server, and view VPN, email, and web applications and obtain sensitive corporate information. One of the flaws was discovered by Andrey Medov of Positive Technologies, who...
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....
Phishing Attack Hits Children’s Hospital in Colorado
Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...
Ban on HHS Funding a National Patient Identifier System Removed by House of Representatives
The House of Representatives has voted to remove the ban on the Department of Health and Human Services using federal funds to create a national patient identifier system. The Health Insurance Portability and Accountability Act (HIPAA) mandated the creation of a national patient identifier system. As the name indicates, a national patient identifier system would see each person in the United States issued with a permanent, unique...
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...
Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...