7,777 Patients Impacted by Starling Physicians Email Breach
Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...
Five OCR HIPAA Fines for HIPAA Right of Access Failures
The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...
Citrix Endpoint Management/XenMobile Server Patches Released
Patches have been released to address two critical vulnerabilities in Citrix Endpoint Management (CEM) / XenMobile Server. The flaws could be exploited by an unauthenticated individual to access domain account credentials, take complete management of a XenMobile Server, and view VPN, email, and web applications and obtain sensitive corporate information. One of the flaws was discovered by Andrey Medov of Positive Technologies, who...
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....
Phishing Attack Hits Children’s Hospital in Colorado
Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...