Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers
Dec19

Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers

Three critical vulnerabilities have been found in Medtronic MyCareLink (MCL) Smart Patient Readers, which could be exploited by threat actors to gain access to protected health information, modify patient data, and take control of the paired cardiac device. The flaws are present in all versions of the MCL Smart Model 25000 Patient Reader. The first vulnerability, tracked as CVE-2020-25183, is an authentication protocol vulnerability....

Read More
Bill Passed by House Calling for HHS to Recognize Implementation of Cybersecurity Best Practices
Dec16

Bill Passed by House Calling for HHS to Recognize Implementation of Cybersecurity Best Practices

The House Energy and Commerce Committee has passed a new bill (HR 7898) which seeks to amend the HITECH Act to require the Department of Health and Human Services to recognize whether cybersecurity best practices have been implemented by HIPAA-covered groups and business associates when making specific determinations, such as fines following security breaches or for other regulatory aims. The HIPAA Safe Harbor Bill, if passed into...

Read More

Meharry Medical College & MEDNAX Services Email Account Breaches Reported

Meharry Medical College located in Nashville, TN, has revealed that an email account breach may have lead to in the illegal access of the protected health information of up to 20,963 patients. The email account breach was  first discovered around July 28, 2020 and was promptly mitigated. External technical experts were brought in to review the breach and discovered that the incident was kept to a single email account. On September 1,...

Read More
Breach of GDPR Advertising Cookies Laws Leads to Fine of €35m for Amazon
Dec11

Breach of GDPR Advertising Cookies Laws Leads to Fine of €35m for Amazon

Yesterday, the French Data Protection Authority CNIL, confirmed Amazon had been fined €35m for installing advertising tracking cookies on the devices of web users without having prior permission. This news comes in the wake of the CNIL revealing that Google will also be hit with a GDPR fine of €100m for the same misdemeanor. The official ruling can be read here. In the official investigation, CNIL identified Amazon’s French websites...

Read More
University of Cincinnati Medical Center HIPAA Right of Access Failure Results in $65,000 Fine
Nov22

University of Cincinnati Medical Center HIPAA Right of Access Failure Results in $65,000 Fine

The 18th HIPAA financial penalty of 2020,  the 12th fine under its HIPAA Right of Access enforcement initiative, has been revealed by HHS’ Office for Civil Rights. The most recent HIPAA fine of $65,000 was sanctioned against the University of Cincinnati Medical Center, LLC (UCMC) and grew out of a complaint submitted by OCR on May 30, 2019 from a patient who had issued a request to UCMC on February 22, 2019 seeking an electronic copy...

Read More