Dedicated to providing the latest
HIPAA compliance news

2016 Healthcare Data Breach Report Ranks Breaches By State
Feb15

2016 Healthcare Data Breach Report Ranks Breaches By State

A new 2016 healthcare data breach report has been released that analyzes incidents reported to the Department of Health and Human Services’ Office for Civil Rights last year. While other reports have already been compiled, this latest report – compiled by data loss prevention firm Safetica USA –  shows where those data breaches occurred and the states most affected by healthcare data breaches in 2016. Data for the 2016 healthcare data...

Read More
Cybercriminals Switch File Types to Infect More Organizations with Malware
Feb10

Cybercriminals Switch File Types to Infect More Organizations with Malware

During the past year, spam volume increased considerably, as did the percentage of those emails that were malicious. The increase in malicious messages coincided with increased botnet activity. Botnets are now being used to send large-scale malware and ransomware campaigns. While spam email delivery of malware may have fallen out of favor in recent years, that is clearly no longer the case. During 2016, cybercriminals favored...

Read More
IRS Issues Warning About W-2 Phishing Scams
Feb07

IRS Issues Warning About W-2 Phishing Scams

W-2 phishing scams increased considerably in 2015 prompting the IRS to issue a warning about the risk of attack. Now, just over 4 weeks into 2017, the IRS has issued a further warning in response to the sheer number of W-2 phishing scams that have been reported so far this year. This type of scam – often referred to as business email compromise (BEC) or business email spoofing (BES) – is simple, but highly effective. The...

Read More
Email Spam Surged in 2016: 65% of Emails are Spam
Feb03

Email Spam Surged in 2016: 65% of Emails are Spam

Email spam is seen by many as a productivity draining nuisance. It clogs inboxes and takes up precious time; although the volume of malicious spam has grown significantly in the past 12 months. Email spam remains a major security threat. In 2010, following takedowns of botnets and arrests of key spammers, spam email volume fell. Spam email volume has since been relatively low. However, a recent analysis of email traffic by Cisco...

Read More
Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017
Feb02

Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017

The start of the year sees many worrying predictions made about healthcare cybersecurity and potential data breaches; however, Forrester Research has painted a particularly bleak picture for 2017. The firm expects data breaches on the scale of the 2015 Anthem Inc., cyberattack will be commonplace in 2017. 2016 saw more healthcare data breaches reported to OCR than in any other year. While the severity of those breaches was nowhere...

Read More
IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed
Jan31

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Organizations around the world are taking advantage of IoT and mobile applications to improve efficiency, yet too little is being done to ensure the applications are secure.  A key lesson from a recent Ponemon Institute survey is application usability and not just data security should always be factored into application development and cloud cost management or users will resist security measures and find workarounds. Organizations can...

Read More
OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs
Jan30

OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs

An annual review of Medicare administrative contractors’ (MACs) information security programs has shown them to be ‘adequate in scope and sufficiency’, although a number of security gaps were found to exist. The Social Security Act requires each MAC to have its information security program evaluated on an annual basis by an independent assessor. Each MAC must have the eight major requirements of the Federal Information Security...

Read More
Tax Season Triggers Wave of W-2 Business Email Compromise Attacks
Jan27

Tax Season Triggers Wave of W-2 Business Email Compromise Attacks

Campbell County Health is the latest victim of a W-2 business email compromise attack, which has resulted in the tax information of 1,457 hospital employees being disclosed to a scammer. The Gillette, WY-based healthcare system discovered Wednesday that an employee had responded to an email request for the W-2 form data of hospital employees. As is common in these scams, the attacker impersonated a hospital executive and requested W-2...

Read More
Healthcare Organizations Warned About Fileless Ransomware Attacks
Jan27

Healthcare Organizations Warned About Fileless Ransomware Attacks

Over the past two years, ransomware has grown to become one of the biggest cybersecurity threats. While most infections are random, the healthcare industry has been targeted in 2016 and the outlook for 2017 remains bleak. Many healthcare organizations attacked with ransomware have been able to make a full recovery by deleting systems and reconstituting data from backups. However, there have been numerous cases over the past 12 months...

Read More
New Report Reveals 2016 Data Breach Trends
Jan26

New Report Reveals 2016 Data Breach Trends

2016 was a particularly bad year for healthcare data breaches. The healthcare industry was targeted by ransomware gangs, careless employees left healthcare records exposed, and hackers broke through defenses on numerous occasions. 2016 was nowhere near as bad as 2015 in terms of the number of healthcare records stolen or exposed, but more healthcare data breaches were reported in 2016 than in previous years. But how did 2016 compare...

Read More
NIST Publishes Draft of Updated Cybersecurity Framework
Jan20

NIST Publishes Draft of Updated Cybersecurity Framework

It has been almost three years since the National Institute of Standards and Technology (NIST) published its Cybersecurity Framework. This week, NIST published a new draft – the first since the Framework was published in 2014 – which includes a number of tweaks, clarifications, and additions. However, as NIST points out, the new draft contains relatively minor updates. The Framework has not received a complete overhaul. According to...

Read More
Hacking Group Attempts to Extort Funds from Cancer Services Provider
Jan20

Hacking Group Attempts to Extort Funds from Cancer Services Provider

TheDarkOverlord has struck again, this time the victim was a small Indiana cancer charity. The attack occurred on January 11 and was accompanied with a 50 Bitcoin ($43,000) ransom demand. Little Red Door Cancer Services of East Central Indiana was threatened with the publication of confidential data if the ransom was not paid. The charitable organization provides a range of services to help victims of cancer live normal lives during...

Read More
Highmark BCBS of Delaware Investigates Data Breach Affecting 19,000 Individuals
Jan17

Highmark BCBS of Delaware Investigates Data Breach Affecting 19,000 Individuals

Highmark BlueCross BlueShield of Delaware is investigating a data breach that has impacted 19,000 beneficiaries of employer-paid health plans. The data breach involves two subcontractors of Highmark BCBS – Summit Reinsurance Services and BCS Financial Corporation. Karen Kane, Highmark BSBC director of privacy and information management, issued a statement saying 16 current and former Highmark self-insured customers have been impacted....

Read More
Warning for Healthcare Organizations that use MongoDB Databases
Jan11

Warning for Healthcare Organizations that use MongoDB Databases

Over the course of the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been steadily growing. Ethical Hacker Victor Gevers discovered in late December that many MondoDB databases had been left unprotected and were freely accessible over the Internet by unauthorized individuals. By January 6, he reported that 13 organizations had had their databases copied and deleted....

Read More
FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked
Jan10

FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked

The U.S. Food and Drug Administration (FDA) issued a safety communication Tuesday about cybersecurity flaws in certain St. Jude Medical cardiac devices and the Merlin@home transmitter after it was confirmed the devices could potentially be remotely accessed by unauthorized individuals. The FDA confirmed that unauthorized users could “remotely access a patient’s RF-enabled implanted cardiac device by altering the...

Read More
Cosmetic Surgery Center Reports Ransomware Infection: 11,400 Patients Impacted
Jan10

Cosmetic Surgery Center Reports Ransomware Infection: 11,400 Patients Impacted

Another healthcare provider has announced that a ransomware infection has resulted in patients’ protected health information being encrypted, and potentially accessed, by cybercriminals. The Susan M. Hughes Center, a provider of aesthetic medicine and cosmetic surgery services in New Jersey and Philadelphia, discovered ransomware had been installed on its computer system on August 30, 2016. A computer server was attacked and infected...

Read More
Emory Healthcare Joins 28,000 Other Victims of MongoDB Ransom Attacks
Jan09

Emory Healthcare Joins 28,000 Other Victims of MongoDB Ransom Attacks

A hacker by the name of Harak1r1 has taken advantage of a misconfigured MongoDB healthcare database containing 200,000 records of Emory Healthcare patients. The hacker stole the database and issued a 0.2 Bitcoin ransom demand for its safe return. Emory healthcare is the largest healthcare provider in Georgia with headquarters in Atlanta. The database contained the protected health information of patients of the Emory Brain Health...

Read More
Patients Holding Back Health Information Over Data Privacy Fears
Jan05

Patients Holding Back Health Information Over Data Privacy Fears

A fully interoperable health system is becoming closer to reality. Barriers to health data sharing are being removed and the ONC and HHS’ Office for Civil Rights are stepping up their efforts to prevent information blocking by healthcare providers. However, in order for information to be able to flow, it is essential that information is collected. If healthcare providers and other healthcare organizations only have access to partial...

Read More
Largest Healthcare Data Breaches of 2016
Jan04

Largest Healthcare Data Breaches of 2016

2016 was a particularly bad year for healthcare data breaches. The largest healthcare data breaches of 2016 were nowhere near the scale of those seen in 2015 – 16,471,765 records were exposed compared to 113,267,174 records in 2015 – but more covered entities reported breaches than in any other year since OCR started publishing breach summaries on its ‘Wall of Shame’ in 2009. 2016 ranks as the second worst year in terms of...

Read More
108 L.A. County Employees Fall for Phishing Attack: 756,000 Impacted
Jan03

108 L.A. County Employees Fall for Phishing Attack: 756,000 Impacted

It has taken some time for the County of Los Angeles to announce it was the victim of a major phishing attack, especially considering the attack was discovered within 24 hours of the May, 2016 breach. However, notification had to be delayed so as not to interfere with an “extensive” criminal investigation. The investigation into the phishing attack was conducted by county district attorney Jackie Lacey’s cyber investigation...

Read More
Healthcare Pages Intercepted and Posted Online
Dec30

Healthcare Pages Intercepted and Posted Online

Providence Health & Services, a not-for-profit health system operating in Alaska, California, Montana, Oregon, and Washington, has discovered its paging system has been breached by an unauthorized individual. Pages were intercepted and posted online exposing a limited amount of patients’ protected health information. The individual responsible for the pager attack posted pager transmissions that included patients’ names, room...

Read More
FDA Issues Final Cybersecurity Guidance for Medical Device Manufacturers
Dec28

FDA Issues Final Cybersecurity Guidance for Medical Device Manufacturers

The U.S. Food and Drug Administration (FDA) has published final cybersecurity guidance for medical device manufacturers to help them better protect their devices from cyberattacks. The guidance will help device manufacturers implement a system for identifying and reporting potential security vulnerabilities to ensure flaws can be addressed before they are exploited by hackers. The threat of hackers using vulnerabilities in medical...

Read More
Increase in Ransomware and Cyberattacks Linked to Fall in Price of Health Data
Dec23

Increase in Ransomware and Cyberattacks Linked to Fall in Price of Health Data

The value of health records on the black market dropped substantially in 2016. A set of health records is now reportedly attracting a price of between $1.50 and $10, according to a recent report from TrapX. Back in 2012, the value of a complete set of health records was around $50 to $60. The fall in price is easy to explain. Last year saw more than 113 million healthcare records breached, according to figures from the Department of...

Read More
Security Risks of Unencrypted Pages Evaluated
Dec20

Security Risks of Unencrypted Pages Evaluated

Pagers are still extensively used in the healthcare industry even though the devices have been shown to pose a considerable security risk. Trend Micro has recently demonstrated – in the company’s ‘Leaking Beeps’ series of reports – the extent to which pagers leak data and how easy it is for sensitive information to be intercepted by cybercriminals. The equipment needed to intercept unencrypted pages can even be purchased for as...

Read More
November 2016 Worst Month for Healthcare Data Breaches: 57 Incidents Reported
Dec16

November 2016 Worst Month for Healthcare Data Breaches: 57 Incidents Reported

Many people will be glad to see the back of 2016. It has been a difficult year, especially for healthcare organizations. Ransomware attacks have increased, hacking incidents are up, and more data breaches have been reported this year than in any other year since records started to be kept by the Department of Health and Human Services’ Office for Civil Rights (OCR). The year is certainly not ending well. November saw the highest...

Read More
IBM: 70% of Businesses Paid Cybercriminals to Unlock Ransomware
Dec15

IBM: 70% of Businesses Paid Cybercriminals to Unlock Ransomware

Ransomware has grown in popularity over the past two years and 2016 has seen record numbers of attacks on businesses. Cybercriminals see ransomware as an easy way to make money. Rather than having to infiltrate a system, steal data, and sell those data on the black market – a process that can take months before payment is received – a ransomware infection usually results in quick payment of funds. Payments are typically received...

Read More
Phishing Emails Used in 91% of Cyberattacks
Dec14

Phishing Emails Used in 91% of Cyberattacks

A single phishing email is all it may take for a cybercriminal to gain access to a computer network and sensitive data. Even when organizations have developed highly sophisticated cybersecurity defenses, a single spear phishing email can see those defenses bypassed. According to a recent study by PhishMe, 91% of cyberattacks commence with spear phishing emails. For the study, PhishMe assessed response rates from more than 40 million...

Read More
Security Cameras Could Be Your Biggest Security Weakness
Dec09

Security Cameras Could Be Your Biggest Security Weakness

Could a networked device that’s designed to enhance security be exploited by hackers to gain access to your network? In the case of security cameras, it is a distinct possibility. Security and surveillance camera security weaknesses could be exploited by hackers to gain access to the networks to which they connect. The cameras could also be used to check for physical security weaknesses or to spy on workers and patients. The past few...

Read More
OCR Warns Covered Entities of Risk of DDoS Attacks
Dec08

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past few weeks. The attacks involve flooding systems with information and requests to cause those systems to crash. The attacks have resulted in large sections of the Internet being taken offline, email systems have crashed, and other computer equipment taken out of action. DDoS attacks on healthcare organizations could prevent...

Read More
Medical Devices Can Be Hacked Using Black Box Approach
Dec05

Medical Devices Can Be Hacked Using Black Box Approach

Researchers in the UK/Belgium have discovered it is possible to hack certain medical devices even when no prior understanding of how the devices work is known. Cyberattacks could be conducted to gain access to sensitive patient data or to cause patients to be harmed. The research team discovered that malicious messages could be sent to the devices and signals sent to prematurely drain batteries. The study was conducted by researchers...

Read More