Dedicated to providing the latest
HIPAA compliance news

SAFER Guides Updated by ONC: Ransomware Prevention and Mitigations Now Included
Mar28

SAFER Guides Updated by ONC: Ransomware Prevention and Mitigations Now Included

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has updated its SAFER Guides to include information to help healthcare providers protect against ransomware attacks and mitigate attacks should they occur. The Safety Assurance Factors for Electronic Health Record Resilience (SAFER) Guides were first released in January 2014 to help healthcare providers improve the...

Read More
What Can Small Healthcare Providers Do To Prevent Ransomware Attacks?
Mar23

What Can Small Healthcare Providers Do To Prevent Ransomware Attacks?

Ransomware attacks on healthcare providers are occurring with alarming frequency. Figures from the FBI suggest as many as 4,000 ransomware attacks are occurring every day. Healthcare organizations are targeted because they hold large volumes of data and access to those data is required to provide medical services to patients. Without access to patients’ health information, healthcare services can be severely disrupted. Such reliance...

Read More
WEDI Offers Healthcare Cybersecurity Tips to Improve Resilience Against Cyberattacks
Mar22

WEDI Offers Healthcare Cybersecurity Tips to Improve Resilience Against Cyberattacks

WEDI, the Workgroup for Electronic Data Interchange, has issued a new white paper exploring some of the common cybersecurity vulnerabilities that are exploited by threat adversaries to gain access to healthcare networks and patient and health plan members’ protected health information. The white paper – The Rampant Growth of Cybercrime in Healthcare – is a follow up to a primer released in 2015 that explored the anatomy of a...

Read More
Snapshot of Healthcare Data Breaches in February 2017
Mar21

Snapshot of Healthcare Data Breaches in February 2017

The Protenus Breach Barometer healthcare data breach report for February includes some good news. Healthcare data breaches have not risen month on month, with both January and February seeing 31 data breaches reported. The report offers some further good news. Healthcare hacking incidents fell in February, accounting for just 12% of the total number of breaches reported during the month. There was also a major fall in the number of...

Read More
OIG Discovers Multiple Security Vulnerabilities in the Massachusetts’ Medical Management Information System
Mar16

OIG Discovers Multiple Security Vulnerabilities in the Massachusetts’ Medical Management Information System

The Department of Health and Human Services’ Office of Inspector General has published the results of an audit of the Massachusetts’ Medical Management Information System (MMIS). The MMIS is maintained by the Massachusetts’s Executive Office of Health and Human Services which administers the State Medicaid program (MassHealth). The MMIS supports 1.67 million beneficiaries and processed around $13.8 billion in fiscal year 2015. The...

Read More
68% of Healthcare Organizations Have Compromised Email Accounts
Mar10

68% of Healthcare Organizations Have Compromised Email Accounts

Evolve IP has published the results of a new study that has revealed the extent to which healthcare email credentials are being compromised and sold on the dark web. The FBI has also recently warned about Business Email Compromise (BEC). Email credentials are highly valuable to cybercriminals. A compromised email account can be plundered to obtain highly sensitive data and an email account can be used to gain access to healthcare...

Read More
Redington-Fairview General Hospital Targeted with New Telephone Phishing Scam
Mar10

Redington-Fairview General Hospital Targeted with New Telephone Phishing Scam

Patients who have previously received medical services at Redington-Fairview General Hospital in Skowhegan, Maine have been targeted with a new telephone phishing scam. The criminals behind the phishing scam are attempting to get patients to reveal sensitive financial information and credit card numbers over the telephone by impersonating the hospital. Two patients have complained to hospital officials about receiving automated calls...

Read More
Security Analytics Solutions Can Improve Security Posture, But There Are Challenges
Mar08

Security Analytics Solutions Can Improve Security Posture, But There Are Challenges

A recent Ponemon Institute study has delved into the use and effectiveness of security analytics solutions. The study shows that while security analytics solutions can help organizations improve their security posture, there are many challenges with both deployment and day to day use. The purpose of the study was to find out how – and how much – these solutions are helping organizations and where they are failing. The study,...

Read More
OCR Urges Covered Entities to Monitor and Report Cyber Threats
Feb28

OCR Urges Covered Entities to Monitor and Report Cyber Threats

The healthcare system in the United States has suffered a barrage of cyberattacks in recent years and there is no sign that those attacks will ease. In all likelihood, attacks will increase in both number and severity. To counter the increased threat, healthcare organizations, government agencies, the private sector, and international network defense communities must collaborate, says the Department of Health and Human Services’...

Read More
81% of U.S. Healthcare Organizations Have Increased Security Spending in 2017
Feb24

81% of U.S. Healthcare Organizations Have Increased Security Spending in 2017

The 2017 Thales data threat report published earlier this week shows the healthcare industry is responding to the increased threat of data breaches and cyberattacks by committing more funds to improving cybersecurity defenses. After two record breaking years of healthcare data breaches – 2015 in terms of the number of records exposed or stolen, and 2016 in terms of the number of breaches reported – it is clear that the healthcare...

Read More
Quarter of Americans Have Been Impacted by a Healthcare Data Breach
Feb22

Quarter of Americans Have Been Impacted by a Healthcare Data Breach

Given the volume of healthcare records that have been exposed or stolen over the past two years, it comes as little surprise that 26% of Americans believe their health data have been stolen. The figures come from a recent survey conducted by Accenture. The survey was conducted on 2,000 U.S. adults and more than a quarter said that their medical information has been stolen as a result of a healthcare data breach. Healthcare information...

Read More
Healthcare Industry Threat Landscape Explored by Trend Micro
Feb22

Healthcare Industry Threat Landscape Explored by Trend Micro

Trend Micro has issued a new report that explores the healthcare industry threat landscape, the new risks that have been introduced by the inclusion of a swathe of IoT devices, and how cybercriminals are stealing and monetizing health data. Cybercriminals are attacking healthcare organizations with increased vigor. More attacks occurred last year than any other year, while 2015 saw a massive increase in stolen healthcare records....

Read More
Beware of Medical Device Hijack Attacks! Medjack.3 Discovered
Feb20

Beware of Medical Device Hijack Attacks! Medjack.3 Discovered

In 2015, security researchers discovered MEDJACK malware: A form of malware developed specifically to attack medical devices such as heart monitors, MRI machines, and insulin pumps. While medical devices have long been a potential target for cybercriminals, until the discovery of MEDJACK, the threat of cyberattacks on medical devices was largely theoretical. While MEDJACK could have been a one off, evidence emerged suggesting it was...

Read More
2016 Healthcare Data Breach Report Ranks Breaches By State
Feb15

2016 Healthcare Data Breach Report Ranks Breaches By State

A new 2016 healthcare data breach report has been released detailing incidents reported to the Department of Health and Human Services’ Office for Civil Rights. While other reports have already been compiled, this latest report – compiled by data loss prevention firm Safetica USA –  shows where those data breaches occurred and the states most affected by healthcare data breaches in 2016. Data for the 2016 healthcare data breach report...

Read More
Cybercriminals Switch File Types to Infect More Organizations with Malware
Feb10

Cybercriminals Switch File Types to Infect More Organizations with Malware

During the past year, spam volume increased considerably, as did the percentage of those emails that were malicious. The increase in malicious messages coincided with increased botnet activity. Botnets are now being used to send large-scale malware and ransomware campaigns. While spam email delivery of malware may have fallen out of favor in recent years, that is clearly no longer the case. During 2016, cybercriminals favored...

Read More
IRS Issues Warning About W-2 Phishing Scams
Feb07

IRS Issues Warning About W-2 Phishing Scams

W-2 phishing scams increased considerably in 2015 prompting the IRS to issue a warning about the risk of attack. Now, just over 4 weeks into 2017, the IRS has issued a further warning in response to the sheer number of W-2 phishing scams that have been reported so far this year. This type of scam – often referred to as business email compromise (BEC) or business email spoofing (BES) – is simple, but highly effective. The...

Read More
Email Spam Surged in 2016: 65% of Emails are Spam
Feb03

Email Spam Surged in 2016: 65% of Emails are Spam

Email spam is seen by many as a productivity draining nuisance. It clogs inboxes and takes up precious time; although the volume of malicious spam has grown significantly in the past 12 months. Email spam remains a major security threat. In 2010, following takedowns of botnets and arrests of key spammers, spam email volume fell. Spam email volume has since been relatively low. However, a recent analysis of email traffic by Cisco...

Read More
Hacking and Phishing Attacks Continue to Plague Healthcare Organizations
Feb02

Hacking and Phishing Attacks Continue to Plague Healthcare Organizations

Hacks, phishing attacks, malware, ransomware, insider incidents and W-2 scams – Cyberattacks on healthcare organizations are now coming from all angles. Attacks are also happening much more frequently than in years gone by. The healthcare industry is clearly under attack and is being extensively targeted by cybercriminals. As long as it remains profitable to do so, those attacks will continue. The value of healthcare data may have...

Read More
Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017
Feb02

Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017

The start of the year sees many worrying predictions made about healthcare cybersecurity and potential data breaches; however, Forrester Research has painted a particularly bleak picture for 2017. The firm expects data breaches on the scale of the 2015 Anthem Inc., cyberattack will be commonplace in 2017. 2016 saw more healthcare data breaches reported to OCR than in any other year. While the severity of those breaches was nowhere...

Read More
IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed
Jan31

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Organizations around the world are taking advantage of IoT and mobile applications to improve efficiency, yet too little is being done to ensure the applications are secure.  A key lesson from a recent Ponemon Institute survey is application usability and not just data security should always be factored into application development and cloud cost management or users will resist security measures and find workarounds. Organizations can...

Read More
OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs
Jan30

OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs

An annual review of Medicare administrative contractors’ (MACs) information security programs has shown them to be ‘adequate in scope and sufficiency’, although a number of security gaps were found to exist. The Social Security Act requires each MAC to have its information security program evaluated on an annual basis by an independent assessor. Each MAC must have the eight major requirements of the Federal Information Security...

Read More
Tax Season Triggers Wave of W-2 Business Email Compromise Attacks
Jan27

Tax Season Triggers Wave of W-2 Business Email Compromise Attacks

Campbell County Health is the latest victim of a W-2 business email compromise attack, which has resulted in the tax information of 1,457 hospital employees being disclosed to a scammer. The Gillette, WY-based healthcare system discovered Wednesday that an employee had responded to an email request for the W-2 form data of hospital employees. As is common in these scams, the attacker impersonated a hospital executive and requested W-2...

Read More
Healthcare Organizations Warned About Fileless Ransomware Attacks
Jan27

Healthcare Organizations Warned About Fileless Ransomware Attacks

Over the past two years, ransomware has grown to become one of the biggest cybersecurity threats. While most infections are random, the healthcare industry has been targeted in 2016 and the outlook for 2017 remains bleak. Many healthcare organizations attacked with ransomware have been able to make a full recovery by deleting systems and reconstituting data from backups. However, there have been numerous cases over the past 12 months...

Read More
New Report Reveals 2016 Data Breach Trends
Jan26

New Report Reveals 2016 Data Breach Trends

2016 was a particularly bad year for healthcare data breaches. The healthcare industry was targeted by ransomware gangs, careless employees left healthcare records exposed, and hackers broke through defenses on numerous occasions. 2016 was nowhere near as bad as 2015 in terms of the number of healthcare records stolen or exposed, but more healthcare data breaches were reported in 2016 than in previous years. But how did 2016 compare...

Read More
NIST Publishes Draft of Updated Cybersecurity Framework
Jan20

NIST Publishes Draft of Updated Cybersecurity Framework

It has been almost three years since the National Institute of Standards and Technology (NIST) published its Cybersecurity Framework. This week, NIST published a new draft – the first since the Framework was published in 2014 – which includes a number of tweaks, clarifications, and additions. However, as NIST points out, the new draft contains relatively minor updates. The Framework has not received a complete overhaul. According to...

Read More
Hacking Group Attempts to Extort Funds from Cancer Services Provider
Jan20

Hacking Group Attempts to Extort Funds from Cancer Services Provider

TheDarkOverlord has struck again, this time the victim was a small Indiana cancer charity. The attack occurred on January 11 and was accompanied with a 50 Bitcoin ($43,000) ransom demand. Little Red Door Cancer Services of East Central Indiana was threatened with the publication of confidential data if the ransom was not paid. The charitable organization provides a range of services to help victims of cancer live normal lives during...

Read More
Highmark BCBS of Delaware Investigates Data Breach Affecting 19,000 Individuals
Jan17

Highmark BCBS of Delaware Investigates Data Breach Affecting 19,000 Individuals

Highmark BlueCross BlueShield of Delaware is investigating a data breach that has impacted 19,000 beneficiaries of employer-paid health plans. The data breach involves two subcontractors of Highmark BCBS – Summit Reinsurance Services and BCS Financial Corporation. Karen Kane, Highmark BSBC director of privacy and information management, issued a statement saying 16 current and former Highmark self-insured customers have been impacted....

Read More
Warning for Healthcare Organizations that use MongoDB Databases
Jan11

Warning for Healthcare Organizations that use MongoDB Databases

Over the course of the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been steadily growing. Ethical Hacker Victor Gevers discovered in late December that many MondoDB databases had been left unprotected and were freely accessible over the Internet by unauthorized individuals. By January 6, he reported that 13 organizations had had their databases copied and deleted....

Read More
FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked
Jan10

FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked

The U.S. Food and Drug Administration (FDA) issued a safety communication Tuesday about cybersecurity flaws in certain St. Jude Medical cardiac devices and the Merlin@home transmitter after it was confirmed the devices could potentially be remotely accessed by unauthorized individuals. The FDA confirmed that unauthorized users could “remotely access a patient’s RF-enabled implanted cardiac device by altering the...

Read More
Cosmetic Surgery Center Reports Ransomware Infection: 11,400 Patients Impacted
Jan10

Cosmetic Surgery Center Reports Ransomware Infection: 11,400 Patients Impacted

Another healthcare provider has announced that a ransomware infection has resulted in patients’ protected health information being encrypted, and potentially accessed, by cybercriminals. The Susan M. Hughes Center, a provider of aesthetic medicine and cosmetic surgery services in New Jersey and Philadelphia, discovered ransomware had been installed on its computer system on August 30, 2016. A computer server was attacked and infected...

Read More