Dedicated to providing the latest
HIPAA compliance news

What Can Small Healthcare Providers Do To Prevent Ransomware Attacks?
Mar23

What Can Small Healthcare Providers Do To Prevent Ransomware Attacks?

Ransomware attacks on healthcare providers are occurring with alarming frequency. Figures from the FBI suggest as many as 4,000 ransomware attacks are occurring every day. Healthcare organizations are targeted because they hold large volumes of data and access to those data is required to provide medical services to patients. Without access to patients’ health information, healthcare services can be severely disrupted. Such reliance...

Read More
Urology Austin Ransomware Attack Announced
Mar23

Urology Austin Ransomware Attack Announced

Urology Austin has started notifying 279,663 patients that some of their protected health information may have been impacted in a recent ransomware attack. Potentially, the attackers gained access to names, addresses, dates of birth, medical information and the Social Security numbers of patients. The attack occurred on January 22, 2017, although rapid detection of the incident limited the damage caused. Within minutes of the attack,...

Read More
Snapshot of Healthcare Data Breaches in February 2017
Mar21

Snapshot of Healthcare Data Breaches in February 2017

The Protenus Breach Barometer healthcare data breach report for February includes some good news. Healthcare data breaches have not risen month on month, with both January and February seeing 31 data breaches reported. The report offers some further good news. Healthcare hacking incidents fell in February, accounting for just 12% of the total number of breaches reported during the month. There was also a major fall in the number of...

Read More
Almost 18,000 Metropolitan Urology Patients Impacted by Ransomware Attack
Mar17

Almost 18,000 Metropolitan Urology Patients Impacted by Ransomware Attack

Wauwatosa, WI-based Metropolitan Urology Group has recently discovered a ransomware attack that affected two computer servers potentially resulted in the attackers gaining access to the protected health information of 17,634 patients. The ransomware attack occurred on November 28, 2016, although it was initially unclear whether access to patients’ PHI had been gained by the attackers. Metropolitan Urology Group contracted an...

Read More
68% of Healthcare Organizations Have Compromised Email Accounts
Mar10

68% of Healthcare Organizations Have Compromised Email Accounts

Evolve IP has published the results of a new study that has revealed the extent to which healthcare email credentials are being compromised and sold on the dark web. The FBI has also recently warned about Business Email Compromise (BEC). Email credentials are highly valuable to cybercriminals. A compromised email account can be plundered to obtain highly sensitive data and an email account can be used to gain access to healthcare...

Read More
Simplified HITRUST CSF Program Helps Small Healthcare Organizations with Compliance and Risk Management
Mar02

Simplified HITRUST CSF Program Helps Small Healthcare Organizations with Compliance and Risk Management

HITRUST has announced that it has updated the HITRUST CSF and has also launched a new CSF initiative specifically for small healthcare organizations to help them improve their resilience against cyberattacks. While the HITRUST CSF – the most widely adopted privacy and security framework – can be followed by healthcare organizations to improve their risk management and compliance efforts, for many smaller healthcare organizations...

Read More
Theft, Hacking, Ransomware and Improper Accessing of ePHI – Attacks Coming from All Angles
Feb23

Theft, Hacking, Ransomware and Improper Accessing of ePHI – Attacks Coming from All Angles

Theft, hacking, ransomware, and improper ePHI access by employees – The past few days have seen a diverse range of healthcare data breaches reported. St. Joseph’s Hospital and Medical Center in Arizona, Family Service Rochester of Minnesota, and the University of North Carolina have all reported potential breaches of patients’ ePHI, while Lexington Medical Center in South Carolina has announced that the sensitive data of its employees...

Read More
Quarter of Americans Have Been Impacted by a Healthcare Data Breach
Feb22

Quarter of Americans Have Been Impacted by a Healthcare Data Breach

Given the volume of healthcare records that have been exposed or stolen over the past two years, it comes as little surprise that 26% of Americans believe their health data have been stolen. The figures come from a recent survey conducted by Accenture. The survey was conducted on 2,000 U.S. adults and more than a quarter said that their medical information has been stolen as a result of a healthcare data breach. Healthcare information...

Read More
Citizens Memorial Hospital Latest Victim of W-2 Phishing Scam
Feb17

Citizens Memorial Hospital Latest Victim of W-2 Phishing Scam

Another healthcare provider has announced that one of its employees has been fooled by a W-2 phishing scam. Citizens Memorial Hospital in Bolivar, MO., says a request for W-2 Form data was sent to one of its employees by email. The employee responded to the request believing the message was legitimate and had been sent internally. W-2 Forms for all employees at the 86-bed hospital who had taxable earnings for the 2016 fiscal year were...

Read More
Quarter of Healthcare Organizations Do Not Encrypt Data Stored in the Cloud
Feb17

Quarter of Healthcare Organizations Do Not Encrypt Data Stored in the Cloud

A recent survey by HyTrust has revealed that a quarter of healthcare organizations do not use encryption to protect data at rest in the cloud, even though the lack of encryption potentially places sensitive data – including the protected health information of patients – at risk of being exposed. Amazon Web Service (AWS) one of the most popular choices with the healthcare industry, although many healthcare organizations are using...

Read More
2016 Healthcare Data Breach Report Ranks Breaches By State
Feb15

2016 Healthcare Data Breach Report Ranks Breaches By State

A new 2016 healthcare data breach report has been released detailing incidents reported to the Department of Health and Human Services’ Office for Civil Rights. While other reports have already been compiled, this latest report – compiled by data loss prevention firm Safetica USA –  shows where those data breaches occurred and the states most affected by healthcare data breaches in 2016. Data for the 2016 healthcare data breach report...

Read More
Xerox: Nearly Half of Americans Concerned About Theft of Their Health Information
Feb13

Xerox: Nearly Half of Americans Concerned About Theft of Their Health Information

Healthcare data breaches in 2016 reached record levels, while 2015 saw more healthcare records stolen than the combined total stolen over the previous six years. Those data breaches have naturally had an effect on how healthcare patients view the security of their medical data. OCR figures show that since 2009, 166 million healthcare records have been stolen or exposed – that’s 52% of the population of the United States. It is...

Read More
Cybercriminals Switch File Types to Infect More Organizations with Malware
Feb10

Cybercriminals Switch File Types to Infect More Organizations with Malware

During the past year, spam volume increased considerably, as did the percentage of those emails that were malicious. The increase in malicious messages coincided with increased botnet activity. Botnets are now being used to send large-scale malware and ransomware campaigns. While spam email delivery of malware may have fallen out of favor in recent years, that is clearly no longer the case. During 2016, cybercriminals favored...

Read More
Hacking and Phishing Attacks Continue to Plague Healthcare Organizations
Feb02

Hacking and Phishing Attacks Continue to Plague Healthcare Organizations

Hacks, phishing attacks, malware, ransomware, insider incidents and W-2 scams – Cyberattacks on healthcare organizations are now coming from all angles. Attacks are also happening much more frequently than in years gone by. The healthcare industry is clearly under attack and is being extensively targeted by cybercriminals. As long as it remains profitable to do so, those attacks will continue. The value of healthcare data may have...

Read More
Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017
Feb02

Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017

The start of the year sees many worrying predictions made about healthcare cybersecurity and potential data breaches; however, Forrester Research has painted a particularly bleak picture for 2017. The firm expects data breaches on the scale of the 2015 Anthem Inc., cyberattack will be commonplace in 2017. 2016 saw more healthcare data breaches reported to OCR than in any other year. While the severity of those breaches was nowhere...

Read More
IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed
Jan31

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Organizations around the world are taking advantage of IoT and mobile applications to improve efficiency, yet too little is being done to ensure the applications are secure.  A key lesson from a recent Ponemon Institute survey is application usability and not just data security should always be factored into application development and cloud cost management or users will resist security measures and find workarounds. Organizations can...

Read More
eHealth Email Spoofing Attack Sees Employee W-2 Information Disclosed
Jan31

eHealth Email Spoofing Attack Sees Employee W-2 Information Disclosed

In the past few days, two email spoofing attacks have been reported by healthcare organizations that have resulted in the W-2 information of employees being sent to cybercriminals. Tax season phishing scams are to be expected at this time of year. Cybercriminals target HR and payroll employees and try to fool them into sending the W-2 information of employees via email. The scams are convincing. A casual glance at the address of the...

Read More
OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs
Jan30

OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs

An annual review of Medicare administrative contractors’ (MACs) information security programs has shown them to be ‘adequate in scope and sufficiency’, although a number of security gaps were found to exist. The Social Security Act requires each MAC to have its information security program evaluated on an annual basis by an independent assessor. Each MAC must have the eight major requirements of the Federal Information Security...

Read More
NIST Publishes Draft of Updated Cybersecurity Framework
Jan20

NIST Publishes Draft of Updated Cybersecurity Framework

It has been almost three years since the National Institute of Standards and Technology (NIST) published its Cybersecurity Framework. This week, NIST published a new draft – the first since the Framework was published in 2014 – which includes a number of tweaks, clarifications, and additions. However, as NIST points out, the new draft contains relatively minor updates. The Framework has not received a complete overhaul. According to...

Read More
Protenus Releases 2016 Healthcare Data Breach Report
Jan20

Protenus Releases 2016 Healthcare Data Breach Report

Protenus, in conjunction with Databreaches.net, has published its 2016 healthcare data breach report, summarizing the hacks and mishaps that have resulted in patient and health plan members’ protected health information being exposed or stolen. Fortunately, 2016 has not seen the mega data breaches of 2015, although it has been far from a good year. More than 27 million healthcare records were stolen in 2016 across 450 reported data...

Read More
OCR HIPAA Enforcement: Summary of 2016 HIPAA Settlements
Jan12

OCR HIPAA Enforcement: Summary of 2016 HIPAA Settlements

The Department of Health and Human Services’ Office for Civil Rights has stepped up its enforcement activities in recent years, and 2016 HIPAA settlements were at record levels. In total, payments of $22,855,300 were made to OCR in 2016 to resolve alleged HIPAA violations. Seven settlements were in excess of $1,500,000. In 2016, OCR settled alleged HIPAA violations with 12 healthcare organizations. Last year also saw an Administrative...

Read More
Warning for Healthcare Organizations that use MongoDB Databases
Jan11

Warning for Healthcare Organizations that use MongoDB Databases

Over the course of the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been steadily growing. Ethical Hacker Victor Gevers discovered in late December that many MondoDB databases had been left unprotected and were freely accessible over the Internet by unauthorized individuals. By January 6, he reported that 13 organizations had had their databases copied and deleted....

Read More
FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked
Jan10

FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked

The U.S. Food and Drug Administration (FDA) issued a safety communication Tuesday about cybersecurity flaws in certain St. Jude Medical cardiac devices and the Merlin@home transmitter after it was confirmed the devices could potentially be remotely accessed by unauthorized individuals. The FDA confirmed that unauthorized users could “remotely access a patient’s RF-enabled implanted cardiac device by altering the...

Read More
Patients Holding Back Health Information Over Data Privacy Fears
Jan05

Patients Holding Back Health Information Over Data Privacy Fears

A fully interoperable health system is becoming closer to reality. Barriers to health data sharing are being removed and the ONC and HHS’ Office for Civil Rights are stepping up their efforts to prevent information blocking by healthcare providers. However, in order for information to be able to flow, it is essential that information is collected. If healthcare providers and other healthcare organizations only have access to partial...

Read More
Largest Healthcare Data Breaches of 2016
Jan04

Largest Healthcare Data Breaches of 2016

2016 was a particularly bad year for healthcare data breaches. The largest healthcare data breaches of 2016 were nowhere near the scale of those seen in 2015 – 16,471,765 records were exposed compared to 113,267,174 records in 2015 – but more covered entities reported breaches than in any other year since OCR started publishing breach summaries on its ‘Wall of Shame’ in 2009. 2016 ranks as the second worst year in terms of...

Read More
FDA Issues Final Cybersecurity Guidance for Medical Device Manufacturers
Dec28

FDA Issues Final Cybersecurity Guidance for Medical Device Manufacturers

The U.S. Food and Drug Administration (FDA) has published final cybersecurity guidance for medical device manufacturers to help them better protect their devices from cyberattacks. The guidance will help device manufacturers implement a system for identifying and reporting potential security vulnerabilities to ensure flaws can be addressed before they are exploited by hackers. The threat of hackers using vulnerabilities in medical...

Read More
Joint Commission Ban on Secure Messaging for Orders Remains in Place
Dec22

Joint Commission Ban on Secure Messaging for Orders Remains in Place

The Joint Commission on Accreditation of Healthcare’s (Joint Commission) ban on the use of secure text messaging platforms for patient care orders will remain in place, according to its December newsletter. In April 2016, the Joint Commission took the decision to allow the use of a secure texting platform for sending orders. The ban was not totally lifted, as the Joint Commission required certain components to be in place and certain...

Read More
Security Risks of Unencrypted Pages Evaluated
Dec20

Security Risks of Unencrypted Pages Evaluated

Pagers are still extensively used in the healthcare industry even though the devices have been shown to pose a considerable security risk. Trend Micro has recently demonstrated – in the company’s ‘Leaking Beeps’ series of reports – the extent to which pagers leak data and how easy it is for sensitive information to be intercepted by cybercriminals. The equipment needed to intercept unencrypted pages can even be purchased for as...

Read More
TigerText Announces Record-Breaking Year for Growth
Dec16

TigerText Announces Record-Breaking Year for Growth

TigerText, the nation’s leading secure healthcare messaging platform provider, has announced it has recorded another record-breaking year for growth, signing up over 300 healthcare organizations in 2016. The company now boasts more than 3,000 healthcare customers in the United States, including five of the top ten largest health systems in the country. More than 10 million secure messages are now being sent via the TigerText platform...

Read More
ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator
Dec15

ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has challenged designers, developers, and health data privacy experts to create a new online Model Privacy Notice (MPN) generator. At present, the MPN is a voluntary resource that helps health technology developers who collect electronic health data provide information to consumers about how health data is collected,...

Read More