Dedicated to providing the latest
HIPAA compliance news

DA Launches Criminal Investigation into Actions of Curious Healthcare Employee
Mar22

DA Launches Criminal Investigation into Actions of Curious Healthcare Employee

Healthcare employees discovered to have improperly accessed the medical records of patients are likely to be terminated by their employers for breaching internal policies as well as HIPAA Rules. However, loss of employment is not the only punishment. Employees could also face a criminal investigation into their conduct, regardless of the reason why medical data were accessed. A criminal investigation is likely if medical records have...

Read More
Simplified HITRUST CSF Program Helps Small Healthcare Organizations with Compliance and Risk Management
Mar02

Simplified HITRUST CSF Program Helps Small Healthcare Organizations with Compliance and Risk Management

HITRUST has announced that it has updated the HITRUST CSF and has also launched a new CSF initiative specifically for small healthcare organizations to help them improve their resilience against cyberattacks. While the HITRUST CSF – the most widely adopted privacy and security framework – can be followed by healthcare organizations to improve their risk management and compliance efforts, for many smaller healthcare organizations...

Read More
Will HHS Secretary Tom Price Ease HIPAA Regulations?
Feb13

Will HHS Secretary Tom Price Ease HIPAA Regulations?

Tom Price was appointed as secretary of the Department of Health and Human Services on February 10, 2017, replacing Sylvia Matthews Burwell. The change in leadership could see a major change in focus at the HHS, which may extend to the HIPAA enforcement activities of the Office for Civil Rights. The appointment of a new director for the Office for Civil Rights may not be first on Price’s to do list, although the new HHS secretary is...

Read More
OCR Updates HIPAA Privacy Rule Guidance for Healthcare Professionals
Jan11

OCR Updates HIPAA Privacy Rule Guidance for Healthcare Professionals

The Department of Health and Human Services’ Office for Civil Rights has updated its HIPAA Privacy Rule guidance for healthcare professionals to help clear up confusion about allowable disclosures of protected health information to spouses, relatives, and patients’ loved ones. The majority of healthcare professionals are aware that the HIPAA Privacy Rule permits them to share the protected health information of a patient with a...

Read More
Quest Diagnostics Announces 34,000-Record ePHI Breach
Dec13

Quest Diagnostics Announces 34,000-Record ePHI Breach

Madison, New Jersey-based clinical laboratory service provider Quest Diagnostics is alerting 34,000 patients that some of their electronic protected health information (ePHI) has been stolen. Quest Diagnostics is business associate of many healthcare providers across the United States. Consequently, patients across the United States have been impacted by the breach. On November 26, 2016, an unknown individual gained access to the...

Read More
Further 4,100 Cardiac Patients Notified of Breach of ePHI
Dec13

Further 4,100 Cardiac Patients Notified of Breach of ePHI

A further 4,100 cardiac patients have been notified that some of their protected health information was exposed due to a security breach at Wilmington, DE-based Ambucor Health Solutions (AHS). The patients had previously had cardiac devices fitted at the New Mexico Heart Institute in Albuquerque. The Heart Institute contracted Ambucor Health Solutions to provide a cardiac monitoring service for its patients. AHS had implemented...

Read More
Security Cameras Could Be Your Biggest Security Weakness
Dec09

Security Cameras Could Be Your Biggest Security Weakness

Could a networked device that’s designed to enhance security be exploited by hackers to gain access to your network? In the case of security cameras, it is a distinct possibility. Security and surveillance camera security weaknesses could be exploited by hackers to gain access to the networks to which they connect. The cameras could also be used to check for physical security weaknesses or to spy on workers and patients. The past few...

Read More
ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities
Dec09

ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities

The U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and Office of Civil Rights (OCR) have published a new fact sheet explaining some of the circumstances under which the sharing of electronic healthcare information without patients’ written consent is permitted by Health Insurance Portability and Accountability Act (HIPAA) Rules. The HIPAA Privacy Rule came into...

Read More
Malvertising Campaign Highlights Importance of Patching Browsers
Dec09

Malvertising Campaign Highlights Importance of Patching Browsers

The importance of ensuring browsers and plugins are kept up to date has been highlighted by the discovery of a malverstising campaign that is targeting readers of popular news websites such as Yahoo and MSN. In the past two months, millions of individuals have been exposed to malicious adverts which automatically redirect users to websites where malware is downloaded. The campaign – termed Stegano – is being used to distribute a range...

Read More
OCR Warns Covered Entities of Risk of DDoS Attacks
Dec08

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past few weeks. The attacks involve flooding systems with information and requests to cause those systems to crash. The attacks have resulted in large sections of the Internet being taken offline, email systems have crashed, and other computer equipment taken out of action. DDoS attacks on healthcare organizations could prevent...

Read More
Lost CD Contained Social Security Numbers of 18,854 Health Plan Members
Dec08

Lost CD Contained Social Security Numbers of 18,854 Health Plan Members

18,854 health plan members have been notified of a potential breach of their protected health information following the loss of a compact disc in the mail. An employee at Aetna Signature Administrators (ASA), a provider of network and management services to group health plans, mailed a CD containing sensitive health plan members’ information to another ASA employee. The CD was mailed on September 6 and the envelope was delivered on...

Read More
Ransomware Attack Reported by East Valley Community Health Center
Dec08

Ransomware Attack Reported by East Valley Community Health Center

West Covina, CA-based East Valley Community Health Center (EVCHC) has started notifying patients that some of their electronic protected health information was compromised when ransomware was installed on one of its servers. The ransomware attack occurred on October 18, 2016 and involved a ransomware variant called Troldesh/Shade. As with other forms of ransomware, Troldesh conducts scans of its local environment and encrypts a wide...

Read More
21st Century Cures Bill Sails Through Senate
Dec08

21st Century Cures Bill Sails Through Senate

Last week, the House of Representatives unanimously voted in favor of the 21st Century Cures Act. Yesterday, the bill sailed through the Senate with a vote of 94-5. All that remains is for President Obama to add his signature to the bill, which is expected to happen in the next few days. President Obama has already said he is happy to sign the new bill. The bill will provide funding for a number of initiatives that are intended to...

Read More
Tampa General Hospital Settles Class Action Data Breach Lawsuit
Dec07

Tampa General Hospital Settles Class Action Data Breach Lawsuit

According to figures from the Federal Trade Commission, Florida is one of the top three states for fraud and identity theft. Criminals in the state use stolen consumer data to steal identities and file fraudulent tax returns, with the data often coming from healthcare organizations. Fraudsters often target the lowest paid healthcare workers and pay them to steal patients’ personal information and Social Security numbers. Many Florida...

Read More
Half of IT Pros Most Concerned About Insider Threats
Dec06

Half of IT Pros Most Concerned About Insider Threats

A considerable proportion of IT security budgets are directed to securing the network perimeter and with good reason. Hackers are breaking through security defenses with increasing frequency and this year has seen some of the biggest cyberattacks ever reported. However, internal threats should not be ignored. According to a recent Dimensional Research/Preempt study, most IT security professionals believe internal threats have...

Read More
Medical Devices Can Be Hacked Using Black Box Approach
Dec05

Medical Devices Can Be Hacked Using Black Box Approach

Researchers in the UK/Belgium have discovered it is possible to hack certain medical devices even when no prior understanding of how the devices work is known. Cyberattacks could be conducted to gain access to sensitive patient data or to cause patients to be harmed. The research team discovered that malicious messages could be sent to the devices and signals sent to prematurely drain batteries. The study was conducted by researchers...

Read More
Glendale Adventist Medical Center Fires Nurse for Inappropriately Accessing ePHI
Dec05

Glendale Adventist Medical Center Fires Nurse for Inappropriately Accessing ePHI

A nurse employed by Glendale Adventist Medical Center in Glendale, CA has been fired for inappropriately accessing the medical records of 528 patients of the medical center and White Memorial Medical Center in Boyle Heights, CA. The privacy breach was discovered in June 2016, although it is unclear when the nurse first started inappropriately accessing patient data. Glendale Adventist Medical Center discovered patient data were being...

Read More
Sagewood Retirement Community Attacked with Ransomware
Dec02

Sagewood Retirement Community Attacked with Ransomware

Sagewood, a retirement community in Phoenix, AZ, has notified 800 current and former residents about a ransomware attack that has potentially resulted in some of their electronic protected health information (ePHI) being accessed by the attackers. Sagewood enlisted the services of a computer forensics firm to investigate the attack. According to the substitute breach notice on the Sagewood website, the attack was short-lived. It was...

Read More
OptumHealth New Mexico Announces 2000-Record Data Breach
Dec02

OptumHealth New Mexico Announces 2000-Record Data Breach

OptumHealth New Mexico has notified 2,006 patients of a privacy breach that was caused by one of its vendors. The vendor had downloaded some electronic protected health information to a flash drive, which was then sent to an undisclosed recipient by mail using the U.S. Postal Service. The flash drive did not arrive at its destination. Upon discovery of the loss, the U.S. Postal Service was notified but attempts to locate the device...

Read More
21st Century Cures Act Unanimously Passed by House
Dec01

21st Century Cures Act Unanimously Passed by House

The 21st Century Cures Act has been passed by the House of Representatives with a vote of 392-26. One Democrat and twenty Republicans voted against the bill. The legislation will now go to the Senate for the vote, which will take place early next week. The legislation was passed by the House last year, although the bill failed in the Senate in July 2015. Numerous revisions have been made since last summer and this time around the 21st...

Read More
OCR Warns Healthcare Organizations of Fake HIPAA Audit Emails
Dec01

OCR Warns Healthcare Organizations of Fake HIPAA Audit Emails

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning to healthcare organizations about a new phishing email campaign that uses an official-looking OCR letterhead and the signature of OCR Director Jocelyn Samuels. Phishing emails usually encourage the recipients to click on malicious links that direct them to websites where malware is downloaded, to open infected email attachments, or to...

Read More
Healthcare Organizations Main Target for Hackers in 2017
Nov30

Healthcare Organizations Main Target for Hackers in 2017

Experian’s Data Breach Resolution team has released its annual data breach industry forecast for 2017. Experian has evaluated current cybersecurity trends and has made a number of predictions for the coming year. One of the key predictions is hackers will continue to be laser-focused on attacking healthcare organizations. New attack methods will be used and cyberattacks are likely to become much more sophisticated as healthcare...

Read More
1,745 Berkshire Medical Center Patients Impacted by Ambucor Health Solutions Breach
Nov30

1,745 Berkshire Medical Center Patients Impacted by Ambucor Health Solutions Breach

Berkshire Medical Center (BMC) in Pittsfield, Massachusetts has been informed that 1,745 patients of its cardiology department have been impacted by the security breach at Ambucor Health Solutions (AHS). The Wilmington, DE-based business associate provides a remote monitoring service for BMC patients that have been fitted with cardiac devices. In July, AHS discovered an employee had emailed the protected health information of 41...

Read More
50% of U.S. Companies Have Experienced a Ransomware Attack in the Past 12 Months
Nov29

50% of U.S. Companies Have Experienced a Ransomware Attack in the Past 12 Months

A recent survey conducted by Vanson Bourne on behalf of endpoint protection software vendor SentinelOne has cast light on the extent to which ransomware is being used to attack organizations around the globe. 500 cybersecurity decision makers were asked questions about recent ransomware attacks experienced by their organization. 48% of respondents said they had experienced at least one ransomware attack in the past 12 months, and...

Read More
CHI Franciscan Health Alerts Patients to ePHI Exposure
Nov28

CHI Franciscan Health Alerts Patients to ePHI Exposure

CHI Franciscan Health has started notifying patients about the potential exposure of some of their electronic protected health information after a laptop computer was stolen from an employee. According to The News Tribune, a CHI Franciscan Health employee had a backpack stolen on October 18. The backpack contained documents that included some patient health information, a work laptop computer, and a mobile phone. The backpack also...

Read More
Healthcare Industry Targeted with Gatak Trojan
Nov28

Healthcare Industry Targeted with Gatak Trojan

The healthcare industry is coming under attack by the actors behind the Gatak Trojan. Gatak, or Stegoloader as it is otherwise known, is not a new malware. The Trojan was first identified in 2011 and has since been used to attack a wide range of targets. However, according to a recent report by Symantec, the actors behind the malware have now set their sights firmly on the healthcare industry. 40% of the most affected organizations...

Read More
Vascular Surgical Associates Hacking Incident Reported
Nov25

Vascular Surgical Associates Hacking Incident Reported

Vascular Surgical Associates – A group of specialty-trained vascular surgeons in Atlanta – has announced that it has been the victim of a hacking incident that has potentially resulted in certain protected health information being viewed by unauthorized individuals. IT staff noticed unusual activity on one of the company’s servers on or around September 13, 2016. An investigation into the anomaly was launched, which revealed the...

Read More
Privacy Breach Reported by Wentworth-Douglass Hospital
Nov25

Privacy Breach Reported by Wentworth-Douglass Hospital

Wentworth-Douglass Hospital in Dover, New Hampshire has started alerting patients to a privacy breach experienced by one of its vendors, Ambucor Health Solutions. Ambucor Health Solutions provides a remote-monitoring service for cardiac devices for hospitals throughout the United States. Earlier this month, the company started notifying its clients of a privacy breach caused by one of its former employees. Prior to leaving employment,...

Read More
New Attack Vector Used to Spread Locky Ransomware
Nov24

New Attack Vector Used to Spread Locky Ransomware

This year, hospitals throughout the United States have been targeted by cybercriminals using ransomware. The malicious file-encrypting software is used to lock files that are critical for healthcare operations in the hope that a ransom payment will be made in order to regain access to locked data. In February, Hollywood Presbyterian was attacked and its computer systems were taken out of action for more than a week while the infection...

Read More
UMass to Pay OCR $650K to Resolve HIPAA Violations
Nov23

UMass to Pay OCR $650K to Resolve HIPAA Violations

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to a $650,000 settlement with University of Massachusetts Amherst (UMass). The settlement resolves HIPAA violations that contributed to the university experiencing a malware infection in 2013. In early 2013, malware was installed on a workstation in the Center for Language, Speech, and Hearing. The infection resulted in the impermissible disclosure...

Read More