Recent News

Report Reveals the Most Common Cyber Threats Faced by Healthcare Organizations

A new report from Proofpoint offers insights into the cyber threats faced by healthcare organizations and the most common attacks that lead to healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report highlights the ever-changing threat landscape and how the tactics used by...

Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

Gartner has published its 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs). The report contains an analysis of the healthcare cloud market and explains how the cloud can be a viable option for healthcare organizations seeking greater efficiency and...

California Amends CCPA and Expands Definition of Personal Information Warranting Data Breach Notifications

California Governor Gov. Gavin Newsom has signed a new bill that updates data breach notification law in California, expanding the definition of personal information that requires notifications to be sent to state residents affected by a data breach. Prior to the update, notifications were required...

Hunt Regional Healthcare Revises May 2018 Data Breach Total

Texas-based Hunt Regional Healthcare has discovered a May 2018 cyberattack was much more extensive than previously thought. On May 14, 2019, Hunt Regional was informed by the FBI that its systems had been the subject of a sophisticated, targeted cyberattack in May 2018 and that a small subset of...

MITA Publishes New Medical Device Security Standard

The Medical Imaging & Technology Alliance (MITA) has released a new medical device security standard which provides healthcare delivery organizations (HDOs) with important information about risk management and medical device security controls to harden the devices against unauthorized access...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Philadelphia Department of Public Health Data Breach Exposed Data of Hepatitis Patients

The Philadelphia Department of Public Health (PDPH) has discovered sensitive information of patients with hepatitis B and hepatitis C has been exposed over the internet and could be accessed by anyone without the need for authentication. The breach came to light on Friday October 12, 2019 following...

New York Legislation Prohibits First Responders from Selling Patient Data for Marketing Purposes

On October 7, 2019, New York Governor Andrew Cuomo signed new legislation into law – S.4119/A.230 – that prohibits first responders and ambulance service personnel from selling or disclosing patient data to third parties for marketing or fundraising purposes. The bill was originally...

Pulse Connect, GlobalProtect, Fortigate VPN Vulnerabilities Being Actively Exploited by APT Actors

Vulnerabilities in popular VPN products from Pulse Secure, FortiGuard, and Palo Alto are being actively exploited by advanced persistent threat (APT) actors to gain access to VPNs and internal networks. The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and other cybersecurity...

MITA Publishes New Medical Device Security Standard

The Medical Imaging & Technology Alliance (MITA) has released a new medical device security standard which provides healthcare delivery organizations (HDOs) with important information about risk management and medical device security controls to harden the devices against unauthorized access...

HHS Proposes New Stark Law Safe Harbor Covering Cybersecurity Donations

The U.S. Department of Health and Human Services (HHS) has proposed changes to physician self-referral and federal anti-kickback regulations which will see the creation of a new safe harbor covering hospital donations of cybersecurity software and associated services to physicians. The proposed law...

Pulse Connect, GlobalProtect, Fortigate VPN Vulnerabilities Being Actively Exploited by APT Actors

Vulnerabilities in popular VPN products from Pulse Secure, FortiGuard, and Palo Alto are being actively exploited by advanced persistent threat (APT) actors to gain access to VPNs and internal networks. The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and other cybersecurity...

Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

Gartner has published its 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs). The report contains an analysis of the healthcare cloud market and explains how the cloud can be a viable option for healthcare organizations seeking greater efficiency and...

400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks has revealed 24.3 million medical images contained in image storage systems are freely accessible online and require no authentication to view or...

Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices Issued by NCCoE

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices allow employees to access resources essential for their work...

Hunt Regional Healthcare Revises May 2018 Data Breach Total

Texas-based Hunt Regional Healthcare has discovered a May 2018 cyberattack was much more extensive than previously thought. On May 14, 2019, Hunt Regional was informed by the FBI that its systems had been the subject of a sophisticated, targeted cyberattack in May 2018 and that a small subset of...

Philadelphia Department of Public Health Data Breach Exposed Data of Hepatitis Patients

The Philadelphia Department of Public Health (PDPH) has discovered sensitive information of patients with hepatitis B and hepatitis C has been exposed over the internet and could be accessed by anyone without the need for authentication. The breach came to light on Friday October 12, 2019 following...

68,000 Patients of Methodist Hospitals Impacted by Phishing Attack

In June 2019, Gary, Indiana-based Methodist Hospitals discovered an unauthorized individual had gained access to the email account of one of its employees following the detection of suspicious activity in the employee’s email account. An investigation was immediately launched and third-party...

Dental Practice Fined $10,000 for PHI Disclosures on Yelp

The Department of Health and Human Services’ Office for Civil Rights has agreed to settle a HIPAA violation case with Elite Dental Associates over the impermissible disclosure of multiple patients’ protected health information (PHI) when responding to patient reviews on the Yelp review...

Sen. Rand Paul Introduces National Patient Identifier Repeal Act

Sen. Rand Paul, M.D., (R-Kentucky) has introduced a new bill that attempts to have the national patient identifier provision of HIPAA permanently removed due to privacy concerns over the implementation of such a system. Today, HIPAA is best known for its healthcare data privacy and security...

Businesses Slow to Modify and Block Access Rights When Employees Change Roles or Leave the Company

A recent survey of IT professionals, conducted by IT firm Ivanti has revealed access rights to digital resources are not always terminated promptly when employees change roles or leave the company. The latter is especially concerning as there is a high risk of data theft and sabotage of company...

Dental Practice Fined $10,000 for PHI Disclosures on Yelp

The Department of Health and Human Services’ Office for Civil Rights has agreed to settle a HIPAA violation case with Elite Dental Associates over the impermissible disclosure of multiple patients’ protected health information (PHI) when responding to patient reviews on the Yelp review...

Senate Fails to Remove Ban on Funding of National Patient Identifier System

The Department of Health and Human Services (HHS) is prohibited from using any of its budget to fund the development and implementation of a national patient identifier, but there was hope that the ban would finally be lifted this year. The House of Representatives added an amendment to its...

OCR Settles First HIPAA Violation Case Under 2019 Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that one of the main areas of HIPAA enforcement in 2019 would be HIPAA right of access failures, including untimely responses to access requests and overcharging for copies of medical...

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

Sen. Rand Paul Introduces National Patient Identifier Repeal Act

Sen. Rand Paul, M.D., (R-Kentucky) has introduced a new bill that attempts to have the national patient identifier provision of HIPAA permanently removed due to privacy concerns over the implementation of such a system. Today, HIPAA is best known for its healthcare data privacy and security...

Hurricane Dorian: Limited HIPAA Waiver Issued in Puerto Rico, Florida, Georgia, North and South Carolina

Alex Azar, Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency (PHE) in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian.  On September 4, a PHE was also declared in North Carolina, retroactive to...

HHS Proposes Rule Easing Restrictions on Substance Use Disorder Treatment Records

The Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed a new rule that loosens restrictions on substance use disorder (SUD) treatment records, aligning Part 2 regulations more closely with HIPAA. The new rule, proposed on August 22, is the first element of the HHS’s...