Recent News

Gore Medical Management Alerted to 2017 Breach of 79,100 Patients’ PHI

Gore Medical Management, a medical practice company based in Griffin, GA, has discovered a historic data breach involving the protected health information (PHI) of 79,100 individuals. The breach occurred in 2017 and affects patients of Family Medical Center in Thomaston, which is now part of Upson...

Email Security Breach Impacts 45,000 Covenant Healthcare Patients

Covenant Healthcare in Saginaw, MI has discovered an unauthorized individual gained access to two employee email accounts that contained the protected health information of approximately 45,000 patients. The security breach was identified on December 21, 2020, with the investigation revealing the...

CISA Warns of Active Exploitation of Accellion File Transfer Appliance Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity authorities Australia, New Zealand, Singapore, and the United Kingdom have issued an alert for users of the Accellion File Transfer Appliance (FTA) about 4 vulnerabilities which are being actively exploited by a threat...

Cyberattack Forces St. Margaret’s Health –Spring Valley to Shut Down Computer Systems

St. Margaret’s Health –Spring Valley in Illinois is investigating a cyberattack that occurred over the weekend of February 20/21, 2021. The security breach was detected by the hospital’s IT team on February 21, and the hospital’s computer network and all web-based applications including...

March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches

The deadline for reporting healthcare data breaches of fewer than 500 records that were discovered in 2020 is fast approaching. HIPAA covered entities and business associates have until March 1, 2021 to submit breach reports to the Department of Health and Human Services’ Office for Civil Rights...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

CISA Warns of Active Exploitation of Accellion File Transfer Appliance Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity authorities Australia, New Zealand, Singapore, and the United Kingdom have issued an alert for users of the Accellion File Transfer Appliance (FTA) about 4 vulnerabilities which are being actively exploited by a threat...

January 2021 Healthcare Data Breach Report

January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from 62 incidents in December to just 32 in January. While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more...

100% of Tested mHealth Apps Vulnerable to API Attacks

The personally identifiable health information of millions of individuals is being exposed through the Application Programming Interfaces (APIs) used by mobile health (mHealth) applications, according to a recent study published by cybersecurity firm Approov. Ethical hacker and researcher Allissa...

CISA Warns of Active Exploitation of Accellion File Transfer Appliance Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity authorities Australia, New Zealand, Singapore, and the United Kingdom have issued an alert for users of the Accellion File Transfer Appliance (FTA) about 4 vulnerabilities which are being actively exploited by a threat...

Insights into Healthcare Industry Cyber Threats and the Supply Chain Supporting Criminal Activity

Throughout the pandemic, cybercriminals have taken advantage of new opportunities and have been attacking hospitals, clinics and other businesses and organizations on the front line in the fight against COVID-19. Ransomware attacks on the healthcare industry soared in 2020, especially in the fall...

January 2021 Healthcare Data Breach Report

January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from 62 incidents in December to just 32 in January. While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more...

100% of Tested mHealth Apps Vulnerable to API Attacks

The personally identifiable health information of millions of individuals is being exposed through the Application Programming Interfaces (APIs) used by mobile health (mHealth) applications, according to a recent study published by cybersecurity firm Approov. Ethical hacker and researcher Allissa...

OIG: Two VA Employees Concealed Privacy and Security Risks of a Big Data Project

Two members of the Department of Veteran Affairs’ (VA) information technology staff are alleged to have made false representations about the privacy and security risks of a big data AI project between the VA and a private company that would have seen the private and confidential health data of...

Study Indicates Majority of EHR Vendors are Engaging in Information Blocking Practices

Information blocking by electronic health record (EHR) vendors is still highly prevalent, despite recent policymaking that prohibits information blocking practices, according to a recent study published in the Journal of the American Medical Informatics Association (JAMIA). To identify the extent...

Gore Medical Management Alerted to 2017 Breach of 79,100 Patients’ PHI

Gore Medical Management, a medical practice company based in Griffin, GA, has discovered a historic data breach involving the protected health information (PHI) of 79,100 individuals. The breach occurred in 2017 and affects patients of Family Medical Center in Thomaston, which is now part of Upson...

Email Security Breach Impacts 45,000 Covenant Healthcare Patients

Covenant Healthcare in Saginaw, MI has discovered an unauthorized individual gained access to two employee email accounts that contained the protected health information of approximately 45,000 patients. The security breach was identified on December 21, 2020, with the investigation revealing the...

Cyberattack Forces St. Margaret’s Health –Spring Valley to Shut Down Computer Systems

St. Margaret’s Health –Spring Valley in Illinois is investigating a cyberattack that occurred over the weekend of February 20/21, 2021. The security breach was detected by the hospital’s IT team on February 21, and the hospital’s computer network and all web-based applications including...

March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches

The deadline for reporting healthcare data breaches of fewer than 500 records that were discovered in 2020 is fast approaching. HIPAA covered entities and business associates have until March 1, 2021 to submit breach reports to the Department of Health and Human Services’ Office for Civil Rights...

Whistleblower Who Falsely Claimed Nurse Violated HIPAA Jailed for 6 Months

A Georgia man who falsely claimed a former acquaintance had violated patient privacy and breached the HIPAA Rules has been fined $1,200 and sentenced to 6 months in jail. In October 2019, Jeffrey Parker, 44, of Rincon, GA, claimed to be a HIPAA whistleblower and alerted the authorities about...

January 2021 Healthcare Data Breach Report

January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from 62 incidents in December to just 32 in January. While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more...

What are the Penalties for HIPAA Violations?

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to...

New HIPAA Regulations in 2021

Tt has been several years since new HIPAA regulations have been introduced but that is likely to change very soon. The last update to the HIPAA Rules was the HIPAA Omnibus Rule changes in 2013, which introduced new requirements mandated by the Health Information Technology for Economic and Clinical...

HIPAA Privacy Rule Changes Proposed to Improve Care Coordination and Patient Rights

The Department of Health and Human Services has issued a notice of proposed rulemaking detailing multiple HIPAA Privacy Rule changes that are intended to remove regulatory burdens, improve care coordination, and give patients better access to their protected health information (PHI). OCR issued a...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

How Should You Respond to an Accidental HIPAA Violation?

The majority of HIPAA covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA violation? How should healthcare employees, covered entities, and business associates respond? How Should...

What is HIPAA Certification?

A frequently asked question in the healthcare industry is what is HIPAA certification; for although there is no standard or implementation specification within HIPAA that requires Covered Entities or Business Associate to certify compliance, several third-party organizations offer HIPAA...

HHS Adopts Changes to 42 CFR Part 2 Regulations to Improve Care Coordination

The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and Human Services’ Substance Abuse and Mental Health Services (SAMHSA). The 42 CFR Part 2 regulations, first promulgated in 1975, were written at a time...

OCR Issues Guidance on Media and Film Crew Access to Healthcare Facilities

The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy Rule does not allow the media and film crews to access healthcare facilities where patients’ protected health information is accessible unless written authorization has been...

HIPAA Penalties Waived for Good Faith Operation of COVID-19 Community-Based Testing Sites

The HHS has issued a Notice of Enforcement Discretion covering healthcare providers and business associates that participate in the operation of COVID-19 community-based testing sites. Under the terms of the Notice of Enforcement discretion, the HHS will not impose sanctions and penalties in...