Recent News

SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances

SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series remote access appliances that fixes 8 vulnerabilities including 2 critical and 4 high-severity flaws. Vulnerabilities in SonicWall appliances are attractive to threat actors and have been targeted in the past in...

Webinar December 21, 2021: How to Complete Your 2021 HIPAA Security Risk Assessment

The Health Insurance Portability and Accountability Act requires HIPAA-covered entities and their business associates to complete a risk assessment to identify all risks to the confidentiality, integrity, and availability of ePHI. Not only is a risk assessment required for compliance, it allows...

Medical Biller Faces Decades in Jail for Healthcare Fraud, Identity Theft, and Tax Offenses

A medical biller in the Tampa Bay area of Florida has pleaded guilty to four counts of healthcare fraud, four counts of aggravated identity theft, two counts of failing to file a tax return, and one count of filing a false tax return. Joshua Maywalt, 40, of Tampa, worked as a medical biller at a...

Data Breaches Reported by UH College of Optometry and Valley Mountain Regional Center

The University of Houston College of Optometry has discovered an unauthorized individual from outside the United States gained access to the network of an affiliated eye clinic and stole information contained in the clinic’s database. The Community Eye Clinic in Fort Worth, TX, is managed and...

Ransomware Attacks Reported by TriValley Primary Care and Medsurant Health

On October 11, 2021, Perkasie, PA-based TriValley Primary Care discovered ransomware had been installed on its networks and servers, which contained the protected health information of some of its patients. Action was quickly taken to secure its systems and prevent further unauthorized access and...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric approach to enabling secure and easy access to patient data to meet the interoperability, patient access, and data sharing...

HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats

The Department of Health and Human Services has launched a new website that offers advice and resources to help the healthcare and public health sector mitigate cybersecurity threats. The website was created as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program, which...

Ohio DNA Testing Firm Notifies 2.1 Million People About Breach of Personal Information

An Ohio-based DNA testing company has recently disclosed a hacking incident that involved the sensitive data of 2,102,436 individuals. DNA Diagnostics Center (DDC) said it detected suspicious activity in its network on August 6, 2021, and confirmed unauthorized individuals had accessed and acquired...

Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric approach to enabling secure and easy access to patient data to meet the interoperability, patient access, and data sharing...

HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats

The Department of Health and Human Services has launched a new website that offers advice and resources to help the healthcare and public health sector mitigate cybersecurity threats. The website was created as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program, which...

Ohio DNA Testing Firm Notifies 2.1 Million People About Breach of Personal Information

An Ohio-based DNA testing company has recently disclosed a hacking incident that involved the sensitive data of 2,102,436 individuals. DNA Diagnostics Center (DDC) said it detected suspicious activity in its network on August 6, 2021, and confirmed unauthorized individuals had accessed and acquired...

CISA Publishes Mobile Device Cybersecurity Checklist for Organizations

The Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance for enterprises to help them secure mobile devices and safely access enterprise resources using mobile devices. The Enterprise Mobility Management (EMM) system checklist has been created to help businesses...

Medical Devices Affected by 13 Siemens Nucleus RTOS TCP/IP Stack Vulnerabilities

13 vulnerabilities have been identified in the Siemens Nucleus RTOS TCP/IP stack that could potentially be exploited remotely by threat actors to achieve arbitrary code execution, conduct a denial-of-service attack, and obtain sensitive information. The vulnerabilities, dubbed NUCLEUS:13, affect...

Vulnerabilities Identified in B. Braun Infusomat Space and Perfusor Space Infusion Pumps

B. Braun has released software updates to fix five vulnerabilities in its Infusomat Space and Perfusor Space Infusion Pumps. The vulnerabilities could be exploited remotely in a low complexity attack. In North America, the flaws affect Battery pack SP with WiFi (All software Versions 028U000061 and...

Data Breaches Reported by UH College of Optometry and Valley Mountain Regional Center

The University of Houston College of Optometry has discovered an unauthorized individual from outside the United States gained access to the network of an affiliated eye clinic and stole information contained in the clinic’s database. The Community Eye Clinic in Fort Worth, TX, is managed and...

Ransomware Attacks Reported by TriValley Primary Care and Medsurant Health

On October 11, 2021, Perkasie, PA-based TriValley Primary Care discovered ransomware had been installed on its networks and servers, which contained the protected health information of some of its patients. Action was quickly taken to secure its systems and prevent further unauthorized access and...

Sound Generations Reports Two Ransomware Attacks Affecting Over 100,000 Individuals

Seattle, WA-based Sound Generations has announced that unauthorized individuals have gained access to its internal systems and have used ransomware to encrypt files. Sound Generations is a nonprofit that helps older adults and adults with disabilities obtain free to low-cost healthcare resources....

Guidance Issued for Healthcare CISOs on Identity, Interoperability, and Patient Access

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an identity-centric approach to enabling secure and easy access to patient data to meet the interoperability, patient access, and data sharing...

HHS Launches 405(d) Program Website Providing Resources to Help Mitigate Healthcare Cybersecurity Threats

The Department of Health and Human Services has launched a new website that offers advice and resources to help the healthcare and public health sector mitigate cybersecurity threats. The website was created as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program, which...

26th Annual Compliance Institute: March 28 – 31, 2022

The Health Care Compliance Association (HCCA) will be hosting the 26th Annual Compliance Institute at the Phoenix Convention Center, AZ, March 28 – 31, 2022. The HCCA is a member-based association for healthcare compliance professionals that is dedicated to enabling the lasting success and...

HIPAA and Privacy Act Training

When a federal agency provides healthcare services, there may be circumstances in which employees need to undergo both HIPAA and Privacy Act training. In addition, as an increasing number of states enact their own privacy laws, there may also be occasions when employees of state agencies require...

HIPAA Training for Employees

The regulations relating to HIPAA training for employees are deliberately flexible because of the different functions Covered Entities perform, the different roles of employees, and the different level of access each employee has to Protected Health Information (PHI). The degree of flexibility can...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

What is HIPAA Certification?

A frequently asked question in the healthcare industry is what is HIPAA certification; for although there is no standard or implementation specification within HIPAA that requires Covered Entities or Business Associate to certify compliance, several third-party organizations offer HIPAA...

Survey Reveals Sharing EHR Passwords is Commonplace

While data on the practice of password sharing in healthcare is limited, one survey suggests the practice of sharing EHR passwords is commonplace, especially with interns, medical students, and nurses. The research was conducted by Ayal Hassidim, MD of the Hadassah-Hebrew University Medical Center,...

What is the Civil Penalty for Knowingly Violating HIPAA?

What is the civil penalty for knowingly violating HIPAA Rules? What is the maximum financial penalty for a HIPAA violation and when are fines issued? In this post we answer these questions and explain about the penalties for violating HIPAA Rules What is HIPAA? The Health Insurance Portability and...

NIST Seeks Comment on Planned Updates to HIPAA Security Rule Implementation Guidance

The National Institute of Standards and Technology (NIST) is planning on revising and updating its guidance on implementing the HIPAA Security Rule and is seeking comment from stakeholders on aspects of the guidance that should be changed. NIST published the guidance – NIST Special...

HHS Adopts Changes to 42 CFR Part 2 Regulations to Improve Care Coordination

The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and Human Services’ Substance Abuse and Mental Health Services (SAMHSA). The 42 CFR Part 2 regulations, first promulgated in 1975, were written at a time...

OCR Issues Guidance on Media and Film Crew Access to Healthcare Facilities

The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy Rule does not allow the media and film crews to access healthcare facilities where patients’ protected health information is accessible unless written authorization has been...