Recent News

Ramsey County Expands 2018 Phishing Attack Victim Count from 599 to 117,905

Ramsey County has discovered an August 2018 phishing attack has impacted far more individuals than initially thought. The victim count has been increased from 599 to 117,905. The initial breach report stated the email accounts of 26 employees were compromised in a phishing attack on or around...

400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks, has revealed 24.3 million medical images in medical image storage systems are freely accessible online and require no authentication to view or download...

Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices Issued by NCCoE

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices allow employees to access resources essential for their work...

NCCoE Issues Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem

The National Cybersecurity Center of Excellence (NCCoE) has issued draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem. The guidelines – NIST Cybersecurity Practice Guide, SP 1800-24 – have been written for health healthcare delivery...

Vulnerabilities Identified in WLAN Firmware Used by Philips IntelliVue Portable Patient Monitors

Two vulnerabilities have been identified in Philips IntelliVue WLAN firmware which affect certain IntelliVue MP monitors. The flaws could be exploited by hackers to install malicious firmware which could impact data flow and lead to an inoperable condition alert at the device and Central...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks, has revealed 24.3 million medical images in medical image storage systems are freely accessible online and require no authentication to view or download...

NCCoE Issues Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem

The National Cybersecurity Center of Excellence (NCCoE) has issued draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem. The guidelines – NIST Cybersecurity Practice Guide, SP 1800-24 – have been written for health healthcare delivery...

Consumer Technology Association Publishes Privacy Guidelines for Handling Health and Wellness Data

The Consumer Technology Association (CTA) has released data privacy guidelines to help companies better protect health and wellness data. The guidelines have been developed to help CTA members address tangible privacy risks and securely collect, use, and share health and wellness data collected...

400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks, has revealed 24.3 million medical images in medical image storage systems are freely accessible online and require no authentication to view or download...

Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices Issued by NCCoE

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices allow employees to access resources essential for their work...

NCCoE Issues Draft Guidelines for Securing the Picture Archiving and Communication System (PACS) Ecosystem

The National Cybersecurity Center of Excellence (NCCoE) has issued draft NIST guidelines for securing the picture archiving and communications system (PACS) ecosystem. The guidelines – NIST Cybersecurity Practice Guide, SP 1800-24 – have been written for health healthcare delivery...

400 Million Medical Images Are Freely Accessible Online Via Unsecured PACS

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm, Greenbone Networks, has revealed 24.3 million medical images in medical image storage systems are freely accessible online and require no authentication to view or download...

Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices Issued by NCCoE

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices allow employees to access resources essential for their work...

Vulnerability Identified in Becton Dickinson Pyxis Drug Dispensing Cabinets

Becton Dickinson (BD) has discovered a vulnerability in its Pyxis drug dispensing cabinets which could allow an unauthorized individual to use expired credentials to access patient data and medications. The vulnerability was discovered by BD, which self-reported the flaw to the Department of...

Ramsey County Expands 2018 Phishing Attack Victim Count from 599 to 117,905

Ramsey County has discovered an August 2018 phishing attack has impacted far more individuals than initially thought. The victim count has been increased from 599 to 117,905. The initial breach report stated the email accounts of 26 employees were compromised in a phishing attack on or around...

Shore Specialty Consultants Pulmonology Group Breach Impacts 9,700 Patients

New Jersey-based Shore Specialty Consultants Pulmonology Group (SSCPG) is notifying 9,700 patients that some of their protected health information (PHI) has potentially been subjected to unauthorized access as a result of a recent security breach. On July 8, 2019, SSCPG discovered a hacker gained...

Phishing Incidents Reported by Fraser and East Central Indiana School Trust

East Central Indiana School Trust (ECIST) has started notifying more than 3,200 individuals that some of their protected health information (PHI) has been exposed as a result of a recent phishing attack. On May 19, 2019, an employee was fooled into disclosing email account credentials which were...

Webinar: Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age

Social media is a potential minefield for HIPAA violations. One impulsive response to an online review could violate the privacy of a patient, breach HIPAA Rules, and leave and the practice at risk of a significant HIPAA violation penalty. In the digital age, healthcare providers have to deal with...

OCR Settles First HIPAA Violation Case Under 2019 Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that one of the main areas of HIPAA enforcement in 2019 would be HIPAA right of access failures, including untimely responses to access requests and overcharging for copies of medical...

Most Patients Happy to Share EHR Data for Research, But Not Entire Medical Record

A majority of patients are comfortable with sharing their biospecimens and EHR data for research purposes, according to a new study published in JAMA Network Open; however, most patients want to restrict the sharing of at least one part of their medical record. Patients also exhibited preferences...

OCR Settles First HIPAA Violation Case Under 2019 Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that one of the main areas of HIPAA enforcement in 2019 would be HIPAA right of access failures, including untimely responses to access requests and overcharging for copies of medical...

32% of Healthcare Employees Have Received No Cybersecurity Training

There have been at least 200 breaches of more than 500 records reported since January and 2019 looks set to be another record-breaking year for healthcare data breaches. The continued increase in data breaches prompted Kaspersky Lab to conduct a survey to find out more about the state of...

Allscripts Proposes $145 Million Settlement to Resolve DOJ HIPAA and HITECH Act Case

A preliminary settlement has been proposed by Allscripts Healthcare Solutions to resolve alleged violations of HIPAA, the HITECH Act’s electronic health record (EHR) incentive program, and the Anti-Kickback Statute related to the electronic health record (EHR) company Practice Fusion, which was...

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

Hurricane Dorian: Limited HIPAA Waiver Issued in Puerto Rico, Florida, Georgia, North and South Carolina

Alex Azar, Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency (PHE) in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian.  On September 4, a PHE was also declared in North Carolina, retroactive to...

HHS Proposes Rule Easing Restrictions on Substance Use Disorder Treatment Records

The Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed a new rule that loosens restrictions on substance use disorder (SUD) treatment records, aligning Part 2 regulations more closely with HIPAA. The new rule, proposed on August 22, is the first element of the HHS’s...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...