Recent News

HealthEquity Notifies 190,000 Individuals of Phishing-Related PHI Breach

HealthEquity is notifying 190,000 individuals that some of their protected health information has been exposed as a result of a phishing attack. HealthEquity is a Utah-based company that provides services to help individuals gain tax advantages to offset the cost of healthcare, either through...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...

2,393 Patients of Southwest Washington Regional Surgery Center Impacted by Phishing Attack

Southwest Washington Regional Surgery Center in Vancouver, WA, has suffered a phishing attack that has resulted in the exposure of 2,393 patients’ protected health information. The breach was confined to a single email account and no evidence was uncovered to suggest any emails have been accessed...

Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS

The U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity following the passing of new legislation by Congress. The Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) amends the Homeland Security Act of 2002 can calls for DHS to form...

HealthCare.gov Data Breach Exposed Personal Information of 94,000 Individuals

Last month, the Centers for Medicare & Medicaid Services (CMS) announced that the HealthCare.gov website had been hacked and the sensitive data of approximately 75,000 individuals had potentially been compromised. This week, the CMS issued an update on the breach confirming more people had been...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...

Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS

The U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity following the passing of new legislation by Congress. The Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) amends the Homeland Security Act of 2002 can calls for DHS to form...

HealthCare.gov Data Breach Exposed Personal Information of 94,000 Individuals

Last month, the Centers for Medicare & Medicaid Services (CMS) announced that the HealthCare.gov website had been hacked and the sensitive data of approximately 75,000 individuals had potentially been compromised. This week, the CMS issued an update on the breach confirming more people had been...

Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS

The U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity following the passing of new legislation by Congress. The Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) amends the Homeland Security Act of 2002 can calls for DHS to form...

New Philips iSite and IntelliSpace PACS Vulnerability Identified

ICS-CERT has issued an advisory about a medium severity vulnerability in Philips iSite and IntelliSpace PACS. The weak password vulnerability is present in all versions of iSite PACS and IntelliSpace PACS. If exploited, the confidentiality, integrity, and availability of a component of the system...

Vulnerabilities Identified in Roche Point of Care Handheld Medical Devices

ICS-CERT has issued an advisory concerning five vulnerabilities that have been identified in Roche Point of Care handheld medical devices. Four vulnerabilities are high risk and one has been rated medium risk. Successful exploitation of the vulnerabilities could allow an unauthorized individual to...

Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS

The U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity following the passing of new legislation by Congress. The Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) amends the Homeland Security Act of 2002 can calls for DHS to form...

Vulnerabilities Identified in Roche Point of Care Handheld Medical Devices

ICS-CERT has issued an advisory concerning five vulnerabilities that have been identified in Roche Point of Care handheld medical devices. Four vulnerabilities are high risk and one has been rated medium risk. Successful exploitation of the vulnerabilities could allow an unauthorized individual to...

OIG Finds Deficiencies in FDA’s Policies and Procedures to Address Cybersecurity Risk to Postmarket Medical Devices

The HHS’ Office of Inspector General (OIG) has published the findings of an audit of the FDA’s policies and procedures for addressing medical device cybersecurity in the postmarket phase.  Several deficiencies in FDA policies and procedures were identified by OIG auditors. Ensuring the safety,...

HealthEquity Notifies 190,000 Individuals of Phishing-Related PHI Breach

HealthEquity is notifying 190,000 individuals that some of their protected health information has been exposed as a result of a phishing attack. HealthEquity is a Utah-based company that provides services to help individuals gain tax advantages to offset the cost of healthcare, either through...

2,393 Patients of Southwest Washington Regional Surgery Center Impacted by Phishing Attack

Southwest Washington Regional Surgery Center in Vancouver, WA, has suffered a phishing attack that has resulted in the exposure of 2,393 patients’ protected health information. The breach was confined to a single email account and no evidence was uncovered to suggest any emails have been accessed...

HealthCare.gov Data Breach Exposed Personal Information of 94,000 Individuals

Last month, the Centers for Medicare & Medicaid Services (CMS) announced that the HealthCare.gov website had been hacked and the sensitive data of approximately 75,000 individuals had potentially been compromised. This week, the CMS issued an update on the breach confirming more people had been...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...

$200,000 Settlement Agreed with Business Associate Behind Virtua Medical Data Breach

New Jersey Attorney General Gurbir S. Grewal has announced a $200,000 settlement has been agreed with Best Medical Transcription to resolve violations of the Health Insurance Portability and Accountability Act that were discovered during an investigation of a 2016 breach of 1,650 individuals’...

Cybersecurity Best Practices for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has drawn attention to basic cybersecurity safeguards that can be adopted by healthcare organizations to improve cyber resilience and reduce the impact of attempted cyberattacks. The advice comes at the end of cybersecurity...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...

$200,000 Settlement Agreed with Business Associate Behind Virtua Medical Data Breach

New Jersey Attorney General Gurbir S. Grewal has announced a $200,000 settlement has been agreed with Best Medical Transcription to resolve violations of the Health Insurance Portability and Accountability Act that were discovered during an investigation of a 2016 breach of 1,650 individuals’...

September 2018 Healthcare Data Breach Report

For the second consecutive month there has been a reduction in both the number of reported healthcare data breaches and the number of exposed healthcare records. In September, there were 25 breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...

HHS Secretary Alex Azar Promises Reforms to Federal Health Privacy Rules

At a July 27 address at The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), Alex Azar, explained that the HHS will be undertaking several updates to health privacy regulations over the coming months, including updates to the Health Insurance Portability and...

Legislation Changes and New HIPAA Regulations in 2018

The policy of two out for every new regulation introduced means there are likely to be few, if any, new HIPAA regulations in 2018. However, that does not mean it will be all quiet on the HIPAA front. HHS’ Office for Civil Rights (OCR) director Roger Severino has indicated there are some HIPAA...