Recent News

New Massachusetts Data Breach Notification Law Enacted

A new Massachusetts data breach notification law has been enacted. The new legislation was signed into law by Massachusetts governor Charlie Baker on January 10, 2019 and will come into effect on April 11, 2019. The new legislation updates existing Massachusetts data breach notification law and...

111K Individuals Notified of 4-Month Email Account Compromise

Centerstone Insurance and Financial Services, operating as BenefitMall, has started notifying more than 111,000 individuals that some of their protected health information has been exposed, and potentially stolen, in a recent email security incident. Dallas, TX-based BenefitMail is a provider of...

10 Year Jail Term for Boston Children’s Hospital Hacker

The hacker behind a Distributed Denial of Service (DDoS) attack on Boston Children’s Hospital in 2014 has been handed a jail term of 10 years and must pay $443,000 in restitution. Martin Gottesfeld, 34, of Somerville, MA, launched attacks on the Framingham, MA, Wayside Youth and Family Support...

Sacred Heart Rehabilitation Center Notifies Patients of Phishing Incident

Memphis, MI-based Sacred Heart Rehabilitation Center, a provider of substance abuse treatment and care services for patients diagnosed with HIV/AIDS, has discovered an unauthorized individual has gained access to the email account of an employee following a response to a phishing email. The email...

SingHealth Breach Investigation Reveals Catalogue of Cybersecurity Failures

An investigation into a healthcare data breach has shown how the failure to implement basic cybersecurity measures leaves the door wide open to hackers. Healthcare organizations can invest in the latest cybersecurity technology but failing to adopt standard cybersecurity best practices and assess...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

New Massachusetts Data Breach Notification Law Enacted

A new Massachusetts data breach notification law has been enacted. The new legislation was signed into law by Massachusetts governor Charlie Baker on January 10, 2019 and will come into effect on April 11, 2019. The new legislation updates existing Massachusetts data breach notification law and...

Advertising Expenditures Increase 64% Following a Healthcare Data Breach

A recent study has explored the relationship between advertising expenditures and healthcare data breaches. The study shows hospitals significantly increase advertising spending following a data breach. Healthcare Data Breaches Are the Costliest to Mitigate Healthcare data breaches are the most...

Summary of 2018 HIPAA Fines and Settlements

This post summarizes the 2018 HIPAA fines and settlements that have resulted from the enforcement activities of the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. Another Year of Heavy OCR HIPAA Enforcement In 2016, there was a significant...

Feds Launch Campaign to Raise Awareness of Cyber Risks Faced by Private Sector Firms

A new public awareness campaign has been launched to raise awareness of cyber risks and to get businesses in all industry sectors to improve their information security practices and cyber defenses. The “Know the Risk, Raise your Shield” campaign is being run by the National Counterintelligence...

Advertising Expenditures Increase 64% Following a Healthcare Data Breach

A recent study has explored the relationship between advertising expenditures and healthcare data breaches. The study shows hospitals significantly increase advertising spending following a data breach. Healthcare Data Breaches Are the Costliest to Mitigate Healthcare data breaches are the most...

Summary of 2018 HIPAA Fines and Settlements

This post summarizes the 2018 HIPAA fines and settlements that have resulted from the enforcement activities of the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. Another Year of Heavy OCR HIPAA Enforcement In 2016, there was a significant...

IT Service Providers and Customers Warned of Increase in Chinese Malicious Cyber Activity

The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) has issued an alert about increased Chinese malicious cyber activity targeting IT service providers such as Managed Service Provider (MSPs), Managed Security Service Providers (MSSPs), Cloud Service...

HHS Publishes Cybersecurity Best Practices for Healthcare Organizations

The U.S. Department of Health and Human Services has issued voluntary cybersecurity best practices for healthcare organizations and guidelines for managing cyber threats and protecting patients. Healthcare technologies are essential for providing care to patients, yet those technologies introduce...

NIST Releases Draft Paper on Telehealth and Remote Monitoring Device Cybersecurity

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has released a draft paper covering the privacy and security risks of telehealth and remote monitoring devices along with best practices for securing the telehealth and remote monitoring...

New Massachusetts Data Breach Notification Law Enacted

A new Massachusetts data breach notification law has been enacted. The new legislation was signed into law by Massachusetts governor Charlie Baker on January 10, 2019 and will come into effect on April 11, 2019. The new legislation updates existing Massachusetts data breach notification law and...

111K Individuals Notified of 4-Month Email Account Compromise

Centerstone Insurance and Financial Services, operating as BenefitMall, has started notifying more than 111,000 individuals that some of their protected health information has been exposed, and potentially stolen, in a recent email security incident. Dallas, TX-based BenefitMail is a provider of...

Sacred Heart Rehabilitation Center Notifies Patients of Phishing Incident

Memphis, MI-based Sacred Heart Rehabilitation Center, a provider of substance abuse treatment and care services for patients diagnosed with HIV/AIDS, has discovered an unauthorized individual has gained access to the email account of an employee following a response to a phishing email. The email...

Summary of 2018 HIPAA Fines and Settlements

This post summarizes the 2018 HIPAA fines and settlements that have resulted from the enforcement activities of the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. Another Year of Heavy OCR HIPAA Enforcement In 2016, there was a significant...

Flowers Hospital Data Breach Settlement Approved by Judge

A class action data breach lawsuit filed against Flowers Hospital in Dothan, AL, in 2014 has finally been settled. In 2014, an employee of Flowers Hospital stole the personal information of patients from the hospital laboratory and used the information to file fraudulent tax returns in the names of...

Largest Healthcare Data Breaches of 2018

This post summarizes the largest healthcare data breaches of 2018: Healthcare data breaches that have resulted in the loss, theft, unauthorized accessing, impermissible disclosure, or improper disposal of 100,000 or more healthcare records. 2018 has seen 18 data breaches that have exposed 100,000...

Massachusetts Attorney General Issues $75,000 HIPAA Violation Fine to McLean Hospital

Massachusetts Attorney General Maura Healey has issued a $75,000 HIPAA violation fine to McLean Hospital over a 2015 data breach that exposed the protected health information (PHI) of approximately 1,500 patients. McLean Hospital, a psychiatric hospital in Belmont, MA, allowed an employee to...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...

Failure to Terminate Former Employee’s PHI Access Costs Colorado Hospital $111,400

OCR has fined a Colorado hospital $111,400 for the failure to terminate a former employee’s access to a web-based scheduling calendar, which resulted in an impermissible disclosure of 557 patients’ ePHI. Pagosa Springs Medical Center (PSMC) is a critical access hospital, part of the Upper San...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...

AMIA and AHIMA Call for Changes to HIPAA to Improve Access and Portability of Health Data

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for changes to HIPAA to be made to improve patients’ access to their health information, make health data more portable, and to better protect health data in the app...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...