Recent News

April 2019 Healthcare Data Breach Report

April was the worst ever month for healthcare data breaches. More data breaches reported than any other month since the Department of Health and Human Services’ Office for Civil Rights started publishing healthcare data breach reports in October 2009. In April, 46 healthcare data breaches were...

Vulnerabilities Identified in Siemens Sinamics Perfect Harmony Drives and Scalance Access Points

Siemens has discovered several high-severity vulnerabilities and one critical vulnerability in the Scalance W1750D direct access point. The vulnerabilities can be exploited remotely and require a low level of skill to exploit. If exploited, an attacker could gain access to the W1750D device and...

Medical Oncology Hematology Consultants Notifies Patients about June 2018 Data Breach

Medical Oncology Hematology Consultants (MOHC), a Newark, DE-based cancer treatment center, is alerting certain patients that some of their protected health information (PHI) has been exposed as a result of an email security breach. According to the substitute breach notice on the MOHC website, an...

New Study Uncovers Serious Holes in Healthcare Cybersecurity

The sorry state of healthcare cybersecurity has been highlighted by a recent Forescout study. The study revealed the healthcare industry is overly reliant on legacy software, vulnerable protocols are extensively used, and medical devices are not properly secured. 75 global healthcare deployments...

7 Month Delay Notifying HIV Study Participants About Exposure of their Confidential Information

The sensitive information of 24 women diagnosed with HIV has been made available to individuals unauthorized to access that information. Despite the breach being discovered more than 7 months ago, the affected women have still not been notified. The women were participating in an EmPower Women...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

April 2019 Healthcare Data Breach Report

April was the worst ever month for healthcare data breaches. More data breaches reported than any other month since the Department of Health and Human Services’ Office for Civil Rights started publishing healthcare data breach reports in October 2009. In April, 46 healthcare data breaches were...

7 Month Delay Notifying HIV Study Participants About Exposure of their Confidential Information

The sensitive information of 24 women diagnosed with HIV has been made available to individuals unauthorized to access that information. Despite the breach being discovered more than 7 months ago, the affected women have still not been notified. The women were participating in an EmPower Women...

CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability

The second Senate HELP Committee hearing on the proposed roles for implementing the electronic medical records provisions of the 21st Century Cures Act has taken place this week. The Committee heard from National Coordinator for Health IT, Donald Rucker, and Director and Center for Medicare And...

April 2019 Healthcare Data Breach Report

April was the worst ever month for healthcare data breaches. More data breaches reported than any other month since the Department of Health and Human Services’ Office for Civil Rights started publishing healthcare data breach reports in October 2009. In April, 46 healthcare data breaches were...

New Study Uncovers Serious Holes in Healthcare Cybersecurity

The sorry state of healthcare cybersecurity has been highlighted by a recent Forescout study. The study revealed the healthcare industry is overly reliant on legacy software, vulnerable protocols are extensively used, and medical devices are not properly secured. 75 global healthcare deployments...

7 Month Delay Notifying HIV Study Participants About Exposure of their Confidential Information

The sensitive information of 24 women diagnosed with HIV has been made available to individuals unauthorized to access that information. Despite the breach being discovered more than 7 months ago, the affected women have still not been notified. The women were participating in an EmPower Women...

CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability

The second Senate HELP Committee hearing on the proposed roles for implementing the electronic medical records provisions of the 21st Century Cures Act has taken place this week. The Committee heard from National Coordinator for Health IT, Donald Rucker, and Director and Center for Medicare And...

NIST Issues RFI Seeking Comments to Inform the Development of AI Standards and Tools

The National institute of Standards and Technology (NIST) has issued a request for information (RFI) seeking feedback from industry stakeholders to inform the development of new standards and tools to support systems that use artificial intelligence (AI) technologies. February’s Executive Order...

MD Anderson Cancer Center Fires Three Scientists Over Concerns About Theft of Research Data

MD Anderson Cancer Center, the world’s leading cancer research center, has recently fired three scientists over espionage fears after being alerted by the National Institutes of Health (NiH) to irregularities involving grant recipients. NiH, the largest public funder of biomedical research in the...

April 2019 Healthcare Data Breach Report

April was the worst ever month for healthcare data breaches. More data breaches reported than any other month since the Department of Health and Human Services’ Office for Civil Rights started publishing healthcare data breach reports in October 2009. In April, 46 healthcare data breaches were...

Medical Oncology Hematology Consultants Notifies Patients about June 2018 Data Breach

Medical Oncology Hematology Consultants (MOHC), a Newark, DE-based cancer treatment center, is alerting certain patients that some of their protected health information (PHI) has been exposed as a result of an email security breach. According to the substitute breach notice on the MOHC website, an...

UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service

The Lubbock, TX-based medical group UMC Physicians is alerting patients of UMC Southwest Gastroenterology that some of their protected health information has been exposed as a result of errors of judgement by two of its employed providers. Those providers had each set up a Google shared drive which...

April 2019 Healthcare Data Breach Report

April was the worst ever month for healthcare data breaches. More data breaches reported than any other month since the Department of Health and Human Services’ Office for Civil Rights started publishing healthcare data breach reports in October 2009. In April, 46 healthcare data breaches were...

Lawsuit Alleges Hospital Worker Disclosed Information about Woman’s Sexual Assault to her Attacker

A lawsuit has been filed against Atchison Hospital in Kansas by a rape victim who alleges an x-ray technician at the hospital contacted her attacker and disclosed sensitive information about the treatment she received at the hospital. According to the Kansas City Star, after being raped, the woman...

Touchstone Medical Imaging Fined $3 Million by OCR for Extensive HIPAA Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with the Franklin, TN-based diagnostic medical imaging services company, Touchstone Medical Imaging. The settlement resolves multiple violations of HIPAA Rules discovered by OCR...

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...

Feature of DICOM Image Format Could Be Abused to Fuse Malware with PHI

The DICOM image format, which has been in use for around for 30 years, contains a design ‘flaw’ that could be exploited by hackers to embed malware in image files. Were that to happen, the malware would become permanently fused with protected health information. The DICOM file format was...

Healthcare Organizations Found Not to be In Conformance with NIST CSF and HIPAA Rules

A recent study conducted by the consultancy firm CynergisTek has revealed many healthcare organizations are not in conformance with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, CynergisTek analyzed the results of assessments at almost 600...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...

AMIA and AHIMA Call for Changes to HIPAA to Improve Access and Portability of Health Data

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for changes to HIPAA to be made to improve patients’ access to their health information, make health data more portable, and to better protect health data in the app...