Recent News

Ransomware Gangs Adopt Callback Phishing Techniques for Gaining Initial Network Access

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. BazarCall is a type of callback phishing, where organizations are targeted and sent ‘phishing’...

Webinar: Aug 17, 2022: Do I Need to be HIPAA Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information and to prevent that information from being disclosed without an individual’s knowledge or consent. HIPAA applies to healthcare providers, health plans, and...

Data Breach Affects 120,000 Priority Health Plan Members

The Michigan-based health plan provider, Priority Health, has confirmed that it has been affected by a data breach at a business associate, the law firm Warner Norcross & Judd (WNJ). WNJ identified suspicious network activity on October 22, 2021. Steps were immediately taken to prevent further...

Healthcare Providers Targeted in Evernote Phishing Campaign

A malicious phishing campaign has been identified that is targeting healthcare providers. The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The Health Information Cybersecurity Coordination Center (HC3) has...

CISA Sounds Alarm About Zeppelin Ransomware Targeting Healthcare Organizations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security alert about the Zeppelin ransomware-as-a-service (RaaS) operation, which has extensively targeted organizations in the healthcare and medical...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

1H 2022 Healthcare Data Breach Report

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being...

Meta Facing Further Class Action Lawsuit Over Use of Meta Pixel Code on Hospital Websites

Meta is facing another class action lawsuit over the unlawful collection and sharing of health data without content. The lawsuit was filed in the Northern District of California on behalf of plaintiff, Jane Doe. The lawsuit alleges Meta and its companies, including Facebook, have been collecting...

June 2022 Healthcare Data Breach Report

June 2022 saw 70 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) – two fewer than May and one fewer than June 2021. Over the past 12 months, from July 2021 to June 2022, 692 large healthcare data breaches...

1H 2022 Healthcare Data Breach Report

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being...

55% of Healthcare Organizations Suffered a Third-Party Data Breach in the Past Year

Cyberattacks on businesses have been increasing year over year across all industry sectors, and there has been an increase in cyberattacks involving third parties. From the point of view of a cyber threat actor, it makes more sense to attack a vendor such as a managed service provider, as if the...

Ransom Payment Data Suggests More Victims are Choosing Not to Pay

The average payment to ransomware gangs increased in Q2, 2022; however, there was a fall in the median payment for the second successive quarter, indicating more victims of ransomware attacks are choosing not to pay up. The data comes from the latest quarterly report from the ransomware remediation...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

What is the Relationship Between HITECH, HIPAA, and Electronic Health and Medical Records?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August 1996 and led to the development of the HIPAA Privacy Rule in 2003 and the HIPAA Security Rule in 2005, but how did the Health Information Technology for Economic and Clinical Health (HITECH) Act change...

OCR: HIPAA Security Rule Compliance Can Prevent and Mitigate Most Cyberattacks

Healthcare hacking incidents have been steadily rising for a number of years. There was a 45% increase in hacking/IT incidents between 2019 and 2020, and in 2021, 66% of breaches of unsecured electronic protected health information were due to hacking and other IT incidents. A large percentage of...

Data Breach Affects 120,000 Priority Health Plan Members

The Michigan-based health plan provider, Priority Health, has confirmed that it has been affected by a data breach at a business associate, the law firm Warner Norcross & Judd (WNJ). WNJ identified suspicious network activity on October 22, 2021. Steps were immediately taken to prevent further...

1H 2022 Healthcare Data Breach Report

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being...

Zenith American Solutions Reports Mailing Error that Exposed SSNs of 37,000 Individuals

Zenith American Solutions, a third-party administrator for the Sound Health and Wellness Trust, has recently notified individuals about a mailing error that exposed individuals’ Social Security numbers. According to the breach notification, a mailing was sent to individuals on June 24, 2022,...

1H 2022 Healthcare Data Breach Report

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being...

Cloud Security Alliance Releases Third Party Vendor Risk Management Guidance for Healthcare Organizations

Cyber actors are increasingly targeting business associates of HIPAA-covered entities as they provide an easy way to gain access to the networks of multiple healthcare organizations. To help healthcare delivery organizations (HDOs) deal with the threat, the Cloud Security Alliance (CSA) has...

NIST Updates Guidance on HIPAA Security Rule Compliance

The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security Rule to help them better protect patients’ personal and protected health information. The Security Rule of the Health Insurance Portability and...

NIST Updates Guidance on HIPAA Security Rule Compliance

The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security Rule to help them better protect patients’ personal and protected health information. The Security Rule of the Health Insurance Portability and...

OCR Announces 11 Further Financial Penalties for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights has sent a warning to healthcare providers about the importance of compliance with the HIPAA Right of Access with the announcement that a further 11 financial penalties for HIPAA-covered entities that have failed to provide...

ONC and OCR Release Updated Security Risk Assessment Tool

The Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) have released a new version of the HHS Security Risk Assessment (SRA) Tool. The HIPAA Security Rule requires HIPAA-regulated entities...

OCR Issues Guidance for Providers and Individuals Following Supreme Court Decision on Roe v. Wade

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to take action to protect access to sexual and reproductive health care, which includes abortion, pregnancy complications, and other related care, following the decision...

What is a HIPAA Violation?

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA violation is, evidence suggests otherwise. The evidence that there may be a misunderstanding...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

OCR Issues Guidance for Providers and Individuals Following Supreme Court Decision on Roe v. Wade

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to take action to protect access to sexual and reproductive health care, which includes abortion, pregnancy complications, and other related care, following the decision...

OCR Issues Guidance on Audio-Only Telehealth for When the COVID Public Health Emergency Ends

Start preparing now and get your telehealth services HIPAA compliant as when the COVID-19 Public Health Emergency (PHE) ends, the telehealth HIPAA flexibilities stop. That is the advice of the Department of Health and Human Services’ Office for Civil Rights, which released new guidance this week...

Healthcare Groups Provide Feedback on HITECH Recognized Security Practices

Earlier this year, the HHS’ Office for Civil Rights issued a request for information (RFI) on how the financial penalties for HIPAA violations should be distributed to individuals who have been harmed by those HIPAA violations, and the “recognized security practices” under the amended Health...