Recent News

21,400 Patients Impacted by St. Croix Hospice Phishing Attack

St. Croix Hospice, a provider of hospice care throughout the Midwest, has discovered an unauthorized individual gained access to the email account of an employee and potentially viewed patient information. The breach was detected on May 10, 2019 when suspicious email activity was detected in the...

Idaho Hospitals Must Now Comply with New Idaho Patient Rights Rules

New rules for hospitals have been implemented in Idaho that give patients new rights. The rules were implemented by the Idaho Department of Health and Welfare (IDHW) and are effective from July 1, 2019. The new rules were suggested by patient advocacy groups and “incorporate standards that...

Wise Health System Phishing Attack impacts 35,899 Patients

Wise Health System in Decatur, TX, has started sending notifications to patients to inform them that some of their protected health information (PHI) has been exposed as a result of a phishing attack. 35,899 patients have potentially been affected. The attack occurred on March 14, 2019. Several...

Study Reveals Increase in Ransomware Attacks and 3x Hike in Ransom Demands

Ransomware attacks have continued to increase in Q2, 2019, according to a new report from ransomware recovery service provider Coveware. When businesses experience a ransomware attack, Coveware helps firms recover their data, either through free remediation options or by negotiating with the...

2.2 Million Clinical Pathology Laboratories Patients Affected by AMCA Breach

Clinical Pathology Laboratories in Texas has recently discovered the protected health information (PHI) of approximately 2.2 million of its patients has potentially been compromised in the data breach at American Medical Collection Agency (AMCA). AMCA provides debt collection services to many...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Idaho Hospitals Must Now Comply with New Idaho Patient Rights Rules

New rules for hospitals have been implemented in Idaho that give patients new rights. The rules were implemented by the Idaho Department of Health and Welfare (IDHW) and are effective from July 1, 2019. The new rules were suggested by patient advocacy groups and “incorporate standards that...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

Webinar: Ransomware, Malware, Phishing, and HIPAA Compliance

Compliancy Group is offering healthcare professionals an opportunity to take part in a webinar covering the main threats facing the healthcare industry. Threats such as ransomware, malware, and phishing will be discussed by compliance experts in relation to HIPAA and the privacy and security of...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

Webinar: Ransomware, Malware, Phishing, and HIPAA Compliance

Compliancy Group is offering healthcare professionals an opportunity to take part in a webinar covering the main threats facing the healthcare industry. Threats such as ransomware, malware, and phishing will be discussed by compliance experts in relation to HIPAA and the privacy and security of...

Critical Vulnerability Identified in Burrow-Wheeler Aligner Genomics Mapping Software

Researchers at Sandia National Laboratories have discovered a vulnerability in open source software used by genomic researchers. If exploited, an attacker could gain access to and alter sensitive genetic information. DNA screening is a two-step process. First, a patient’s DNA is sequenced and...

Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches

Cybercriminals are managing to find and exploit vulnerabilities to gain access to healthcare networks and patient data with increasing regularity. The past two months have been the worst and second worst ever months for healthcare data breaches in terms of the number of breaches reported. Phishing...

ONC Report Reveals Trends in Access and Viewing of Medical Records Online

Most hospitals and physicians have now adopted electronic medical records, yet only half of patients have been offered access to their medical records online, according to a new report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC). Two of the aims of the...

AAN Suggests Third Party App Security Framework Must be Included in the CMS Interoperability Plan

The American Academy of Neurology (AAN) has voiced concerns about the interoperability plans of the Centers for Medicare and Medicaid Services (CMS) and the HHS’ Office of the National Coordinator for Health IT (ONC). In February, both ONC and CMS proposed new rules that aim to reduce information...

21,400 Patients Impacted by St. Croix Hospice Phishing Attack

St. Croix Hospice, a provider of hospice care throughout the Midwest, has discovered an unauthorized individual gained access to the email account of an employee and potentially viewed patient information. The breach was detected on May 10, 2019 when suspicious email activity was detected in the...

Wise Health System Phishing Attack impacts 35,899 Patients

Wise Health System in Decatur, TX, has started sending notifications to patients to inform them that some of their protected health information (PHI) has been exposed as a result of a phishing attack. 35,899 patients have potentially been affected. The attack occurred on March 14, 2019. Several...

2.2 Million Clinical Pathology Laboratories Patients Affected by AMCA Breach

Clinical Pathology Laboratories in Texas has recently discovered the protected health information (PHI) of approximately 2.2 million of its patients has potentially been compromised in the data breach at American Medical Collection Agency (AMCA). AMCA provides debt collection services to many...

Idaho Hospitals Must Now Comply with New Idaho Patient Rights Rules

New rules for hospitals have been implemented in Idaho that give patients new rights. The rules were implemented by the Idaho Department of Health and Welfare (IDHW) and are effective from July 1, 2019. The new rules were suggested by patient advocacy groups and “incorporate standards that...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

Selarom Demonstrates Compliance with HIPAA Regulations

El Monte, CA-based Selarom is a specialist cybersecurity firm that provides services to healthcare organizations to help them secure their sensitive data and comply with HIPAA Rules. The company now offers a ‘HIPAA Compliance Complete Solution’ and provides a comprehensive security package for...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

Webinar: Ransomware, Malware, Phishing, and HIPAA Compliance

Compliancy Group is offering healthcare professionals an opportunity to take part in a webinar covering the main threats facing the healthcare industry. Threats such as ransomware, malware, and phishing will be discussed by compliance experts in relation to HIPAA and the privacy and security of...

May 2019 Healthcare Data Breach Report

In April, more healthcare data breaches were reported than in any other month to date. The high level of data breaches has continued in May, with 44 data breaches reported. Those breaches resulted in the exposure of almost 2 million individuals’ protected health information. On average, 2018 saw...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule, business associates of HIPAA covered entities can be directly fined for violations of HIPAA...

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...