SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances
Dec09

SonicWall Recommends Immediate Firmware Upgrade to Fix Critical Flaws in SMA 100 Series Appliances

SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series remote access appliances that fixes 8 vulnerabilities including 2 critical and 4 high-severity flaws. Vulnerabilities in SonicWall appliances are attractive to threat actors and have been targeted in the past in ransomware attacks. While there are currently no known cases of the latest batch of vulnerabilities being exploited in the wild, there is a high risk of these vulnerabilities being exploited if the firmware is not updated promptly. SMA 100 series appliances include the SonicWall SMA 200, 210, 400, 410, and 500v secure access gateway products, all of which are affected. The most serious vulnerabilities are buffer overflow issues which could be exploited remotely by an unauthenticated attacker to execute code on vulnerable appliances. These are CVE-2021-20038, an unauthenticated stack-based buffer overflow vulnerability (CVSS score of 9.8), and CVE-2021-20045, which covers multiple unauthenticated file explorer heap-based and stack-based buffer overflow issues (CVSS score 9.4). A further...

Read More
Webinar December 21, 2021: How to Complete Your 2021 HIPAA Security Risk Assessment
Dec09

Webinar December 21, 2021: How to Complete Your 2021 HIPAA Security Risk Assessment

The Health Insurance Portability and Accountability Act requires HIPAA-covered entities and their business associates to complete a risk assessment to identify all risks to the confidentiality, integrity, and availability of ePHI. Not only is a risk assessment required for compliance, it allows organizations to identify and address risks before they can be exploited, thus helping to prevent costly data breaches. Many healthcare organizations and business associates find annual risk assessments problematic, and fail to conduct comprehensive risk assessments that meet the requirements of the HIPAA Security Rule. Risk assessment failures are among the most common HIPAA violations cited by the HHS’ Office for Civil Rights in its audits and data breach investigations. As the year draws to an end, it is now time to perform your annual HIPAA Security Risk assessment and help is at hand to help you comply with this important HIPAA provision. On Tuesday, December 7, 2021, Compliancy Group is hosting a webinar that will provide an overview of everything you need to know to allow you to...

Read More
Medical Biller Faces Decades in Jail for Healthcare Fraud, Identity Theft, and Tax Offenses
Dec08

Medical Biller Faces Decades in Jail for Healthcare Fraud, Identity Theft, and Tax Offenses

A medical biller in the Tampa Bay area of Florida has pleaded guilty to four counts of healthcare fraud, four counts of aggravated identity theft, two counts of failing to file a tax return, and one count of filing a false tax return. Joshua Maywalt, 40, of Tampa, worked as a medical biller at a Clearwater company that provided credentialing and medical billing services to a range of healthcare provider clients in Florida. In his capacity as a medical biller, Maywalt was able to access the company’s financial, medical provider, and patient information. Maywalt was assigned to a Tampa Bay area physician’s account and submitted claims to Florida Medicaid HMOs for services provided by that physician to recipients of Medicaid. Maywalt wrongfully accessed the company’s patient information and used the name and identification number of the physician to submit false and fraudulent claims to a Florida Medicaid HMO for services that Maywalt claimed were provided by the physician when they had not been. The “pay to” information on the claims for the fictitious medical services was changed to...

Read More
Data Breaches Reported by UH College of Optometry and Valley Mountain Regional Center
Dec08

Data Breaches Reported by UH College of Optometry and Valley Mountain Regional Center

The University of Houston College of Optometry has discovered an unauthorized individual from outside the United States gained access to the network of an affiliated eye clinic and stole information contained in the clinic’s database. The Community Eye Clinic in Fort Worth, TX, is managed and administered by UH College of Optometry. Security staff identified the intrusion at 9 a.m. on September 13, 2021, the morning after the breach occurred. The IT security team immediately took steps to secure the system, further defensive safeguards have been implemented to better protect patient data, and its monitoring and alerts have been enhanced. A review has also been conducted of the clinic’s IT protocols and procedures to ensure that industry-standard practices are followed. The files obtained by the attacker related to patients who received treatment at the Community Eye Clinic between May 22, 2013, and September 13, 2021. The information in the database included names, dates of birth, contact information, government ID numbers, health insurance information, passport numbers,...

Read More
Ransomware Attacks Reported by TriValley Primary Care and Medsurant Health
Dec08

Ransomware Attacks Reported by TriValley Primary Care and Medsurant Health

On October 11, 2021, Perkasie, PA-based TriValley Primary Care discovered ransomware had been installed on its networks and servers, which contained the protected health information of some of its patients. Action was quickly taken to secure its systems and prevent further unauthorized access and third-party cybersecurity experts were engaged to assist with the investigation. The forensic investigation concluded on November 4, 2021, but it was not possible to tell exactly when unauthorized individuals first gained access to its systems nor whether any specific patient information was viewed or obtained by the attackers. At the time of issuing notification letters to affected individuals, TriValley Primary Care was unaware of any actual or attempted misuse of patient data. As a precaution against identity theft and fraud, all affected individuals have been offered complimentary credit monitoring and identity theft protection services. TriValley Primary Care said it has taken action to prevent further security breaches, including implementing additional technical safeguards,...

Read More