Zoom Security Problems Raise Concern About Suitability for Medical Use
Apr03

Zoom Security Problems Raise Concern About Suitability for Medical Use

Teleconferencing platforms such as Zoom have proven popular with businesses and consumers for maintaining contact while working from home during the COVID-19 crisis, but a slew of Zoom security problems have been identified in the past few days that have raised concerns about the suitability of the platform for medical use. Zoom Security Problems Uncovered by Researchers Several Zoom security problems and privacy issues have been discovered in the past few days. The macOS installer was discovered to use malware-like methods to install the Zoom client without final confirmation being provided by users. This method could potentially be hijacked and could serve as a backdoor for malware delivery. Two zero-day vulnerabilities were identified in the macOS client version of Zoom’s teleconferencing platform, which would allow a local user to escalate privileges and gain root privileges, even without an administrator password, and gain access to the webcam and microphone and intercept and record Zoom meetings. A feature of the platform that is intended to make it easier for business...

Read More
35,800 Patients of The Otis R. Bowen Center for Human Services Notified About Email Security Breach
Apr03

35,800 Patients of The Otis R. Bowen Center for Human Services Notified About Email Security Breach

The Otis R. Bowen Center for Human Services, an Indiana-based provider of mental health and addiction recovery healthcare services, has announced that unauthorized individuals have gained access to the email accounts of two of its employees. It is unclear when the email account breaches occurred and for how long unauthorized individuals had access to the email accounts. In its website substitute breach notification, The Otis R. Bowen Center said an independent digital forensic investigation revealed on January 28, 2020 that PHI had potentially been accessed as a result of the attack. The review of the accounts has now been completed to determine which patients have been affected and those individuals have been individually notified by main. No mention was made about the types of information that were potentially compromised. The Otis R. Bowen Center said the investigation did not uncover any evidence to suggest that any PHI had been misused as a result of the breach but, out of an abundance of caution, affected individuals have been offered complimentary membership to credit...

Read More
OCR Issues Notice of Enforcement Discretion to Allow Business Associates to Disclose PHI for COVID-19 Public Health and Health Oversight Activities
Apr02

OCR Issues Notice of Enforcement Discretion to Allow Business Associates to Disclose PHI for COVID-19 Public Health and Health Oversight Activities

On April 2, 2020, the Department of Health and Human Services announced that with immediate effect, it will be exercising enforcement discretion and will not impose sanctions or financial penalties against healthcare providers or their business associates for good faith uses and disclosures of protected health information (PHI) by business associates for public health and health oversight activities for the duration of the COVID-19 public health emergency, or until the Secretary of the HHS declares the public health emergency no longer exists. The Notice of Enforcement Discretion was issued to support Federal public health authorities and health oversight agencies such as the Centers for Medicare and Medicaid Services (CMS), the Centers for Disease Control and Prevention (CMS), state and local health departments, and other emergency operation centers that require timely access to COVID-19 related data. While disclosures of PHI by HIPAA-covered entities for public health and health oversight purposes are permitted under the HIPAA Privacy Rule, currently business associates of HIPAA...

Read More
Microsoft Helps Healthcare Organizations Protect Against Human-Operated Ransomware Attacks
Apr02

Microsoft Helps Healthcare Organizations Protect Against Human-Operated Ransomware Attacks

The COVID-19 pandemic is forcing many employees to work from home and the infrastructure used to support those workers is being targeted by human-operated ransomware gangs. While several ransomware operators have stated they will not attack healthcare organizations during the COVID-19 public health emergency, not all cybercrime gangs are taking it easy on the healthcare sector and attacks are continuing. Several cybercrime groups are using the COVID-19 pandemic to their advantage. Tactics, techniques and procedures (TTPs) have been changed in response to the pandemic and they are now using social engineering tactics that prey on fears about COVID-19 and the need for information to gain access to credentials to gain a foothold in healthcare networks. Ransomware attacks on hospitals can cause massive disruption at the best of times. Ransomware attacks that occur while hospitals are trying to respond to the pandemic will severely hamper their efforts to treat COVID-19 patients. Microsoft has committed to help protect critical services during the COVID-19 crisis and has recently...

Read More
Compliancy Group Confirms Big IT has Achieved HIPAA Compliance
Apr01

Compliancy Group Confirms Big IT has Achieved HIPAA Compliance

The Valencia, CA-based information technology and software development firm, Big IT Inc., has been confirmed as having implemented an effective HIPAA compliance program by Compliancy Group. Big IT is a Managed Service Provider (MSP) and Managed Security Services Provider (MSSP) that offers a comprehensive range of IT services to businesses and government users across the United States. Providing IT and IT security services to clients in the healthcare industry requires access to systems that contain protected health information. Big IT is therefore classed as a business associate and must ensure compliance with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules. With HIPAA enforcement up 400% in recent years and a series of high-profile data breaches and multi-million-dollar settlements that have attracted national attention, the importance of HIPAA compliance for both IT service providers and their healthcare IT clients has never been more important. To ensure the company’s compliance program was effective and no aspect of HIPAA compliance had been overlooked, Big...

Read More