2020 Emergency Preparedness and Security Trends in Healthcare Survey
Jan28

2020 Emergency Preparedness and Security Trends in Healthcare Survey

Every year, Rave Mobile Safety conducts a nationwide survey to identify healthcare security trends and assess the state of emergency preparedness and security trends in the healthcare industry. For the 2020 Emergency Preparedness and Security Trends in Healthcare report, Rave Mobile Security is seeking insights from leaders in the healthcare industry on the efforts that have made to prepare for emergency situations. Many HIPAA Journal readers participated in last year’s survey and have provided information on the steps they have taken to improve safety in the workplace in emergency situations. That information has been used to get an overview of emergency preparedness in the United States. The 2020 survey is now being conducted and HIPAA Journal readers have been requested to take part in the study. If you so wish, you can participate completely anonymously. You can participate in the survey by clicking the following link: Click here for the Emergency Preparedness and Security Trends in Healthcare Survey. If you provide your email address, you’ll receive the anonymized survey...

Read More
65% of U.S. Organizations Experienced a Successful Phishing Attack in 2019
Jan28

65% of U.S. Organizations Experienced a Successful Phishing Attack in 2019

The 2020 State of the Phish report from the cybersecurity firm Proofpoint shows 65% of U.S. organizations (55% globally) had to deal with at least one successful phishing attack in 2019. For the report, Proofpoint drew data from a third-party survey of 3,500 working adults in the United States, United Kingdom, Australia, France, Germany, Japan, Spain along with a survey of 600 IT security professionals in those countries. Data was also taken from 9 million suspicious emails reported by its customers and more than 50 million simulated phishing emails in the past year. Infosec professionals believe the number of phishing attacks remained the same or declined in 2019 compared to the previous year. This confirms what may cybersecurity firms have found: Phishing tactics are changing. Cybercriminals are now focusing on quality over quantity. Standard phishing may have declined, but spear phishing attacks are more common. 88% of organizations said they faced spear phishing attacks in 2019 and 86% said they faced business email compromise (BEC) attacks. Phishing attacks are most commonly...

Read More
Patients Want Easy Access to Their Health Data but Better Privacy Protections Preferred
Jan28

Patients Want Easy Access to Their Health Data but Better Privacy Protections Preferred

Patients want easy access to their health data and for their health information to be presented in a concise, easy to understand format, according to a new poll conducted by Morning Consult on behalf of America’s Health Insurance Plans (AHIP). However, patients and consumers are well aware of the threat of cyberattacks and data breaches and they do not want their private health information to be compromised. A majority (62%) of patients and consumers said they would be willing to forego easy access to their health data if it meant greater privacy protections were in place to protect their health information. In November 2019, President Trump signed an Executive Order on Improving Price and Quality Transparency in American Healthcare to Put Patients First. In response, the Department of Health and Human Services, the Department of Labor, and the Department of the Treasury proposed a new Transparency in Coverage Rule. The rule requires “employer-based group health plans and health insurance issuers offering group and individual coverage to disclose price and cost-sharing information...

Read More
Iowa Department of Human Services Notifies 4,784 Patients About Improper Disposal Incident
Jan27

Iowa Department of Human Services Notifies 4,784 Patients About Improper Disposal Incident

The Iowa Department of Human Services has notified 4,784 individuals about the potential exposure of some of their protected health information. On November 25, 2019, a member of staff disposed of documents containing the protected health information of Dallas County clients in a regular garbage dumpster, instead of sending the records for shredding. By the time the improper disposal incident was discovered, the dumpster had been emptied. An investigation was launched which revealed the custodial employee who disposed of the paperwork was unaware that the documents contained confidential information. It was not possible to determine exactly which patients were affected, so notification letters were sent to all individuals potentially impacted by the breach. The documents likely contained information such as names, dates of birth, mailing addresses, driver’s license numbers, Social Security numbers, disability information, medical information, banking and wage information, receipt of Medicaid, mental health information, provider names, prescriptions, and substance abuse and illegal...

Read More
Beaumont Health Discovers 20-Month Insider Breach
Jan27

Beaumont Health Discovers 20-Month Insider Breach

Beaumont Health, a not-for-profit 8-hospital health system based in Southfield, MI, has discovered a former employee has accessed the medical records patients without authorization and is understood to have shared protected health information with another individual. An internal investigation was launched when it was discovered medical records had been accessed without authorization. A review of the former employee’s access logs revealed the unauthorized access first occurred on February 1, 2017 and continued until October 22, 2019. The breach was discovered in December 2018. Beaumont Health said its internal investigation determined on December 10, 2019 that the medical records of 1,182 patients were accessed over a period of 20 months. The information potentially obtained and disclosed included names, addresses, contact telephone numbers, dates of birth, email addresses, health insurance information, reason why medical care was sought, and Social Security numbers. The individual to whom the information was believed to have been disclosed was affiliated with a personal injury...

Read More