Multiple Class Action Lawsuits Filed Against MCG Health Over Data Breach
Jun28

Multiple Class Action Lawsuits Filed Against MCG Health Over Data Breach

Multiple class action lawsuits have been filed against the Seattle-based Hearst Health subsidiary, MCG Health, over a data breach that has affected at least 10 healthcare organizations including Indiana University Health, Lenoir Health Care, Phelps Health, and Jefferson County Health Center. The data breach was reported to the HHS’ Office for Civil Rights on June 10 as affecting 793,283 individuals, but some affected healthcare organizations have self-reported the breach. The breach notification issued to the Maine Attorney General indicates the protected health information of up to 1.1 million patients was potentially obtained by an unauthorized third party in the attack. MCG Health said it discovered on May 25, 2022, that files had been removed from its systems that included names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and genders. Notification letters were sent to affected individuals on June 10, 2022, and 2 years of complimentary credit monitoring and identity theft protection services have been offered to...

Read More
Webinar: 6 Secret Ingredients to HIPAA Compliance
Jun28

Webinar: 6 Secret Ingredients to HIPAA Compliance

  Free Webinar Recording 6 Secret Ingredients to HIPAA Compliance Immediate and Direct Access on HIPAAJournal.com Free Webinar Recording Immediate AccessPrivacy Policy   This Compliancy Group webinar provides: Step-by-step “how-to-guides” for HIPAA compliance Ingredients for a well-run compliance program Proper time and instruction for each piece The complexities of the regulation And much more …....

Read More
Warning Issued About 3 High-Severity Vulnerabilities in OFFIS DICOM Software
Jun28

Warning Issued About 3 High-Severity Vulnerabilities in OFFIS DICOM Software

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory for the healthcare and public health sector warning about three high-severity vulnerabilities in OFFIS DCMTK software. The software is used for examining, constructing, and converting DICOM image files, handling offline media, and sending and receiving images over a network connection. The vulnerabilities affect all versions of DCMTK prior to version 3.6.7. If exploited, a remote attacker could trigger a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution. Two path traversal vulnerabilities have been identified in the product which could be exploited to write malformed files into arbitrary directories under controlled names, allowing remote code execution. The product’s service class provider (SCP) is vulnerable to path traversal – CVE-2022-2119 – and the service class user (SCU) is vulnerable to relative path traversal – CVE-2022-2120. Both vulnerabilities have been assigned a CVSS v3 base score of 7.5 out of 10 (high...

Read More
Reader Offer: Free Annual HIPAA Risk Assessment
Jun28

Reader Offer: Free Annual HIPAA Risk Assessment

HIPAA Journal has partnered with The Compliancy Group to offer its readers a free annual HIPAA Risk Assessment.     Covered Entities like medical practices and Business Associates like IT providers are required conduct a HIPAA risk assessment by the 2003 HIPAA Security Rule (45 CFR § 164.308 – Security Management Process) and HITECH Act 2009.

Read More
Video: Why HIPAA Compliance is Important for Healthcare Professionals
Jun28

Video: Why HIPAA Compliance is Important for Healthcare Professionals

Many sources explaining why HIPAA compliance is important for healthcare professionals tend to focus on the purpose of HIPAA regulations rather than the benefits of compliance for healthcare professionals. The same sources also tend to focus on how noncompliance affects patients and employers, rather than the impact it can have on healthcare professionals´ lives. This article discusses why HIPAA compliance is important for healthcare professionals from a healthcare professional´s perspective. It explains why healthcare professionals cannot avoid HIPAA; and that, by complying with HIPAA, healthcare professionals can foster patient trust, keep patients safer, and contribute towards better patient outcomes. This is turn raises morale, creates a more rewarding work experience, and enables healthcare professionals to get more from their vocation. Conversely, the failure to comply with HIPAA can have significant professional and personal consequences. Yet the failure to comply with HIPAA is not always a healthcare professional´s fault. Sometimes it can be due to insufficient training or...

Read More