Criminal HIPAA Violation Case Sees Healthcare Worker Arraigned on 430 Counts
A former employee of ACM Global Laboratories, part of Rochester Regional Health, has been accused of accessing the medical records of a patient, without authorization, on hundreds of occasions in an attempt to find information that could be used in a child custody battle. A criminal investigation was launched into the alleged HIPAA violations by Jessica Meier, 41, of Hamlin, NY, when it was suspected that she had been abusing her access rights to patient information for malicious purposes. Kristina Ciaccia was previously in a relationship with Meier’s half brother and has been in a lengthy child custody battle. In court, Ciaccia heard about a historic visit by her own brother to the emergency room at Rochester Regional Health, when she herself was unaware of the visit. Suspecting snooping on her family’s medical records, Ciaccia reported the matter to Rochester Regional Health. According to court documents, the Rochester Regional Health audit revealed Meier had accessed the private medical records of Ciaccia on more than 200 occasions between March 2017 and August 2019, without any...
Alarming Number of Medical Devices Vulnerable to Exploits Such as BlueKeep
The healthcare industry is digitizing business management and data management processes and is adopting new technology to improve efficiency and cut costs, but that technology, in many cases, has been added to infrastructure, processes, and software from a different era and as a result, many vulnerabilities are introduced. The healthcare industry is being targeted by cybercriminals who are looking for any chink in the armor to conduct their attacks, and many of those attacks are succeeding. The healthcare industry is the most targeted industry sector and one third of data breaches in the United States happen in hospitals. According to the recently published 2020 Healthcare Security Vision Report from CyberMDX almost 30% of healthcare delivery organizations (HDOs) have experienced a data breach in the past 12 months, clearly demonstrating that the healthcare industry is struggling to address vulnerabilities and block cyberattacks. Part of the reason is the number of difficult-to-secure devices that connect to healthcare network. The attack surface is huge. It has been estimated that...
2020 Protenus Breach Barometer Report Reveals 49% Increase in Healthcare Hacking Incidents
According to the 2020 Protenus Breach Barometer report, there were 572 healthcare data breaches of 500 or more records in 2019 and at least 41.4 million patient records were breached. That represents a 13.7% annual increase in the number of reported breaches and a 174.5% increase in the number of breached records. The final total for 2019 is likely to be considerably higher, as the number of individuals affected by 91 of those breaches is not known, including two major breaches that have yet to be reported that affected more than 500 dental offices throughout the United States. The 2020 Protenus Breach Barometer report, produced in conjunction with databreaches.net, was compiled from breaches reported to the HHS’ Office for Civil Rights, the media, and other sources. The report shows a dramatic rise in the number of hacking incidents in 2019, which were up 49% from 2018. 58% of all reported breaches in 2019 were hacking/IT incidents and at least 36,911,960 records were exposed or stolen in those breaches. “It appears hacking incidents, particularly ransomware incidents, are on the...
PHI of 109,000 Patients Potentially Compromised in Washington Phishing Attack
Bellevue, WA-based Overlake Medical Center & Clinics is notifying 109,000 patients that some of their personal and protected health information has potentially been compromised as a result of a December 2019 phishing attack. The phishing attack was detected on December 9, 2019 and a password reset was performed to prevent further unauthorized access. Overlake determined that one email account was compromised on December 6, 2019 and access remained possible until December 9 when the account was secured. Further email accounts were compromised on December 9, but access was only possible for a few hours. A review of the affected accounts revealed they contained patient names, addresses, telephone numbers, dates of birth, health insurance provider names, health insurance ID numbers, and diagnosis and treatment information related to the care provided at Overlake. No Social Security numbers or financial information was compromised. The investigation uncovered no evidence of data theft and no reports have been received to suggest patient data has been misused. Steps have now been...
Hackensack Meridian Health Faces Class-Action Lawsuit Over December Ransomware Attack
A lawsuit has been filed against the New Jersey Healthcare provider, Hackensack Meridian Health, over a December 2, 2019 ransomware attack that affected all 17 of its hospitals. The ransomware attack temporarily disrupted medical services while its systems were offline and access to medical records was prevented. Systems remained down for several days while data was recovered, and systems were restored. Medical services continued to be provided with staff reverting to pen and paper to record patient information. However, some non-emergent medical procedures had to be cancelled. Prompt action was taken to secure its systems and recover data and physicians, nurses, and clinical teams worked round the clock to ensure patient safety was maintained during the attack and recovery process. In order to restore systems in the fastest possible timeframe and prevent ongoing disruption to medical services, the decision was taken to pay the ransom. Hackensack Meridian Health had a comprehensive insurance policy in place, which helped cover the cost of the ransom payment, and its remediation and...



