Latest HIPAA News

The HHS’ Office for Civil Rights (OCR) has fined Sharp HealthCare $70,000 for failing to provide a patient with timely...

The Department of Health and Human Services’ Office for Civil Rights (OCR) is continuing to crackdown on noncompliance with the...

A ransomware factsheet has been released by the National Cyber Investigative Joint Task Force (NCIJTF) to raise awareness of the...

On January 28, 2021, Democratic senators introduced the Public Health Emergency Privacy Act to protect the privacy of Americans and...

Two members of the Department of Veteran Affairs’ (VA) information technology staff are alleged to have made false representations about...

Europol has announced the notorious Emotet Botnet has been taken down as part of a multinational law enforcement operation. Law...

A new report published by Tenable has revealed almost half of all healthcare data breaches are the result of ransomware...

Many data breaches start with a phishing email, but credential phishing can also occur via other communication channels such as...

More large healthcare data breaches were reported in 2020 than in any other year since the HITECH Act called for...

The Department of Health and Human Services has adopted new minimum and maximum penalties for HIPAA violations for 2020 to...

Ransomware attacks have had a massive impact on businesses and organizations in the United States, and 2020 was a particularly...

The Department of Health and Human Services’ Office for Civil Rights has announced it will be exercising enforcement discretion and...

2020 ended with healthcare data breaches being reported at a rate of 2 per day, which is twice the rate...

The Department of Health and Human Services’ Office for Civil Rights has announced the health insurer Excellus Health Plan has...

The U.S. Court of Appeals for the Fifth Circuit has overturned a $4,348,000 HIPAA violation penalty imposed on University of...

The HHS’ Office for Civil Rights (OCR) is continuing to crackdown on healthcare providers that are not providing patients with...

On January 5, 2020, President Trump added his signature to a bill (HR 7898) that amends the Health Information Technology...

The Federal Bureau of Investigation (FBI) has issued a Private Industry Alert about the growing threat of Egregor ransomware attacks....

In the fall of 2020, a warning was issued to the healthcare and public health sector following a spike in...

2020 was the worst ever year for healthcare industry HIPAA compliance data breaches. Some 616 data breaches of 500 or...

The DHS’ Cybersecurity and Infrastructure Security Agency has launched a website providing resources related to the ongoing cyber activities of...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled a HIPAA Right of Access compliance...

For the second successive month, the number of reported healthcare data breaches has fallen; however, it should be noted that...

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released final guidance...

The Department of Health and Human Services’ Office for Civil Rights has published new guidance on the Health Insurance Portability...

The Department of Health and Human Services’ Office for Civil Rights has published its 2016-2017 HIPAA Audits Industry Report, highlighting...

The Nevada-based emergency services provider SkyMed has reached a settlement with the Federal Trade Commission (FTC) following an audit of...

A new bill (HR 7898) has been passed by the House Energy and Commerce Committee which seeks to amend the...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that sophisticated hackers are actively exploiting SolarWinds Orion IT...

The Department of Health and Human Services has issued a notice of proposed rulemaking detailing multiple HIPAA Privacy Rule changes...

GBMC HealthCare in Maryland, Golden Gate Regional Center in California, and Dyras Dental in Michigan have recently suffered ransomware attacks...

President-elect Joe Biden has named California Attorney General Xavier Becerra as Secretary of the Department of Health and Human Services....

The Cybersecurity Infrastructure and Security Agency has issued a warning about a global spear phishing campaign targeting organizations in the...

A team of researchers at Ben-Gurion University in Israel have described a possible bioterrorist attack scenario in which the supply...

Threat actors using Ragnar Locker ransomware have stepped up their attacks and have been targeting businesses and organizations in many...

Several phishing campaigns have been identified that are using free Google services to bypass email security gateways and ensure malicious...

On Friday last week, the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) and Office...

October saw well above average numbers of data breaches reported the HHS’ Office for Civil Rights. There were 63 reported...

The HHS’ Office for Civil Rights has announced its 18th HIPAA financial penalty of the year with the 12th fine...

The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has issued an update on ransomware activity targeting...

Advanced Persistent Threat (APT) groups in Russia and North Korea are targeting companies involved in research into COVID-19 and vaccine...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 11th financial penalty under...

The U.S. Federal Trade Commission has reached a settlement with Zoom to resolve allegations that the teleconferencing platform provider misled...

Timberline Billing Service, LLC, a Des Moines, IA-based Medicaid billing company, has suffered a ransomware attack that resulted in the...

The U.S. Department of Health and Human Services’ Office for Civil Rights has announced its 10th financial penalty under its...

Wakefern Food Corporation has agreed to pay $235,000 in civil financial penalties to resolve allegations of violations of federal and...

The deadline for compliance with the information blocking and health IT certification requirements of the 21st Century Cures Act have...

The City of New Haven, Connecticut has agreed to pay a $202,400 financial penalty to the Department of Health and...

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...

Aetna Life Insurance Company and the affiliated covered entity (Aetna) has agreed to settle multiple potential HIPAA violations with the...

The FDA has approved a new rubric designed by the MITRE Corporation for assigning Common Vulnerability Scoring System (CVSS) scores...

The U.S. Department of Justice has announced 6 Russian hackers have been indicted for their role in the 2017 NotPetya...

The UK National Cyber Security Centre (NCSC) has recently issued a security alert advising organizations to patch a serious remote...

Comparitech security researcher Bob Diachenko has discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications...

On October 2020 Patch Tuesday, Microsoft released a patch to correct a critical remove code execution vulnerability in the Microsoft...

Universal Health Services has confirmed that all 250 of its hospitals in the United States are back up and running...

A joint advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warning...

The HHS’ Office for Civil Rights (OCR) is continuing its crackdown on healthcare providers that are not fully complying with...

Franklin, TN-based Community Health Systems and its subsidiary CHSPCS LLC have settled a multi-state action with 28 state attorneys general...

The Department of Health and Human Services’ Office for Civil Rights has announced its 12th HIPAA penalty of 2020 and...

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals...

On Wednesday, Blackbaud filed a Form 8-K with the U.S. Securities and Exchange Commission (SEC) that provided further information on...

The Indianapolis, IN-based health insurer Anthem Inc. has settled a multi-state investigation by state attorneys general over its 78.8 million...

Universal Health Services (UHS), a King of Prussia, PA-based health system with more than 400 healthcare facilities in the United...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85 million HIPAA penalty on...

The Department of Health and Human Services’ Office for Civil Rights has announced its 10th HIPAA violation fine of 2020....

The HHS’ Office for Civil Rights has announced a $1.5 million settlement has been reached with Athens Orthopedic Clinic PA...

Ransomware attacks on hospitals pose a risk to patient safety. File encryption results in essential systems crashing, communication systems are...

CISA has published information on a critical vulnerability in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) now that a public...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that a new version of its...

The Department of Health and Human Services’ Office for Civil Rights has announced five settlements have been reached to resolve...

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning hackers affiliated with...

A potential class action lawsuit filed against the University of Chicago, UChicago Medicine, and Google over an alleged privacy and...

The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) recently released a draft consumer privacy...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance for network defenders and incident response teams on identifying...

The Department of Health and Human Services’ Office for Civil Rights has announced it has published additional resources for mobile...

The number of healthcare providers confirmed to have been affected by the Blackbaud ransomware attack and data breach is growing,...

Tucson, AZ-based Assured Imaging, a subsidiary of Rezolut Medical Imaging and provider of Health Screening and Diagnostic Services, has announced...

A sophisticated COVID-19 themed phishing campaign has been detected that spoofs chemical manufacturers and importers and exporters offering the recipient...

The American College of Radiology, the Society for Imaging Informatics in Medicine, and the Radiological Society of North America have...

The Secretary of the HHS, Alex Azar, has declared a public health emergency exists in the states of Louisiana and...

The risk analysis is one of the most important requirements of the HIPAA Security Rule, yet it is one of...

A new study conducted by IRONSCALES shows there has been a major increase in credential theft via spoofed websites. This...

An ongoing voice phishing (vishing) campaign is being conducted targeting remote workers from multiple industry sectors. The threat actors impersonate...

A new peer-to-peer (P2P) botnet has been discovered that is targeting SSH servers found in IoT devices and routers which...

July saw a major fall in the number of reported data breaches of 500 or more healthcare records, dropping below...

A new report has revealed the personal and protected health information of patients and other sensitive data are being exposed...

A database containing the personal information of more than 3.1 million patients has been exposed online and was subsequently deleted...

NIST has published the final version of its zero trust architecture guidance document (SP 800-207) to help private sector organizations...

The House of Representatives has voted to lift the ban on the Department of Health and Human Services using federal...

The FBI Cyber Division has issued a Private Industry Notification advising enterprises still using Windows 7 within their infrastructure to...

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert warning enterprises of the...

On Monday, August 3, 2020, President Trump signed an executive order to expand access to telehealth services for the 57...

This week, the Federal Bureau of Investigation (FBI) issued a (TLP:WHITE) FLASH alert following an increase in attacks involving Netwalker...

The 2020 Cost of Data Breach Report from IBM Security has been released and reveals there has been a slight...

The HHS’ Office for Civil Rights has imposed a $1,040,000 HIPAA penalty on Lifespan Health System Affiliated Covered Entity (Lifespan...

The sharp drop in healthcare data breaches seen in May proved to be short lived, with June seeing a major...

The HHS’ Office for Civil Rights (OCR) has announced a $25,000 settlement has been reached with Metropolitan Community Health Services...

The biomedical community is working hard to develop vaccines against SARS-CoV-2 and discover new treatments for COVID-19 and nation-state hackers...

Two Chinese nationals have been indicted by the U.S. Department of Justice (DOJ) for targeting and hacking US companies, government...

The Emotet botnet has been reactivated after a 5-month period of dormancy and is being used to send large volumes...

The APT29 hacking group, aka Cozy Bear, is targeting healthcare organizations, pharma firms, and research entities in the United States,...

The New Zealand-based cybersecurity firm Emsisoft has released ransomware statistics for 2020 that show there have been at least 41...

The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and...

A joint alert was recently issued by the FBI and the DHS’ Cybersecurity Infrastructure Security Agency (CISA) regarding cybercriminals’ use...

A large-scale phishing campaign conducted in 62 countries has been shut down by Microsoft.  The campaign was first identified by...

The U.S. National Security Agency (NSA) has issued guidance to help organizations secure IP Security (IPsec) Virtual Private Networks (VPNs),...

Several vulnerabilities have been identified in the remote access system, Apache Guacamole.  Apache Guacamole has been adopted by many companies...

HIPAA Journal previously reported on an April 2020 ransomware attack on Magellan Health. Further information on the attack has now...

Des Moines, Iowa-based UnityPoint Health has agreed to settle a proposed class action lawsuit filed by victims of two phishing...

May 2020 saw a marked fall in the number of reported healthcare data breaches compared to April, with 28 data...

More companies are now completing their digital transformations and are taking advantage of the flexibility, scalability, and cost savings provided...

19 zero-day vulnerabilities have been identified in the TCP/IP communication software library developed by Treck Inc. which impact hundreds of...

When patients contract an infectious respiratory disease such as COVID-19, the immune system develops antibodies that provide protection if the...

Misconfigured public cloud databases are often discovered by security researchers. Misconfigurations that leave cloud data exposed could be due to...

A functional proof of concept (PoC) exploit for a critical remote code execution vulnerability in the Microsoft Server Message Block...

The COVID-19 pandemic has forced many companies to change working practices and allow large numbers of employees to work remotely...

The Health Information Sharing and Analysis Center (H-ISAC) has published a framework for CISOs to manage identity and defend their...

There were 37 HIPAA healthcare data breaches of 500 or more records reported in April 2020, up one from the...

Joint guidance has been issued by the Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing...

Two privacy bills have been introduced relating to COVID-19 contact tracing apps that are now being considered by Congress. The...

On Tuesday, the FBI and the Cybersecurity and Infrastructure Security Agency issued a joint public service announcement detailing the top...

The American Medical Association (AMA) has published a set of privacy principles for non-HIPAA-covered entities to help ensure that the...

The U.S. Federal Trade Commission (FTC) is seeking comment on its breach notification requirements for non-HIPAA-covered entities that collect personally...

The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy...

There has been a significant improvement in compliance with the HIPAA Right of Access, according to the latest Patient Record...

The National Security Agency has issued cybersecurity guidance for teleworkers to help improve security when working remotely. The guidance has...

The contact tracing technology being developed by Apple and Google to help track people who have come into close contact...

Parkview Medical Center in Pueblo, Colorado is recovering from a ransomware attack that started on April 21, 2020. The attack...

March 2020 saw a 7.69% month-over-month decrease in the number of reported healthcare data breaches and a 45.88% reduction in...

The HHS will be exercising enforcement discretion in relation to compliance with the new interoperability and information sharing rules that...

On Tuesday, the HHS’ Office of inspector General (OIG) proposed a rule that amends civil monetary penalty rules to also...

The FBI has issued a fresh warning following an increase in COVID-19 phishing scams targeting healthcare providers. In the alert,...

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are attempting to steal money from state agencies...

On April 2020 Patch Tuesday, Microsoft released updates to correct 113 vulnerabilities in its operating systems and software solutions, 19...

The McHenry County Health Department in Illinois has been refusing to provide the names of COVID-19 patients to 911 dispatchers...

The HHS has issued a Notice of Enforcement Discretion covering healthcare providers and business associates that participate in the operation...

INTERPOL has issued an alert to hospitals over continuing ransomware attacks during the 2019 Novel Coronavirus pandemic. While some ransomware...

The Federal Bureau of Investigation has issued a warning following a rise in Business Email Compromise (BEC) attacks that are...

Teleconferencing platforms such as Zoom have proven popular with businesses and consumers for maintaining contact while working from home during...

On April 2, 2020, the Department of Health and Human Services announced that with immediate effect, it will be exercising...

The COVID-19 pandemic is forcing many employees to work from home and the infrastructure used to support those workers is...

The Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) has announced a set of sweeping...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued further guidance on HIPAA and...

In an effort to prevent the spread of the 2019 novel coronavirus, patients suspected of being exposed to the virus...

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which...

Following on from the announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to...

There have been several reported cases of cyberattacks on healthcare organizations that are currently working round the clock to ensure...

HIPAA covered entities – healthcare providers, health plans, healthcare clearinghouses – and business associates of covered entities no doubt have...

The Healthcare and Public Health Sector Coordinating Council (HSCC) has published best practices for cyber threat information sharing. The new...

Update 03/12/20: Microsoft has updated its security advisory and has released an out-of-band update for the flaw for CVE-2020-0796 Windows...

Ransomware attacks on healthcare providers increased by 350% in Q4, 2019, according to a recently published report from Corvus. The...

On March 6, 2020, the Office of Information and Regulatory Affairs’ Office of Management and Budget announced it has completed...

The Protecting Jessica Grubbs Legacy Act (S. 3374) has been reintroduced by Senators Joe Manchin (D-W.V.) and Shelley Moore Capito...

Following the revelation that a considerable volume of patient data had been shared with Google by the Catholic health system...

12 vulnerabilities – collectively called SweynTooth – have been identified by researchers at the Singapore University of Technology and Design...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA penalty of 2020....

An audit of the National Institutes of Health (NIH) conducted by the Department of Health and Human Services’ Office of...

The National Institute of Standards and Technology (NIST) has published a cybersecurity education and development roadmap based on data from...

The American Medical Association (AMA) has published a new HIPAA playbook to help physicians and their practices understand the HIPAA...

Every year, Rave Mobile Safety conducts a nationwide survey to identify healthcare security trends and assess the state of emergency preparedness and...

In January, healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’...

The healthcare industry is digitizing business management and data management processes and is adopting new technology to improve efficiency and...

An audit conducted by the Department of Health and Human Services’ Office of Inspector General (OIG) has revealed many pharmacies...

A new study by Comparitech has shed light on the extent to which ransomware has been used to attack healthcare...

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) has published its 2019 Internet Crime Report. The report...

The HIPAA Breach Notification Rule requires data breaches of 500 or more records to be reported to the Secretary of...

The Department of Health and Human Services has issued a final rule modifying the HIPAA National Council for Prescription Drug...

The Department of Health and Human Services has issued a bulletin reminding HIPAA covered entities about the ways that patient...

A new report from the ransomware incident response firm Coveware shows payments made by ransomware victims increased sharply in Q4,...

2019 Health Statistics published by the Organisation for Economic Co-operation and Development’s (OECD) show healthcare expenditures in the United States are...

The Department of Health and Human Services’ Office for Civil Rights has announced that certain legislative changes made in the...

Patients want easy access to their health data and for their health information to be presented in a concise, easy...

A warning has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about a recent increase in Emotet...

There were 38 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’...

Microsoft has issued patches for several critical vulnerabilities in all supported Windows versions that require urgent attention to prevent exploitation....

Many group health plan sponsors are not fully compliant with the Health Insurance Portability and Accountability Act Rules, according to...

Microsoft is stopping free support for Windows 7, Windows Server 2008, and Windows Server 2008 R2 on January 14, 2020,...

A Georgia man has been charged over an elaborate scheme to frame an acquaintance for violations of the Health Insurance...

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a recently discovered vulnerability...

Figures from the Department of Health and Human Services’ Office for Civil Rights breach portal show a major increase in...

It has been another year of heavy enforcement of HIPAA compliance. HIPAA enforcement in 2019 by the Department of Health...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a $65,000 settlement has been reached...

The FBI has issued a TLP:Amber alert in response to a spate of cyberattacks involving the ransomware variants LockerGoga and...

A discussion draft of a new bipartisan data privacy bill has been released by the House Energy and Commerce Committee....

The Department of Education and the Department of Health and Human Services’ Office for Civil Rights have issued updated guidance...

In November 2019, 33 healthcare data breaches of 500 or more records were reported to the Department of Health and...

Encryption renders data inaccessible to unauthorized individuals, provided the private key to decrypt data is not compromised and strong encryption...

Pressure is continuing to be applied on Google and its parent company Alphabet to disclose information about how the protected...

The Department of Health and Human Services’ Office for Civil Rights has announced its second enforcement action under its HIPAA...

Cybersecurity firm Emsisoft has issued a warning about a recently discovered bug in the decryptor used by Ryuk ransomware victims...

Healthcare organizations still using Windows 7 and Windows 2008 only have a few days to upgrade the operating systems before...

A Colorado IT firm that specializes in providing managed IT services to dental offices has been attacked with ransomware. Through...

Cyberattacks on healthcare organizations have increased in frequency and severity in the past year, according to recently published research from...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 8th HIPAA financial penalty of...

There was a 44.44% month-over-month increase in healthcare data breaches in October. 52 breaches were reported to the HHS’ Office...

The Department of Health and Human Services’ Office for Civil Rights is cracking down on noncompliance with the HIPAA Right...

Following a report in the Wall Street Journal, Google has confirmed it is collaborating with one of the largest healthcare...

U.S. Senator, Mark. R. Warner (D-VA) has written to the Director of the HHS’ Office for Civil Rights, Roger Severino,...

The U.S Department of Health and Human Services has increased the civil monetary penalties for HIPAA compliance violations in accordance...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $1.6 million civil monetary penalty...

The University of Rochester Medical Center (URMC) has paid a $3 million HIPAA penalty for the failure to encrypt mobile...

In May 2019, Microsoft made an announcement about a critical remote code execution vulnerability in Windows Remote Desktop Services named...

The HHS has updated its HIPAA Security Risk Assessment Tool and has added several new user-requested features to improve usability....

Healthcare data breaches lead to a reduction in the quality of care provided to patients, according to a study recently...

The Department of Health and Human Services’ Office for Civil Rights has imposed a $2.15 million civil monetary penalty against...

The sensitive health information of millions of patients has been exposed over the internet as a result of the failure...

September saw 36 healthcare data breaches of more than 500 records reported to the Department of Health and Human Services’...

Internal Department of Veteran Affairs (VA) communications, disability claims, and the health information of thousands of veterans have been exposed...

Roger Severino, Director of the HHS’ Office for Civil Rights, has given an update on OCR’s HIPAA enforcement priorities at...

Internet of Medical Things (IoMT) technology is helping to increase efficiency, improve the quality of healthcare, and lower healthcare costs;...

The Medical Imaging & Technology Alliance (MITA) has released a new medical device security standard which provides healthcare delivery organizations...

The U.S. Department of Health and Human Services (HHS) has proposed changes to physician self-referral and federal anti-kickback regulations which...

On October 7, 2019, New York Governor Andrew Cuomo signed new legislation into law – S.4119/A.230 – that prohibits first...

Vulnerabilities in popular VPN products from Pulse Secure, FortiGuard, and Palo Alto are being actively exploited by advanced persistent threat...

A recent survey conducted by B2B International on behalf of Kaspersky Lab has revealed the average cost of an enterprise-level...

A recent report from New Zealand-based cybersecurity firm Emsisoft has revealed the extent to which ransomware is being used in...

The Department of Health and Human Services’ Office for Civil Rights has agreed to settle a HIPAA compliance violation case...

Security researchers at Armis have identified 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component used in...

Another healthcare provider has announced it will be permanently closing its doors as a direct result of a ransomware attack....

Sen. Rand Paul, M.D., (R-Kentucky) has introduced a new bill that attempts to have the national patient identifier provision of...

The Department of Health and Human Services (HHS) is prohibited from using any of its budget to fund the development...

Researchers from Michigan State University and Johns Hopkins University have conducted a study of healthcare data breaches of protected health...

In August, healthcare data breaches continued to be reported at a rate of more than 1.5 per day, which is...

A recent investigation by ProPublica, the German public broadcaster Bayerischer Rundfunk, and vulnerability and analysis firm Greenbone Networks has revealed...

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate...

The National Cybersecurity Center of Excellence (NCCoE) has issued draft NIST guidelines for securing the picture archiving and communications system...

The Consumer Technology Association (CTA) has released data privacy guidelines to help companies better protect health and wellness data. The...

The healthcare industry experiences more than its fair share of phishing attacks. Each week, several phishing attacks are reported by...

The Healthcare and Public Health Sector Coordinating Council (HSCC) has published guidance on cybersecurity information sharing organizations in the healthcare...

A recent ProPublica investigation has highlighted a growing problem that is fueling the current ransomware epidemic. Insurance companies are opting...

Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that one of the...

A majority of patients are comfortable with sharing their biospecimens and EHR data for research purposes, according to a new...

When healthcare organizations experience a data breach it is understandable that breach victims will be upset and angry. Information is...

Alex Azar, Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency (PHE) in...

On June 26, a patient of University of Chicago Medical Center (UCMC) filed a lawsuit against the medical center and...

The importance of security awareness training for healthcare employees has been highlighted by a recent phishing attack on Bonita Springs,...

Healthcare organizations can implement robust defenses to prevent hackers from gaining access to sensitive data, but not all threats come...

A ransomware attack on a medical record backup service has prevented hundreds of dental practices in the United States from...

The victim count from the American Medical Collection Agency (AMCA) data breach has risen to almost 25 million as yet...

The Office of Management and Budget (OMB) has submitted its annual report to Congress on the state of cybersecurity in...

May 2019 was the worst ever month for healthcare data breaches with 46 reported breaches of more than 500 records....

The Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed a new rule that loosens restrictions on substance use...

Each year, Rave Mobile Safety conducts a survey to identify healthcare security trends and determine the state of emergency preparedness in...

A recent study conducted by the health manuscript archiving company medRxiv has revealed widespread noncompliance with the HIPAA right of...

A ransomware attack on an Aberdeen, WA-hospital and associated clinics is still causing problems two months after the attack occurred....

The National Association of Attorneys General (NAAG) has urged leaders of the House and Senate to make changes to the...

The Government Accountability Office (GAO) conducted a study of 23 federal agencies and found widespread cybersecurity risk management failures. Federal...

A Federal District Judge has given preliminary approval to a proposed $74 million settlement to resolve a consolidated class action...

It has been a particularly bad six months for the healthcare industry. Data breaches have been reported in record numbers...

Ransomware appeared to have gone out of fashion in 2018, but that is certainly not the case in 2019. Q1,...

More than half a million patients in Bayamón, Puerto Rico have been affected by a ransomware attack on a medical...

Before cloud services can be used by healthcare organizations for storing or processing protected health information (PHI) or for creating...

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has issued draft mobile device security...

Healthcare organizations often turn to a HIPAA compliant cloud vendor or Managed Service Provider to help them ensure electronic patient...

The number of healthcare providers confirmed to have been affected by the data breach at American Medical Collection Agency (AMCA)...

For the past two months, healthcare HIPAA compliance data breaches have been reported at a rate of 1.5 per day...

Equifax has agreed to settle its federal data breach case for a minimum of $575 million. The settlement will potentially...

New rules for hospitals have been implemented in Idaho that give patients new rights. The rules were implemented by the...

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions...

Premera Blue Cross has agreed to a $10 million settlement to resolve a multi-state data breach lawsuit involving 30 state...

An improper authentication vulnerability has been identified in GE Aestiva and Aespire Anesthesia devices which are used in hospitals throughout...

Researchers at Sandia National Laboratories have discovered a vulnerability in open source software used by genomic researchers. If exploited, an...

A two-year-old vulnerability in Microsoft Outlook is being exploited by hackers in targeted attacks on U.S. government networks. U.S. Cyber...

A recent study of cybersecurity best practices adopted by large and small healthcare providers has revealed there is a growing...

The Senate Health, Education, Labor and Pensions (HELP) Committee has approved the Lower Health Care Costs (LHCC) Act of 2019,...

The Department of Health and Human Services’ Office for Civil Rights has issued new HIPAA guidance for health plans on...

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning following a...

In April, more healthcare data breaches were reported than in any other month to date. The high level of data...

The Oregon Department of Human Services (ODHS) is notifying 645,000 clients that some of their personal information has potentially been...

One of the requirements of the HIPAA Administrative Simplification Rules was the development of a national identifier for all patients....

A woman in Alabama has been awarded $300,000 in damages after a doctor illegally accessed and disclosed her protected health...

The Government Accountability Office (GAO) has published the findings of an audit of all federal government systems that run on...

The dust has barely settled after the news of the massive data breach at American Medical Collection Agency (AMCA) broke...

A recent report from Carbon Black has revealed that 66% of healthcare organizations have experienced a ransomware attack in the...

The total number of victims of the American Medical Collections Agency (AMCA) data breach has now passed 20 million, as...

Coffey Health System has agreed to a $250,000 settlement with the U.S. Department of Justice to resolve alleged violations of...

Microsoft has issued a fresh warning about the recently discovered BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) following the online...

Following the news that the data breach at American Medical Collection Agency (AMCA) exposed the records of 11.9 million Quest...

In March 2015, the Seattle-based health insurer Premera Blue Cross announced it had experienced a major data breach that impacted...

A hacker has gained access to the systems of Elmsford, NY-based billing collections company American Medical Collection Agency (AMCA) and...

Healthcare organizations have been slow to correct the flaw in Remote Desktop Services that was patched by Microsoft on May...

More than two weeks after Microsoft issued a patch for a critical, wormable flaw in Remote Desktop Services, nearly 1...

Medical Informatics Engineering (MIE) is required to pay a financial penalty of $900,000 to resolve a multi-state action over HIPAA...

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical...

Medical Informatics Engineering, Inc (MIE) has settled its HIPAA violation case with the HHS’ Office for Civil Rights for $100,000....

In April, Inmediata, a provider of clearinghouse services to healthcare organizations, announced that the protected health information of certain patients...

The American Academy of Neurology (AAN) has voiced concerns about the interoperability plans of the Centers for Medicare and Medicaid...

April was the worst ever month for healthcare data breaches. More data breaches were reported than any other month since...

The sorry state of healthcare cybersecurity has been highlighted by a recent Forescout study. The study revealed the healthcare industry...

On Tuesday May 14, 2019, Microsoft released a patch to fix a ‘wormable’ flaw in Windows, similar to the vulnerability...

Two Chinese nationals who were allegedly behind the 2015 hacking of Anthem Inc., have been charged by the U.S. Department...

Today sees the release of the 2019 Verizon Data Breach Investigations Report. This is the 12th edition of report, which...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with...

Facebook is making changes to Facebook Groups used to discuss health conditions. The move comes following criticism that Facebook Groups...

Malwarebytes has released a new report detailing the current tactics and techniques being used by cybercriminals to gain access to...

An Arizona man who sued Costco over a privacy violation and had the lawsuit dismissed by the trial court has...

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that...

The DICOM image format, which has been in use for around for 30 years, contains a design ‘flaw’ that could...

The Department of Health and Human Services has extended the deadline for submitting comments on its proposed rules to promote...