HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
2/11/2022
/ Cyber Attacks ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Requirements ,
Reporting Requirements
CYBERSECURITY -
ECRI Names Cybersecurity Attacks as Top Health Technology Hazard for 2022 -
ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device...more
1/21/2022
/ Automation Systems ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
FBI ,
Hackers ,
Health Care Providers ,
Japan ,
Malware ,
Popular ,
QR Codes ,
Vessels ,
Vulnerability Assessments
ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device Evaluation group, “the Top 10 Health Technology Hazards list identifies the potential sources of danger...more
1/20/2022
/ Annual Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Popular ,
Vulnerability Assessments
On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed data from its system on...more
1/6/2022
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Data Security ,
Electronically Stored Information ,
Hackers ,
Health Care Providers ,
Information Technology ,
Multi-Factor Authentication ,
Personal Data ,
Personally Identifiable Information
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
12/23/2021
/ Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Email ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
OCR ,
Penalties ,
PHI ,
Phishing Scams ,
Policies and Procedures ,
State Attorneys General
Researchers at Mandiant have recently reported that a new ransomware group calling itself Sabbath appears to be the rebranded group Arcane and “picked up their pace” in November....more
12/2/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Educational Institutions ,
Hackers ,
Health Care Providers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
Threat intelligence firm Mandiant released findings about a new Russian based hacking group dubbed FIN12, which is targeting the health care industry and companies with revenue over $300 million. Mandiant said that FIN12 is...more
As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by...more
10/7/2021
/ Business Associates ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Health Care Providers ,
Health Clinics ,
Hospitals ,
Information Technology ,
Risk Management ,
Vulnerability Assessments
Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data breach following a ransomware attack that corrupted its medical records system,...more
9/17/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Information Technology ,
PHI ,
Popular ,
Ransomware
The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an...more
In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems...more
7/9/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Hospitals ,
Popular ,
Risk Management ,
Security Risk Assessments ,
Vulnerability Assessments
University Medical Center in Las Vegas announced that it recently became the victim of a ransomware attack by REvil, a well-known threat actor that has attacked many hospitals and health systems with the Sodinokibi malware...more
Reproductive Biology Associates, LLC (RBA) and its affiliate, MyEggBank, notified approximately 38,000 patients that a data breach involving a ransomware attack had exposed the patients’ full names, addresses, Social Security...more
6/24/2021
/ Clinical Laboratory Testing ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Fertility Treatments ,
Hackers ,
Health Care Providers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Ransomware
Continuing its serious march against covered entities not allowing patients access to their records, the Office for Civil Rights (OCR) has settled two more cases in two days in its Right of Access Initiative. This brings the...more
The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist U.S.-based private hospitals with ransomware and cyber-attacks for free....more
2/26/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Hospitals ,
Information Technology ,
Personally Identifiable Information ,
PHI ,
Ransomware
The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most...more
The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani,...more
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000....more
On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.”...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
10/16/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCC ,
Personally Identifiable Information ,
PHI
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
10/5/2020
/ Data Breach ,
Electronic Medical Records ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019....more
CYBERSECURITY -
Health Care Providers Continue to Be Hit with Ransomware and Phishing -
It doesn’t matter in which state you are located, how many patients you treat, what kind of medicine you practice or how many...more
It doesn’t matter in which state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are...more
It is being reported by Cointelegraph that ransomware group Netwalker is offering for sale data it exfiltrated from Pennsylvania based Crozer-Keystone Health System after the system declined to pay the requested ransom....more