In the wake of the national opioid overdose crisis, the Office for Civil Rights (OCR) has provided clarification on when covered entities are permitted to disclose patient information during opioid emergencies....more
Michigan Governor Rick Snyder has signed into law the Cyber Civilian Corps Act, which established the Michigan Cyber Civilian Corps, dubbed MiC3. The corps has been in existence for three years but not statutorily deployed. ...more
11/10/2017
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data-Sharing ,
Drones ,
Drug & Alcohol Abuse ,
Elder Issues ,
Financial Services Industry ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Malware ,
Opioid ,
Pain Management ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
State Data Breach Notification Statutes ,
Unmanned Aircraft Systems
Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of...more
11/9/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Data Protection ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Malware ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Ransomware ,
Social Engineering
I just read an article about a nurse from Florida who was convicted of wire fraud, theft of government funds, possession of unauthorized access devices and aggravated identity theft....more
Paper records continue to be problematic. An Illinois psychiatrist reported to the Office for Civil Rights (OCR) that the medical records of 10,500 patients were stored in the basement of a house that he rented to an...more
Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS -
The FBI and Department of Homeland Security issued a joint statement on October 20, 2017 warning of an increased danger of a...more
10/27/2017
/ Affordable Care Act ,
Airspace ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyberbullying ,
Cybersecurity ,
Data Protection ,
Department of Homeland Security (DHS) ,
Drones ,
Electricity ,
Electronic Medical Records ,
Energy Sector ,
FBI ,
Federal Aviation Administration (FAA) ,
FERC ,
Hackers ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Internet ,
Medical Records ,
Nonprofits ,
OCR ,
Open Enrollment ,
Personally Identifiable Information ,
PHI ,
Popular ,
Power Grid ,
TCPA ,
Technology Sector ,
Utilities Sector
Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the...more
10/26/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Ransomware
FBI Issues Flash Alert on Apache Struts Vulnerability -
The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most...more
10/18/2017
/ Blockchain ,
Breach Notification Rule ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Digital Currency ,
Distributed Ledger Technology (DLT) ,
Drones ,
Enforcement Actions ,
Faxes ,
Federal Aviation Administration (FAA) ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Initial Coin Offering (ICOs) ,
Office Equipment ,
PHI ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Unregistered Securities ,
Virtual Currency ,
Vulnerability Assessments
Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have...more
Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible....more
In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public...more
10/9/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
Personally Identifiable Information ,
PHI ,
Ransomware
McAfee Report Lists Health Care Sector as Most Targeted Industry for Cyber-Attacks -
In its cybersecurity incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care...more
10/5/2017
/ Airspace ,
BSA/AML ,
Class Action ,
Corruption ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of the Interior ,
Drones ,
Fast-Food Industry ,
Federal Aviation Administration (FAA) ,
Financial Institutions ,
FinCEN ,
Franchises ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Home Depot ,
Malware ,
Money Laundering ,
Netflix ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
Restaurant Industry ,
Unmanned Aircraft Systems ,
Venezuela ,
White Collar Crimes
Health Data Management (HDM), using information compiled by Protenus Breach Barometer, published a list this week of the biggest health care data breaches so far in 2017....more
The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all...more
Women’s Health Care Group of Pennsylvania has notified approximately 300,000 patients that their protected health information has been compromised by a ransomware attack....more
Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531...more
Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance...more
7/10/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
ONC ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
US-CERT
Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya...more
A new study issued by Ponemon Institute, sponsored by IBM, reveals that healthcare data breaches still cost more than in other sectors.
The Ponemon Institute’s calculation is that the average healthcare data breach costs...more
Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more
7/3/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management
Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more
The North Dakota Department of Human Services has admitted that one of its employees threw Medicaid claim resolution worksheets into a dumpster instead of disposing them in a secure onsite shredding receptacle. The result?...more
The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?”
The Checklist is a practical tool for health care entities and outlines several steps to...more
6/16/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Health Care Providers ,
HIPAA Breach ,
Incident Response Plans ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Risk Management ,
Security Standards
Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more
Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more