The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail.
The affected patients were mothers and newborns enrolled in the newborn...more
Researchers at Stanford University have released a study concluding that wearable fitness trackers provide inaccurate measurements when it comes to providing information to users on how many calories have been burned....more
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks...more
5/19/2017
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye....more
5/18/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Information Technology ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management
The Office for Civil Rights (OCR) issued a press release today announcing that it has settled alleged HIPAA violations with Memorial Hermann Health System (MHHS) for $2.4 million. According to the Resolution Agreement it has...more
Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers,...more
Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million....more
Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health...more
The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.”...more
ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its...more
Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and feel for what looked like a real...more
4/14/2017
/ Cyber Crimes ,
Data Breach ,
Educational Institutions ,
Email ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical School ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Universities
Buffalo, New York Erie County Medical Center has announced that its IT system has been shut down since Sunday, April 11, 2017, due to an unnamed virus. The shut-down has affected the medical facility’s email system,...more
The FBI issued a Private Industry Alert on March 22, 2017, to health and dental providers entitled “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information” specifically warning health and dental...more
4/3/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Protection ,
Dentists ,
Electronic Health Record Incentives ,
FBI ,
File Transfer Protocols (FTP) ,
Hackers ,
Health Care Providers ,
PHI ,
Popular
Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet....more
West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their...more
Medjack is a form of malware that was specifically developed to attack medical devices, such as heart monitors, CT and MRI machines, insulin pumps and PAC systems....more
We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the...more
3/6/2017
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Popular
Vanderbilt University Medical Center (VUMC) has announced that it will be sending breach notification letters to over 3,000 patients as a result of unauthorized access to PHI by two patient transporters....more
Health care data breaches are not slowing. According to a report issued by Protenus, in conjunction with www.databreaches.net, the summary of healthcare data breaches in 2017 continues where 2016 left off.
In January...more
We continue to see all industries hit with W2 phishing scams, including the health care industry.
Citizens Memorial Hospital, located in Bolivar, Missouri, was hit with the scam when one of its employees believed that an...more
2/24/2017
/ Cyber Crimes ,
Email ,
Hackers ,
Health Care Providers ,
Hospitals ,
Identity Theft ,
IRS ,
Payroll Records ,
Phishing Scams ,
Tax Fraud ,
Tax Returns ,
W-2
A new report issued by Safetica USA has organized data breaches affecting over 500 individuals that were self-reported to the Office for Civil Rights (OCR) in 2016 into a list by state and records exposed....more
In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more
2/6/2017
/ Covered Entities ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI
My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks.
Little Red Door...more
1/26/2017
/ Cancer ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Health Care Providers ,
Healthcare ,
Malware ,
PHI ,
Ransomware
The Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule updating proposed changes to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations (also known as 42 CFR Part 2...more
1/23/2017
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Drug & Alcohol Abuse ,
Electronic Medical Records ,
Health Care Providers ,
Healthcare ,
Information Sharing ,
Medical Records ,
Privacy Concerns ,
SAMHSA ,
Substance Abuse
The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more
1/16/2017
/ Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Laptop Computers ,
Mental Health ,
Personally Identifiable Information ,
PHI ,
Social Media