The Department of Homeland Security (DHS) issued a warning on April 15, 2019 entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
4/19/2019
/ Cookies ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Email ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams
The HIPAA (Health Insurance Portability and Accountability Act) breach notification regulations require covered entities to self-report the unauthorized access, use or disclosure of unprotected protected health information...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
2/12/2019
/ Business Associates ,
Corrective Actions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Employee Training ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Security Risk Assessments ,
Settlement Agreements
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources...more
1/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
New Guidance ,
Personally Identifiable Information ,
PHI ,
Risk Management
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for healthcare organizations, which consists of a main document, two technical volumes, and resources and...more
1/7/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Privacy Laws
For data security buffs like me, the recent McAfee® Labs Threats Report, December 2018 is, or should be, a top pick on the list. Well, maybe not for the holiday reading list. We need to be careful not to bring up the results...more
12/27/2018
/ Article III ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Driverless Cars ,
Drones ,
Experian ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
Public Health ,
Risk Management ,
Smart Devices ,
Standing ,
Transportation Industry ,
Vaccinations ,
Value-Based Care ,
Vulnerability Assessments
The Office for Civil Rights has announced that it has fined Lakeland, Florida based Advanced Care Hospitalists (ACH) $500,000 for an impermissible disclosure of protected health information by one of its business associates. ...more
12/12/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI
Some analysts have predicted that by 2020, there will be 20 billion Internet of Things (IoT) connected devices worldwide, which could grow to over 80 billion by 2025. Global sales of IoT devices were $80 billion in 2017, and...more
12/3/2018
/ Cybersecurity ,
Data Privacy ,
Drones ,
FSB ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Identity Theft ,
Internet of Things ,
IRS ,
OCR ,
Tax Scams ,
Unmanned Aircraft Systems ,
Vendors
Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. ...more
11/16/2018
/ Cyber Attacks ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Facilities ,
HIPAA Breach ,
PHI ,
Phishing Scams ,
Popular
The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history....more
10/22/2018
/ Anthem Insurance ,
Cyber Attacks ,
Data Breach ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
Settlement Agreements
Schneider Electric recently issued a consumer warning that it mistakenly shipped to its customers USB drives that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determined that...more
9/24/2018
/ Americans with Disabilities Act (ADA) ,
Building Inspectors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Federal Aviation Administration (FAA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitality Industry ,
Hurricane Florence ,
Malware ,
Natural Disasters ,
Personally Identifiable Information ,
Popular ,
Real Estate Development ,
Risk Management ,
Safe Harbors ,
San Francisco ,
Scams ,
Social Security Numbers ,
Successor Liability ,
Utilities Sector ,
Website Accessibility ,
Websites ,
Yahoo!
The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits....more
9/24/2018
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government
Data breaches continue to plague the healthcare industry, and July 2018 was the worst month so far this year in the number of data breaches reported to the Office for Civil Rights (OCR). ...more
As Hurricane Florence was making landfall, Department of Health and Human Services Secretary Alex Azar issued HIPAA guidance that outlined when hospitals in declared state of emergency areas can qualify for a waiver of...more
In its July newsletter on cybersecurity, the Office for Civil Rights (OCR) released “Guidance on Disposing of Electronic Devices and Media,” which outlines the requirements health care providers and business associates have...more
8/16/2018
/ Data Breach ,
Data Management ,
Digital Media ,
Electronic Data Transmissions ,
Electronic Protected Health Information (ePHI) ,
Electronically Stored Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Mobile Device Management ,
OCR ,
PHI ,
Risk Management
It is clear that the healthcare industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here, include unauthorized access to protected health information (PHI) through a...more
Data breaches continue to be an issue for healthcare providers when looking at breaches reported to the Office for Civil Rights (OCR), as required by HIPAA. In the first three months of 2018, there were 77 breaches of...more
The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. ...more
3/19/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI
U.S. Estimates that Cyber Hacks Cost Up to $109 Billion in 20 -
The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that...more
2/26/2018
/ Banking Sector ,
Bitcoin ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Justice (DOJ) ,
Digital Currency ,
Disclosure Requirements ,
Drones ,
Federal Agency Taskforce ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Malware ,
OCR ,
PHI ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
TCPA ,
Virtual Currency
In its January newsletter, the Office for Civil Rights (OCR) focused on cyber extortion, which it stated has “risen steadily over the past couple of years and continue to be a major source of disruption for many...more
2/19/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Extortion ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
OCR ,
Ransomware ,
Risk Management ,
US-CERT
As of February 15, 2018, banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of...more
2/16/2018
/ Banking Sector ,
Bitcoin ,
Blockchain ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Digital Currency ,
Distributed Ledger Technology (DLT) ,
Drones ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Technology ,
Insurance Industry ,
Medical Records ,
No-Fly Zones ,
NYDFS ,
Olympics ,
Popular ,
Risk Management ,
Virtual Currency
In the first settlement for HIPAA violations in 2018, Fresenius Medical Care North America (Fresenius) has agreed to pay $3.5 million to the Office for Civil Rights (OCR) to settle allegations against it relating to five data...more
2/12/2018
/ Corrective Actions ,
Data Breach ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management ,
Settlement Agreements
The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment,...more
Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to...more
The news about data breaches always seems to be dire lately. Some good news: data breaches in the healthcare industry were lower in October than in September, based upon reportable data breaches to the Office for Civil Rights...more
12/1/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI