The American Institute of CPAs (AICPA), has released a risk management reporting framework intended to "establish a common, underlying language for Cybersecurity risk management reporting — almost akin to US GAAP or IFRS...more
6/9/2017
/ AICPA ,
Cell Phones ,
Class Action ,
CPAs ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Drones ,
HIPAA Breach ,
International Travel ,
Laptop Computers ,
Malware ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Risk Management ,
TCPA ,
Terrorist Threats ,
Unmanned Aircraft Systems
The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail.
The affected patients were mothers and newborns enrolled in the newborn...more
The Office for Civil Rights (OCR) issued a press release today announcing that it has settled alleged HIPAA violations with Memorial Hermann Health System (MHHS) for $2.4 million. According to the Resolution Agreement it has...more
Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health...more
The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.”...more
ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its...more
New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities.
According to OCR, the...more
Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and feel for what looked like a real...more
4/14/2017
/ Cyber Crimes ,
Data Breach ,
Educational Institutions ,
Email ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical School ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Universities
Buffalo, New York Erie County Medical Center has announced that its IT system has been shut down since Sunday, April 11, 2017, due to an unnamed virus. The shut-down has affected the medical facility’s email system,...more
The FBI issued a Private Industry Alert on March 22, 2017, to health and dental providers entitled “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information” specifically warning health and dental...more
4/3/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Protection ,
Dentists ,
Electronic Health Record Incentives ,
FBI ,
File Transfer Protocols (FTP) ,
Hackers ,
Health Care Providers ,
PHI ,
Popular
Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet....more
West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their...more
We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the...more
3/6/2017
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Popular
Vanderbilt University Medical Center (VUMC) has announced that it will be sending breach notification letters to over 3,000 patients as a result of unauthorized access to PHI by two patient transporters....more
Health care data breaches are not slowing. According to a report issued by Protenus, in conjunction with www.databreaches.net, the summary of healthcare data breaches in 2017 continues where 2016 left off.
In January...more
We previously reported that the 30 year old regulations (last updated in 1987) relating to the disclosure of substance abuse treatment information has been updated by SAMHSA to bring it into the modern world of electronic...more
2/20/2017
/ Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
EHR ,
Federal Register ,
Final Rules ,
Patient Privacy Rights ,
PHI ,
Prescription Drugs ,
Privacy Concerns ,
Regulatory Freeze ,
Regulatory Oversight ,
SAMHSA ,
Substance Abuse ,
Trump Administration
In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more
2/6/2017
/ Covered Entities ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI
MAPFRE Life Assurance Company of Puerto Rico learned the hard way about the risk of loss of patient information with portable devices like USBs, even when they are stored in the IT Department....more
My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks.
Little Red Door...more
1/26/2017
/ Cancer ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Health Care Providers ,
Healthcare ,
Malware ,
PHI ,
Ransomware
The continued risk that vendors pose to companies, including health care entities cannot be overemphasized. This week, Sentara Healthcare (Sentara) announced that one of its third-party vendors was the victim of a...more
The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more
1/16/2017
/ Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Laptop Computers ,
Mental Health ,
Personally Identifiable Information ,
PHI ,
Social Media
We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever...more
Whenever fact sheets or other guidance is issued by either the Office of the National Coordinator for Health Information Technology (ONC) or the Office for Civil Rights (OCR), it helps gain insight into the thinking of the...more
Quest Diagnostics, which operates medical laboratories, has announced that 34,000 customer records were exposed during a hacking incident that occurred on November 26th. The hacker obtained access to the information through...more
The tally of records breached in 2016 (through November) globally was over 2.1 billion, according to IT Governance. With the announcement yesterday of Yahoo’s breach of another 1 billion records, that tally is now up to 3.1...more
12/16/2016
/ Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Email ,
Hackers ,
Personally Identifiable Information ,
PHI