The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more
12/5/2016
/ Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Educational Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement ,
Universities
On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more
12/2/2016
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Email ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
OCR ,
PHI ,
Phishing Scams
In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more
11/21/2016
/ Authentication ,
Business Associates ,
Covered Entities ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
PHI ,
Risk Assessment ,
Risk Management
The United States Attorney’s Office for the District of Massachusetts recently announced that three former district managers of the pharmaceutical firm Warner Chilcott have been sentenced for violating the Health Insurance...more
11/14/2016
/ Bonuses ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Fraud ,
HIPAA Breach ,
Pharmaceutical Industry ,
PHI ,
Prescription Drugs ,
Privacy Concerns ,
Warner Chilcott
There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more
11/4/2016
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Authorization Forms ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI
The NTT Security Q3 Quarterly Threat Intelligence Report states that the healthcare industry is the fifth most targeted industry for ransomware (behind financial services, retail, manufacturing and technology) for all cyber...more
10/28/2016
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
PHI ,
Ransomware
The Office for Civil Rights (OCR) has announced that it has entered into a settlement with St. Joseph Health, which operates hospitals and nursing homes in California, Texas and New Mexico, for $2.14 million for alleged HIPAA...more
Approximately 300,000 patients of Central Ohio Urology Group have been notified that their protected health information has been stolen and posted online.
Although the actual date of the hacking has not been released,...more
The New Jersey Spine Center was hit with a variant of CryptoWall ransomware on July 27, 2016 that encrypted its electronic health record and its backup files. A double whammy....more
10/7/2016
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
PHI ,
Ransomware
Yuba Sutter Medical Center in California (Yuba Sutter) has notified its patients that it has suffered a recent ransomware attack that caused parts of its network to be incapacitated. As a result, patient files were unable to...more
9/27/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
PHI ,
Ransomware
Hacking group Fancy Bear, reportedly a Russian group, who allegedly hacked into the Democratic National Committee emails which made headlines, has posted U.S. Olympians’ medical and drug testing records online. Although it...more
MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907...more
SCAN Health Plan of California, SCAN Health Plan Arizona, and VillageHealth are in the process of notifying certain plan members and non-plan members of a breach of protected health information, including names, addresses,...more
Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process...more
Everybody knows how much I hate USB and thumb drives. The latest scheme is for hackers to leave thumb drives in coffee shops, airports, office buildings, libraries and other public places. These USB and thumb drives contain...more
Not surprisingly, on August 30, 2016, LabMD filed its Application for a Stay of the Final Order of the Federal Trade Commission (FTC) pending review of the order by the appellate court. But since the matter is still pending...more
9/2/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
PHI ,
Section 5 ,
Stays ,
Unfair or Deceptive Trade Practices
FireEye Labs has reported that the Locky ransomware continues to hit the health care industry hard, and has increased in the month of August.
Although the telecommunications, manufacturing and aerospace/defense...more
Newkirk Products Inc., which provides ID cards and management services for healthcare organizations, including multiple Blue Cross Blue Shield organizations, has announced that it has discovered that its computer system was...more
8/22/2016
/ Blue Cross ,
Blue Shield ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Free Identity Theft Protection ,
Hackers ,
Health Insurance ,
Healthcare ,
Personally Identifiable Information ,
PHI
We continue to warn health care organizations about the real and serious risks associated with ransomware and malware, but organizations don’t prepare for it adequately and are getting hit hard.
Just this past week,...more
8/22/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
PHI ,
Popular ,
Ransomware
On August 16, 2016, the Federal Trade Commission (FTC) approved the final order resolving its privacy complaints against Practice Fusion. The complaint alleged that Practice Fusion “misled consumers by soliciting reviews for...more
Phoenix, Arizona, based Banner Health (Banner), reportedly one of the largest health care organizations in the country, began notifying up to 3.7 million patients this week of a data breach of its computer systems that...more
8/8/2016
/ Banner Health System ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Point of Sale Terminals
Back in November 2015, Chief Administrative Law Judge (ALJ) D. Michael Chappell ruled that the Federal Trade Commission (FTC) failed to show that LabMD, Inc.’s (LabMD) data security practices caused harm to consumers stemming...more
8/8/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
LabMD ,
PHI ,
Reversal ,
Section 5 ,
Unfair or Deceptive Trade Practices
Athens Orthopedic Clinic in Georgia reported on July 25, 2016, that a hacker gained access to its electronic medical record system at the end of June using the log-in credentials of a third-party vendor....more
StarCare Specialty Health System, located in Lubbock, Texas, is notifying 2,900 patients “who received Intellectual Developmental Disabilities program services, Behavioral Health program services, and Therapeutic Treatment...more
The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach. This most recent settlement of fines and penalties and a Resolution Agreement is with the University of...more