Compliance January 27, 2021 Blackbaud Ransomware Attack Leads to Rady Children’s Hospital Class Action Lawsuit In May 2020, the cloud software group Blackbaud was targeted and attacked with ransomware. As is typical in human managed ransomware attacks, data was stolen ... Read more
Trends & Reports January 15, 2021 More Stringent Application of HIPAA Right of Access Rules by OCR Results in $200,000 Penalty There is further evidence of the increasingly stringent application of the HIPAA Right of Access Rules by the HHS’ Office for Civil Rights (OCR) on ... Read more
Compliance January 13, 2021 Ransomware Attack Impacts Lake Region Healthcare On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The ... Read more
Compliance January 2, 2021 Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in ... Read more
Trends & Reports December 21, 2020 OCR Confirms HIPAA Rules on Disclosures of PHI to Health Information Exchanges The Department of Health and Human Services’ Office for Civil Rights has published guidance on the Health Insurance Portability and Accountability Act (HIPAA) Rules related ... Read more
Security Breaches December 21, 2020 SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation ... Read more
Compliance December 19, 2020 Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers Three critical vulnerabilities have been found in Medtronic MyCareLink (MCL) Smart Patient Readers, which could be exploited by threat actors to gain access to protected ... Read more
Tools & Practices December 16, 2020 Bill Passed by House Calling for HHS to Recognize Implementation of Cybersecurity Best Practices The House Energy and Commerce Committee has passed a new bill (HR 7898) which seeks to amend the HITECH Act to require the Department of ... Read more
Security Breaches December 14, 2020 Meharry Medical College & MEDNAX Services Email Account Breaches Reported Meharry Medical College located in Nashville, TN, has revealed that an email account breach may have lead to in the illegal access of the protected ... Read more
Compliance November 22, 2020 University of Cincinnati Medical Center HIPAA Right of Access Failure Results in $65,000 Fine The 18th HIPAA financial penalty of 2020, the 12th fine under its HIPAA Right of Access enforcement initiative, has been revealed by HHS’ Office for ... Read more
Compliance November 17, 2020 U.S. Data Breach Impacts 829,454 Luxottica Patients The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of ... Read more
Security Breaches October 29, 2020 Three Data Breaches Result in $1m HIPAA Penalty for Aetna Aetna Life Insurance Company and the affiliated covered entity (Aetna) have settled a HIPAA compliance violation case with the Department of Health and Human Services’ ... Read more
Trends & Reports October 20, 2020 OCR HIPAA Right of Access Initiative Results in 9th Financial Penalty The HHS’ Office for Civil Rights (OCR) is maintaining the pace in its crackdown on healthcare groups that are 1005 adhering to the HIPAA right ... Read more
Compliance October 16, 2020 Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty Tennessee-based Community Health Systems and subsidiary CHSPCS LLC have settled a multiple-state action with 28 state attorneys general for $5 million. A joint investigation was ... Read more
Security Breaches October 12, 2020 Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals on behalf of victims of ... Read more
Security Breaches October 9, 2020 Clinical Trial Software Provider Hit with Ransomware Attack eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many ... Read more
Security Breaches September 26, 2020 Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate The Tennessee-based management company CHSPSC LLC, a supplier of services to a range of different subsidiary hospital operator companies and other affiliates of Community Health ... Read more
Compliance September 21, 2020 7,777 Patients Impacted by Starling Physicians Email Breach Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an ... Read more
Compliance September 16, 2020 Five OCR HIPAA Fines for HIPAA Right of Access Failures The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after ... Read more
Tools & Practices September 12, 2020 Updated Security Risk Assessment Tool Released by HHS An updated version the Department of Health and Human Services’ Office for Civil Rights (OCR) Security Risk Assessment (SRA) Tool has now been released. The ... Read more
Tools & Practices August 20, 2020 Citrix Endpoint Management/XenMobile Server Patches Released Patches have been released to address two critical vulnerabilities in Citrix Endpoint Management (CEM) / XenMobile Server. The flaws could be exploited by an unauthenticated ... Read more
Compliance August 18, 2020 Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The ... Read more
Compliance August 10, 2020 Phishing Attack Hits Children’s Hospital in Colorado Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was ... Read more
Security Breaches July 24, 2020 Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out ... Read more
Compliance July 14, 2020 Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that ... Read more
Cyber Threats June 30, 2020 Philips Ultrasound Systems Vulnerability Discovered An authentication bypass vulnerability affecting Philips Ultrasound Systems that could targeted by a hacker to view or modify data has been discovered. The flaw is ... Read more
Security Breaches June 27, 2020 Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack The United States Attorney’s Office of the Western District of Pennsylvania has released a statement that confirms a suspect has been arrested and charged in ... Read more
Compliance June 15, 2020 Another Phishing Attack Impacts University of Utah Health University of Utah Health has been impacted by a new phishing attack, with the most recent attack leading to the exposure of the protected health ... Read more
Compliance June 7, 2020 Illegal Disposal of Patient Records Discovered by St Joseph Health System St Joseph Health System in North Central Indiana is contacting clients to inform them that a portion of protected health information has been breached and ... Read more
Compliance May 30, 2020 BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack BJC Healthcare has released that statement that revealed that three of its staff email accounts have been accessed by an unauthorized actor as a result ... Read more
