411,000 Patients’ PHI Exposed Due to Specialty Networks Data Breach

Specialty Networks, Inc. based in Chattanooga, TN recently reported a data breach impacting the protected health information (PHI) of 411,037 present and former patients. Specialty Networks provides healthcare facilities with radiology information systems and business management solutions. The company specializes in Picture Archiving and Communication Systems (PACS), a medical imaging technology that facilitates medical image … Read more

Advanced Computer Software Group to Pay £6M Penalty Over Ransomware Attack

Advanced Computer Software Group, an IT and software services company in England, is facing a £6.09 million ($7.74 million) financial penalty because of a ransomware attack in August 2022 that caused problems to healthcare and social care organizations in the United Kingdom. The Information Commissioners Office (ICO), the UK’s data watchdog, looked into the attack … Read more

RansomHub’s Cyberattack on Rite Aid

Rite Aid, the third biggest pharmacy company based in Philadelphia with over 2,000 U.S. stores, reported a cyberattack in June that potentially compromised customer’s protected health information (PHI). The breach investigation and incident response by third-party cybersecurity experts are almost completed. All breached systems were recovered and are 100% operational. The analysis of the compromised … Read more

Qilin Ransomware Group Behind the Synnovis Cyberattack

The Qilin ransomware group responsible for an attack that has upset healthcare services throughout London has added Synnovis, a pathology services provider for NHS hospitals, to its darknet leak site. The ransomware attack at the beginning of June on Synnovis resulted in major interferences to services, particularly blood testing. This latest action of Qilin suggests … Read more

Provider Groups Wants OCE to Clarify Change Healthcare’s Breach Reporting Requirements

Over 100 provider groups, including the American Health Information Management Association (AHIMA), College of Healthcare Information Management Executives (CHIME), and American Medical Association (AMA), wrote to HHS Secretary Xavier Becerra and OCR Director Melanie Fontes Rainer to clarify the requirements of HIPAA breach reporting about the Change Healthcare ransomware attack and the way those requirements … Read more

Cyberattacks Reported by Winter Haven Hospital, Prudential Insurance Company of America and West Idaho Orthopedics and Sports Medicine

Winter Haven Hospital Patients’ Data Impermissibly Disclosed BayCare’s Winter Haven Hospital based in Florida is notifying patients concerning an email incident that impermissibly disclosed patient information. On March 15, 2024, a worker made an error while sending forms to a patient by attaching a cardiac rehabilitation department file by mistake to the email that included … Read more

PHI Compromised Due to Data Breaches at OrthoConnecticut, Empath Health and Bridgeway Center

OrthoConnecticut Data Breach OrthoConnecticut has announced that the protected health information (PHI) of about 118,000 patients was exposed in an attack. OrthoConnecticut is a multi-specialty orthopedic company located in Danbury, CT that has 9 centers in the area. It recently discovered unauthorized access to its system and upon inquiry by the forensic group, the unauthorized … Read more

Data Breaches at Bay Oral, Livanova and Santa Rosa Behavioral Healthcare Hospital

13,000 Patients Affected by the Wisconsin Dental Surgery Center Email Breach Bay Oral Surgery & Implant Center (Bay Oral), a network of oral & maxillofacial dental surgery centers established in the Green Bay, Niagara and Marinette communities in Wisconsin, recently sent a data breach report to the HHS’ Office for Civil Rights (OCR) indicating that … Read more

Cyberattacks Reported by Valley Mountain Regional Center, Village Family Dental, and Blackstone Valley Community Health

Valley Mountain Regional Center Data Breach On April 19, 2024, Valley Mountain Regional Center based in California reported a data security breach discovered on August 1, 2023. Strange activity was observed inside its system and quick steps were undertaken to protect its systems. The forensic investigation affirmed that unauthorized individuals got access to its system … Read more

Mental Health Organization Cerebral Pays $7.1 Million for Consumer Privacy Violations

The Federal Trade Commission (FTC) has issued a $7.1 million penalty to the mental health startup company Cerebral for consumer privacy violations and deceitful trading tactics. The $7.1 million financial fine settles claims that the mental health telehealth firm and its ex-CEO, Kyle Robertson, committed violations of the privacy of consumers by impermissibly sharing their … Read more

Data Breaches Reported by Ezras Choilim Health Center, Maxillofacial & Implant Surgery, and Battle Mountain General Hospital

About 60,000 People Impacted by the Ezras Choilim Health Center Cyberattack Ezras Choilim Health Center based in Monroe, NY recently submitted a breach report to the HHS’ Office for Civil Rights indicating that 59,861 individuals’ protected health information (PHI) were affected. The strange activity was noticed inside its system on September 18, 2023. The forensic … Read more

Data Breaches Reported by Aveanna Healthcare, RxBenefits, and City of Hope

Aveanna Healthcare Encounters a Breach of Email Account Home health and hospice care provider, Aveanna Healthcare located in Atlanta, GA, reported a security breach of its email network and a compromise of the information of 65,482 individuals. The healthcare provider discovered suspicious activity in a worker’s email account on September 22, 2023. The email account … Read more

White House and Healthcare Community Meeting About Changes to Healthcare Ransomware Attack Mitigations

On March 12, officials and leaders from the White House, UnitedHealth Group, Department of Health and Human Services, and other industry groups got together to discuss the impact of a cyberattack on UnitedHealth Group’s Change Healthcare. This cyberattack caused problems for healthcare services for the last three weeks. They also discussed ways to help patients … Read more

Guidance Updates for HIPAA-Governed Entities Using Online Tracking Technologies

The Department of Health and Human Services’ Office for Civil Rights (OCR) has published upgraded guidance for organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) regarding online tracking technologies. The current guidance is meant to give increased understanding for HIPAA-governed entities on using these technologies. OCR has revised its position on the … Read more

NSA Issues Guidance on Using Zero Trust Security and New CISA, NSA Cloud Security Guides

New Guidance on Using Zero Trust to Control Lateral Movement The National Security Agency (NSA) has given guidance on using zero trust security to control lateral movement inside a network in case a threat actor breaks into the firm’s defenses. It was noticed numerous times in the previous year that threat actors have obtained first … Read more

Data breach Reports by NewGen Administrative Services, Orthopedic Associates of Flower Mound, and Eastern Radiologists, Inc.

177,000 Patients Affected by Northeast Orthopedics and Sports Medicine Breach Northeast Orthopedics and Sports Medicine based in Nanuet, NY recently reported a cyberattack that impacted 177,276 people and compromised the protected health information (PHI) of 177,101 individuals. Abnormal activity was found in its system on November 22, 2023. The investigation by third-party forensics experts confirmed … Read more

Alert on ALPHV/Blackcat Ransomware Group and Cyberattack Reports

Feds Warns Healthcare Sector Regarding ALPHV/Blackcat Ransomware Group A joint cybersecurity notification was released by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the Federal Bureau of Investigation (FBI) about identified Indicators of Compromise (IoCs) and the newest Tactic, Techniques, and Procedures (TTPs) employed by the ALPHV/Blackcat … Read more

Study Reveals ConnectWise ScreenConnect Vulnerabilities Exploitation and Risks of Second Attack on Victims That Pay Ransoms

Vulnerabilities discovered in the remote desktop program ConnectWise ScreenConnect are being taken advantage of to have an assortment of various malicious payloads into company environments. ConnectWise first announced the vulnerabilities on February 13, 2024. Then, attacks aimed at the vulnerabilities began one day after the launch of patches. One vulnerability, CVE-2024-1709, is an authentication bypass … Read more

Reported Data Breaches by Prime Healthcare, American Vision Partners, Colorado Department of Health Care Policy & Financing, and Lexington Medical Center

2.35M Individuals Impacted by American Vision Partners Breach Medical Management Resource Group, LLC (MMRG), also known as American Vision Partners, has affirmed in a breach notification letter sent to the HHS’ Office for Civil Rights that the protected health information (PHI) of 2,350,236 persons was exposed in a hacking incident. MMRG discovered unauthorized activity in … Read more

Quest Diagnostics and Connexin Software to Settle Their Lawsuits

California Attorney General Rob Bonta has declared that a $5 million settlement with Quest Diagnostics has been reached to fix allegations that it is unlawfully dumping hazardous and medical waste materials and disposed of the unredacted personal health information of patients in typical trash dumps. An investigation of the business protocols of Quest Diagnostics was … Read more

Data Breach Reports by Prestige Care, Harvard Pilgrim Health Care, and Coleman Professional Services

Ransomware Attack at Prestige Care Senior care organization Prestige Care, Inc. located in Vancouver, WA recently informed 38,087 individuals about the potential access or theft of some of their personal data and protected health information (PHI) in a ransomware attack that occurred on September 2023. The attack was discovered on September 7, 2023, and the … Read more

Merck, Capital Health and U.S. Hospitlas Targeted by Cyberatttacks

Hospital IT Help Desks Attacked in Advanced Payment Fraud Scam American Hospital Association (AHA) reports that cybercriminals are targeting U.S. hospitals in a sophisticated payment fraud scam. The AHA has obtained several reports of scammers calling hospital IT departments to carry out password resets and register new devices to get multifactor authentication (MFA) codes. When … Read more

Cyberattacks Impact ConsensioHealth, Southeastern Orthopaedic Specialists, Sharp Health Plan and Rebekah Children’s Services

61,000 ConsensioHealth Patients Affected by Ransomware Attack Medical billing service, ConsensioHealth, based in Wisconsin recently informed 60,871 persons regarding a ransomware attack in July 2023. The attack was detected on July 3, 2023, when employees could not access files on its system. Steps were quickly undertaken to stop the unauthorized access. Third-party cybersecurity professionals helped … Read more

2023 Ransomware Attacks on 141 Hospitals including Parathon by JDA eHealth Systems

Parathon by JDA eHealth Systems Reports a Cyberattack A revenue cycle management firm, Parathon by JDA eHealth Systems located in Naperville, Illinois, recently sent a notification to the state attorneys general that it encountered a cyberattack last July 27, 2023. In December 22, 2023, it notified the Montana Attorney General that unauthorized persons got access … Read more

Integris Health and Corewell Health Business Associate Experience a Cyberattack

Threat Actors Contact Integris Health Patients After Cyberattack Integris Health, the biggest not-for-profit health system owned by Oklahoma, has reported the compromise of its internal systems in a cyberattack. The unauthorized third party acquired patient information during the attack. Integris Health manages 15 hospitals in the state and some specialty clinics, centers of excellence, and … Read more

Healthcare Data Breaches at Cardiothoracic and Vascular Surgeons, Health Diagnostic Management, Erie Family Health Centers, and BlueCross BlueShield of Tennesse

The following companies have reported data breaches in December 2023: Cardiothoracic and Vascular Surgeons, Erie Family Health Centers, ZOLL Medical Corporation, Health Diagnostic Management, Rush System for Health, and BlueCross BlueShield of Tennesse. Cyberattack on Cardiothoracic and Vascular Surgeons Cardiothoracic and Vascular Surgeons based in Texas learned on October 13, 2023 that an unauthorized individual … Read more

Data Breach Settlement Proposal by Horizon Actuarial Services and MedStar Mobile Health

Horizon Actuarial Services Offers to Pay $8.73M for Settlement of Class Action Data Breach Lawsuit Horizon Actuarial Services has offered to pay $8.73 million to resolve all claims associated with a 2022 hacking incident and data breach that impacted 227,953 people. A cyber actor contacted Horizon Actuarial Services in November 2022 claiming the theft of … Read more

Cyberattacks on Westside Community Services, Wyoming County Community Health System, and More Providers Affected by the MOVEit Hack

Cyberattack on Wyoming County Community Health System Wyoming County Community Health System based in Warsaw, NY, has encountered a cybersecurity attack that has resulted in network disruption. The security breach was discovered on March 28, 2023, and the following forensic investigation confirmed that files were compromised on that date and might have been accessed or … Read more

Data Breaches Reported by Warren General Hospital, Southwest Behavioral Health Center, and Other Healthcare Providers

169,000 Warren General Hospital Patients Affected by Data Breach On November 9, 2023, Warren General Hospital (WGH) based in Warren, PA, reported encountering a cyberattack that possibly impacted the sensitive data of present and previous patients and workers. WGH detected suspicious activity in its system on September 24, 2023. Third-party cybersecurity specialists helped WGH confirm … Read more

Stricter Cybersecurity Rules Recommended for New York Hospitals

New York has recommended more restrictive cybersecurity rules for hospitals all over New York State because of a sequence of debilitating attacks that have prompted disruption to medical services, slowdowns to patient care, and placed patient safety in danger. Governor Kathy Hochul declared the suggested measures, which are anticipated to be launched in the State … Read more

More Malicious Actors are Attacking Cloud Services in Healthcare Sector

Advanced cyberattacks on cloud services frequently make headline news, however, these attacks are not a lot. Most cyberattacks on cloud environments are carried out utilizing recognized threat actor attack tactics including making use of stolen credentials and taking advantage of security weaknesses like misconfigurations. Therefore, the best protection against cloud attacks is to give attention … Read more

Healthcare Data Breach Reported by Mulkay, BHS Physicians Network, Life Generations Healthcare, Cadence Bank and AlohaCare

Mulkay Cardiology Consultants at Holy Name Medical Center reported that it encountered a ransomware attack that was discovered on September 5, 2023 after noticing the encryption of files on its network. Mulkay mentioned on its breach notice that it had rebuilt its systems and restored the encrypted files using its backups. Third-party forensics experts investigated … Read more

Hospital Sisters Health System Cyberattack and 12 Million Medical Laboratory Records Exposed Online

A cyberattack that happened at the end of August impacted Hospital Sisters Health System (HSHS) located in Springfield, IL, and Prevea Health located in Green Bay, WI resulting in an outage on August 27, 2023. The computer systems, telephone lines, and websites of the hospitals were impacted. The outage continued for a number of days … Read more

Reports of Cyberattack by Cook County Health, AIDS Alabama, Ortho Alaska and Bluegrass Care Navigators

Cook County Health Patients Impacted by a Cyberattack on a Medical Transcription Company Business associates, Perry Johnson & Associates, Inc., (PJ&A) informed Cook County Health, which manages Provident Hospital and John H. Stroger, Jr. Hospital in Chicago, IL, about the potential compromise of its patient data in a cyberattack. PJ&A as a medical transcription services … Read more

Data Breaches on Aretis Health, Physio Logic, OrthoAlaska, and Colorado Department of Health Care Policy & Financing

The Clop group mass exploited a zero-day vulnerability present in the MOVEit Transfer file transfer software more than 5 months ago. Until now, attack victims continue to come to light. Billing services provider, Aretis Health LLC, to NorthStar Anesthesia, offers anesthesia and pain management solutions to entities throughout America. Aretis Health reported the hacking of … Read more

Increasing Healthcare Industry Advanced Email Attacks and Increasing Insider Security Threat Costs

The healthcare sector has noticed a distinct rise in advanced email attacks this 2023, based on new information from Abnormal Security. From January to August 2023, there was a 167% increase in advanced email attacks from 2022 levels and 279%. increase in business email compromise (BEC) attacks. Cybercriminals like targeting healthcare companies as they keep … Read more

PurFoods, IBM and Johnson & Johnson Health Care Systems Faces Lawsuit Over Data Breaches

PurFoods Faces Lawsuit Due to 1.2 Million-Record Mom’s Meal Data Breach PurFoods LLC is facing a lawsuit due to a cyberattack that compromised the protected health information (PHI) and personally identifiable information (PII) of 1,237,681 persons who received services from Mom’s Meals, its subsidiary. Mom’s Meals is PurFoods’ channel to provide a food delivery service … Read more

Data Breaches Reported by PharMerica, MedMinder Systems, Absolute Dental Services and SouthCoast Medical Group

PharMerica Cyberattack Impacts 219,700 Patients The pharmaceutical and infusion product company Amerita based in Kansas recently informed 219,707 people whose protected health information (PHI) was compromised in a cyberattack involving the computer system of Amerita and its parent corporation, PharMerica. Based on the breach notification letters, the company detected suspicious activity in its computer network … Read more

Medtronic, Edward-Elmhurst Health and UnitedHealthcare Services Lawsuits

The medical device company Medtronic based in Minneapolis, MN & the Illinois health system Edward-Elmhurst Health are facing class action lawsuits because of using website tracking technologies, which transmitted sensitive customer information to third parties like Meta and Google. Medtronic MiniMed and MiniMed Distribution Corp Lawsuit Medtronic MiniMed Inc. and MiniMed Distribution Corp (Medtronic) are … Read more

Warning Letters Issued Jointly by OCR and FTC Concerning Online Tracking Technology

The Federal Trade Commission (FTC) and the Department of Health and Human Services’ Office for Civil Rights (OCR) have sent letters to hospital systems and telehealth companies in July 2023 informing them about the privacy risks connected with website tracking technologies like Google Analytics and Meta Pixel. The extensive usage of these tools on hospital … Read more

The Digital Health Security Project and Accelerated Ransomware Attacks

Digital Health Security Initiative Introduced by the HHS The U.S. Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) has reported the release of the Digital Health Security (DIGIHEALS) project, which wishes to enhance the electronic infrastructure of the healthcare sector in the U.S. ARPA-H is a financing bureau that was … Read more

MOVEit Transfer Hacking Incident Victims and Data Breaches at Redwood Coast Regional Center and Cummins Behavioral Health

Email Encryption Malfunction Compromised Redwood Coast Regional Center Client Data Redwood Coast Regional Center (RCRC), a company offering services to people with developmental handicaps located in Del Norte, Humboldt, Lake, and Mendocino Counties in California, has notified 1,345 people concerning the compromise of some of their information. On June 14, the mail server encryption software … Read more

Reported Data Breaches in Vanderbilt University Medical Center, Tift Regional Medical Center, and City of Dallas

OCR Investigates Vanderbilt University Medical Center Over Disclosure of Transgender Patients’ Health Data The Department of Health and Human Services’ Office for Civil Rights (OCR) is investigating Vanderbilt University Medical Center for the exposure of transgender patients’ health data to Tennessee Attorney General, Jonathan Skrmetti. VUMC furnished the health data of transgender patients to AG … Read more

Cyberattacks Impact Allegheny County, Sutter Senior Care, Maximus Inc. and Prospect Medical Holdings

Sutter Senior Care and Allegheny County Have Data Exposed in the Hacking of MOVEit Transfer Allegheny County located in Pennsylvania has lately reported the compromise of the protected health information (PHI) of up to 689,686 persons in a hacking incident by the Clop threat group in May 2023. Allegheny County received notification concerning the attack … Read more

Legislators Criticize HHS About the Proposed Changes on Reproductive Health Care HIPAA Privacy Rule

Legislators and state Attorneys General wrote to the U.S. Department of Health and Human Services Secretary, Xavier Becerra, criticizing the proposed change to the HIPAA Privacy Rule that wants to better reproductive health information privacy. Legislators Criticize HIPAA Privacy Rule Change for Not Doing Much to Protect Patient Privacy As a reaction to the proposed … Read more

Recent PHI Disclosure Incidents Reported by HCA Healthcare, South Suburban Surgical Suites, edgeMED Healthcare, and Limbach Facility Services

Cyberattack Impacts 11 Million+ HCA Healthcare Patients HCA Healthcare based in Nashville, TN, the biggest health system in America with over 180 hospitals and 2,300 healthcare facilities, reported the theft of protected health information (PHI) of patients by an unauthorized individual. Although there’s no confirmation yet of the total number of impacted persons, the breach … Read more

Data Breaches Reported by Activate Healthcare, Community Research Foundation, Henrietta Johnson Medical Center and The Williamsport Home

Activate Healthcare Announces Security Breach with About 93,761 Patients Affected The healthcare company, Activate Healthcare, LLC, based in Illinois lately announced that it encountered a security breach that led to the stealing of patient records. It detected suspicious activity inside its IT systems on April 27, 2023. A following forensic investigation affirmed the unauthorized access … Read more

Data Breaches Results in Great Valley Cardiology Facing a Lawsuit and iHealth Solutions Paying $75,000 in Penalties

Great Valley Cardiology Sued over 181,000-Record Data Breach Great Valley Cardiology (GVC), a Commonwealth Health cardiology group, is facing a lawsuit in relation to a recently reported security breach wherein hackers acquired access to the computer network of GVC and the protected health information (PHI) of 181,764 people. GVC discovered the data breach on April … Read more

Trinity Health Class Action Lawsuit, Russian LockBit Affiliate Arrested and Kaiser Permanente Mailing Error

21,000-Record Data Breach Prompts Trinity Health Class Action Lawsuit The U.S. District Court for the Southern District of Iowa filed a class action lawsuit against Trinity Health, Mercy Medical Center – Clinton, and Mercy Health Network in relation to a cyberattack and data breach that impacted 21,000 individuals. Trinity Health based in Livonia, MI manages … Read more

Reports on the Onix Group, Daixin Team and Clop Ransomware Attacks

320,000 Patients Impacted by Onix Group Ransomware Attack The business administration service provider in Pennsylvania, Onix Group, encountered a ransomware attack on March 27, 2023. Upon detection of the incident, Onix Group immediately took its network offline to stop continuing unauthorized access; nevertheless, the attackers could encrypt files on particular systems. The forensic investigation affirmed … Read more

Florida Bans Offshore Storage of Electronic Health Records and Texas Data Privacy and Security Act Approval

Last May 2023, the Florida Legislature approved a change to the Florida Electronic Health Records Exchange Act. Healthcare companies using certified health record technologies are now forbidden to store electronic health records if not within the United States, its regions, or Canada. The restriction likewise covers patient data saved via a third-party or subcontracted computing … Read more

Doctor Penalized for Privacy Violations After Disclosing an Abortion Procedure on a 10-Year-Old Rape Victim

The Medical Licensing Board of Indiana has penalized obstetrician-gynecologist, Dr. Caitlin Bernard, based in Indianapolis, IN with $3,000 and issued a letter of reprimand for her violation of HIPAA and state privacy regulation after telling the media that she provided a 10-year-old rape victim with an abortion on July 1, 2022. In just hours after … Read more

Penalties Paid by HIPAA-Covered Entities to Resolve State Laws and HIPAA Violations

Premom App Creator Pays $200,000 for Impermissible Disclosure of Users’ Health Data The Premom Ovulation Tracker app creator and distributor, Easy Healthcare, has decided to resolve an FTC complaint concerning violations of the Health Breach Notification Rule and FTC Act. According to the complaint, the company disclosed app users’ health information to third parties with … Read more

Data Breaches at PharMerica, R&B Corporation of Virginia, ASAS Health and Methodist Family Health

More or Less 6 Million People Impacted by PharMerica Data Breach In April 2023, there was an announcement by the Money Message ransomware group that it had accessed the systems of PharMerica and BrightSpring Health Services, then put the two on its data leak website. The group stated that it had exfiltrated databases that contain … Read more

Data Breaches Reported by Brightline, University Urology, McPherson Hospital and Catholic Health

Brightline Reports Approximately 964,300 Individuals Impacted by Fortra GoAnywhere Hack Brightline, a company offering virtual behavioral and mental services to households, has reported being affected by the cyberattack on Fortra’s GoAnywhere MFT file transfer solution. The attackers exploited a zero-day vulnerability targeting 130 companies during a 10-day period beginning on January 18, 2023. Although the … Read more

PHI Potentially Compromised at United Healthcare, Ethan Health, McLaren Greater Lansing and 4 More Healthcare Providers

Credential Stuffing Attack Exposed United HealthCare Member Information United HealthCare (UHC) has begun informing a number of members about the potential disclosure of some of their protected health information (PHI) to unauthorized persons due to credential stuffing attacks carried out on the UHC mobile app. In credential stuffing attacks, the username and password combinations acquired … Read more

More Healthcare Sector Malware and Ransomware Threats and New Guidance about FERPA and Student Health Records

Ransomware actors continually attack the U.S. healthcare industry, cybercriminals are more and more using malware for data theft and providing persistent access to healthcare sites. Red teams are using legitimate penetration tools to cover up their malicious activity amongst real use of these tools. These are a few of the results of Blackberry’s latest Global … Read more

HHS’ New Resources and Cybersecurity Training Program and Ongoing Challenges in Healthcare Cybersecurity

The Department of Health and Human Services’ Cybersecurity Task Force has released new resources to assist healthcare and public health (HPH) sector fight the increasing number of cyberattacks on the sector and enhance their cybersecurity posture. There is a new online educational platform with free cybersecurity training that HPH organizations can use to increase the … Read more

DNS NXDOMAIN DDoS Attacks and Recent Data Breaches on the Healthcare Sector

DNS NXDOMAIN DDoS Attacks on the Healthcare Sector The Health Sector Cybersecurity Coordination Center (HC3) released  an advisory concerning a threat actor that is performing targeted distributed denial of service (DDoS) attacks on the  healthcare industry in the U.S. The attacks entail sending to networks and servers a flood of fake Domain Name Server (DNS) requests for … Read more

What are the Seven Elements of a Compliance Program?

The purpose of a compliance program is to help organizations in an industry create a culture of compliance in their workplace. A compliance program has seven elements or integrated processes. If applied properly, the seven elements can be useful for simplifying operational procedures, optimizing organizational performance, and reducing total expenditures. Although any industry can use … Read more

Roundup of Recent Cyberattack and Data Breaches

37,000 Health Plan Members Affected by SundaySky Cyberattack SundaySky based in New York provides businesses with software solutions for producing marketing videos. It recently reported that unauthorized persons acquired access to the servers in its cloud storage and possibly stole customer information. SundaySky detected unauthorized access on January 8, 2023, and had the forensic investigation … Read more

Six Healthcare Providers Report Data Breach

Trinity Health based in Livonia, MI has reported that an unauthorized person acquired access to the email account of an employee and possibly viewed or obtained patient data. The provider detected suspicious account activity in the email on January 5, 2023. The investigation revealed that unauthorized email account access happened from December 16, 2022 to … Read more

Data Breaches Reported by DC Health Link, Community Health Systems, Codman Square Health Center, and Greater Dayton Community Health Center

DC Health Link Data Breach and Theft of PII of Lawmakers and Capitol Hill Staff A cyberattack on the medical insurance marketplace, DC Health Link, resulted in the theft of the personal data of lawmakers and staffers. DC Health Link provides services to about 100,000 individuals, which include 11,000 members and staffers of Congress. The … Read more

Lawsuits Filed Against Four Californian Medical Groups and Preferred Home Care Resolves Lawsuit

Four Californian Medical Groups Face Lawsuits for Data Breach Impacting 3.3 Million Individuals Four Californian medical groups were charged in a class action lawsuit alleging a failure to carry out acceptable and proper cybersecurity procedures, which results in a cyberattack and data breach affecting the personal data and protected health information (PHI) of 3,300,638 present … Read more

Settlement by Advent Health Partners and Lawsuits Against Louisiana Health Systems, UHC and Ripta

Advent Health Partners Offers $500,000 Settlement for Class Action Data Breach Lawsuit The health system, Advent Health Partners, based in Nashville, TN has offered to pay $500,000 to settle claims associated with a September 2021 data breach affecting the protected health information (PHI) of 61,072 patients. Advent Health Partners discovered the email account breach at … Read more

Reminder on Deadline for Reporting Small Data Breaches and Maximizing Threat Intelligence

The last day for reporting healthcare data breaches of less than 500 records is upcoming. HIPAA-covered entities should make sure to report these data breaches to the HHS’ Office for Civil Rights (OCR) on or before March 1, 2023. Not reporting data breaches on time violates the HIPAA rule and may be penalized. Under the … Read more

Cyberattacks on Highmark Health, Cardiovascular Associates, Aspire Surgical and Tallahassee Memorial HealthCare

300,000 Patients Affected by Highmark Health Phishing Attack Highmark Health based in Pittsburg, PA is the second biggest integrated delivery and financing system provider in America. Recently, it reported a phishing attack that affected one of its employee’s email accounts. After the employee clicked the URL in the phishing email and disclosed some credentials, an … Read more

Ransomware Attacks on Six Healthcare Services Providers Including Lutheran Social Services of Illinois

Lutheran Social Services of Illinois located in Des Plaines, IL is one of the state’s biggest social services providers. It has reported the breach of its systems using ransomware for file encryption. The provider discovered the cyberattack on January 27, 2022, and took systems offline to control the ransomware attack. Third-party cybersecurity experts are investigating … Read more

RMM Software Used in Callback Phishing Attacks

More cybercriminals are utilizing legit remote monitoring and management (RMM) software in their attacks, as per a new joint notification from the National Security Agency (NSA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA). The campaign was earliest discovered in October 2022 and consists of callback phishing. … Read more

Home Care Providers of Texas Report 124K-Record Data Breach

The home help service provider known as Home Care Providers of Texas (HCPT) based in Dallas, TX recently reported that unauthorized persons acquired access to its system and encrypted files using ransomware. The company detected the security breach on June 29, 2022, when staff members could not access patient files. Top-rated third-party cybersecurity professionals investigated … Read more

Conditions for Using E-Signatures Under HIPAA Rules

Using digital signatures in the medical sector has enhanced the effectiveness of a lot of procedures. But do the HIPAA rules allow e-signatures? The quick answer is “yes”, but only if the systems are set up to make sure the legality and protection of the document, contract, authorization, or agreement, and the integrity of PHI … Read more

Privacy Breaches Reported by Blue Shield of California, Medstar Mobile Healthcare, Pediatrics West & Allergy West, and Louis A. Johnson VA Medical Center

A review of data breaches that were reported to the HHS’ Office for Civil Rights and state attorneys general. Blue Shield of California Blue Shield of California has begun informing a number of health plan members concerning a privacy breach by one of its workers. The staff member sent a spreadsheet that contain plan members’ … Read more

Attacking of Critical Citrix ADC and Gateway Vulnerability on Healthcare Providers

Citrix Application Delivery Controller (ADC) and Citrix Gateway users are instructed to look at and be sure that their systems aren’t at risk of a critical unauthenticated remote code execution vulnerability that a remarkably capable Chinese advanced persistent threat (APT) actor and other state-sponsored hacking groups are actively exploiting. Citrix ADC is a detailed application … Read more

North Shore Pain Management and Sturdy Memorial Hospital Resolve Data Breach Lawsuits

Two healthcare companies located in Massachusetts have opted to resolve their class action lawsuits that patients filed because of the theft of protected health information (PHI) in cyberattacks. Sturdy Memorial Hospital Sturdy Memorial Hospital based in Attleboro, MA, has decided to resolve a lawsuit submitted because of a ransomware attack in September 2021. The attackers … Read more

Data Breaches at Veterans Affairs, Urology of Greater Atlanta, and Salud Family Health

Impermissible Disclosure of COVID-19 Vaccination Information of 500,000 VA Employees The COVID-19 vaccination information of roughly 500,000 employees of the Department of Veterans Affairs was impermissibly disclosed. As per the VA, a spreadsheet that contains the names of employees and their vaccination information was put on SharePoint without setting proper access permissions. All VHA VISN … Read more

Data Exposed Due to Security Breaches at Tridas Group LLC and South Walton Fire District

A database that contains the personally identifiable information (PII) of over 16,000 kids was exposed online and may be viewed with no password or any other type of authentication. Security researcher Jeremiah Fowler and the Website Planet team found the database and traced it to Tridas Group LLC. The group is the creator of Tridas … Read more

HPH Sector Informed About Lorenz Ransomware Group

The healthcare and public health sector (HPH) is informed regarding the danger of ransomware attacks conducted by the Lorenz threat group, which has executed a few attacks in America over the past two years, without any hint that attacks are decreasing. Lorenz ransomware is operated by a man and is implemented after the threat actors … Read more

CISA Recommends the Decision Tree Methodology for Evaluating and Remediating Software Vulnerabilities

CISA has released a decision tree methodology that healthcare companies can adopt to help them create a competent and efficient vulnerability management program. Why is an Effective Patch Management Program Important? With regard to vulnerability management, the rule of thumb is to patch immediately. As soon as software updates and patches are available, they must … Read more

Advocate Aurora Health and WakeMed Face Lawsuits Because of Meta Pixel Privacy Breaches

Advocate Aurora Health and WakeMed Health and Hospitals are facing two class action lawsuits. Patients who had their protected health information (PHI) impermissibly disclosed to Meta/Facebook due to the usage of the Meta Pixel JavaScript code snippet on the healthcare providers’ websites and web apps filed the lawsuits. According to Advocate Aurora Health, the PHI … Read more

Data Breaches at Michigan Medicine and Delta Dental Of Washington

University of Michigan Health (Michigan Medicine) has just reported the probable exposure of the protected health information (PHI) of roughly 33,850 individuals because of a phishing attack. Michigan Medicine noticed suspicious activity inside its email platform and took steps right away to protect the environment to stop continuing unauthorized access. Michigan Medicine stated the phishing … Read more

WakeMed Reports Meta Pixel-Related Breach Impacting 495,000 People

The health system of WakeMed Health and Hospitals operates several medical facilities in Raleigh, NC. It recently informed approximately 495,000 of its patients about the potential impermissible disclosure of some of their protected health information (PHI) to Meta/Facebook because of adding the Meta Pixel tracking code on its webpage. The health system announced the privacy … Read more

Valle del Sol Community, Legacy Post Acute Care, and Berkshire Farm Center & Services for Youth Health Patients Impacted by Cyberattack

Valle del Sol Community Health based in Phoenix, AZ has informed 70,268 patients about the exposure of some of their protected health information (PHI). Valle de Sol’s notification letters didn’t say when the attackers acquired access to its system or the length of time they got access. However, it confirmed the discovery of the unauthorized … Read more

Doctor Who Gave PHI Access to Pharma Sales Agent Admits Criminal Violations of HIPAA

An ex-doctor working at practices in New York, New Jersey, and Florida has admitted to committing criminal violations of HIPAA for exposing patients’ protected health information (PHI) to a sales agent of a pharmaceutical company, based on the U.S. Attorney’s Office of the District of New Jersey. 65-year-old Frank Alario, residing in Delray Beach, Florida, … Read more

NIH Grant Program Needs Upgraded Cybersecurity Requirements

The National Institutes of Health (NIH) was unable to carry out sufficient cybersecurity measures to secure sensitive information in its pre-award risk evaluation process, based on a recent review performed by the HHS’ Office of Inspector General (OIG). NIH spends over $30 billion annually on medical research for people in the U.S.A., with over 80% … Read more

Physicians Business Office and Reelfoot Family Walk-In Clinic Report Data Breaches

Physicians Business Office (PBO) based in Parkersburg, WV, a company providing medical practice management and administrative services, lately reported a security incident that happened in April 2022. PBO discovered strange activity in its system and took action right away to separate the impacted systems and stop continuing unauthorized access. An independent computer forensics firm helped … Read more

FBI Alerts of Continuing Cybercriminal Campaigns Attacking Healthcare Payment Processors

The Federal Bureau of Investigation (FBI) has given a TLP:WHITE Private Industry Notification cautioning about continuing cybercriminal activities attacking healthcare payment processors that try to reroute victim payments to accounts owned by the hackers. These attacks make use of social engineering techniques to acquire the login information of healthcare payment processors to permit them to … Read more

PHI Exposed at Medical Associates of the Lehigh Valley and TennCare

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) reported that its network lately encountered an advanced ransomware attack. The provider discovered the attack on July 3, 2022, and took quick action to control the attack and stop more unauthorized network access. Third-party forensics experts assisted in the investigation to find out the nature and … Read more

PHI Exposed in Breaches at CorrectHealth, Peter Brasseler, and Gifted Healthcare

CorrectHealth Informs 54,000 Individuals Concerning the Email System Breach in November 2021 CorrectHealth based in Alpharetta, GA is informing patients concerning a compromise of its email system. The data breach was discovered on November 10, 2021. The investigation proved that an unauthorized person accessed a number of staff members’ email accounts. Legal advice for CorrectHealth … Read more

Data Breaches Reported by Northeast Rehabilitation Hospital Network and First Street Family Health

First Street Family Health located in Salida, CO has encountered a harmful cyberattack that resulted in the extraction of files comprising patient data and then wiped out from its systems. It’s now common to have this kind of attack. Information is stolen, erased, and then the attackers issued threats to post or offer the information … Read more

PHI Exposed Due to Cyberattack at Priority Health, Living Innovations, and MultiCare Health System

The health plan provider Priority Health located in Michigan has announced that it was affected by a data breach involving its business associate, the law company Warner Norcross & Judd (WNJ). Steps were quickly undertaken to stop further unauthorized access upon finding suspicious network activity by WNJ on October 22, 2021. A digital forensics organization … Read more

PHI Exposed in Data Breaches at Clinivate, McLaren Port Huron Hospital, and Kaiser Permanente

Californian EHR Vendor Announces Exposure of 77,652 Records Regarding the data breach report submitted to the HHS’ Office for Civil Rights on June 2, 2022, there is an update by Clinivate based in Pasadena, CA, an EHR solutions provider for behavioral health companies and schools. As per a breach notice submitted to the California Attorney … Read more

BJC Healthcare Resolves Data Breach Legal action Due to 2020 Phishing Attack

BJC HealthCare consented to negotiate a class action lawsuit to take care of claims it was unable to sufficiently secure patient information from phishing attacks. On May 5, 2020, the not-for-profit hospital system located in St. Louis announced an email system breach that impacted 287,876 people. The investigation confirmed the breach of three email accounts … Read more

Patient Data Exposed at Phoenixville Hospital, Southwest Health Center, and Family Practice Center

Phoenixville Hospital Dismisses Employee Because of HIPAA Violation Phoenixville Hospital based in Pennsylvania lately dismissed an employee because of accessing the health files of patients with no authorization. As per the hospital operator, Tower Health, unauthorized access was identified while doing a scheduled review of medical record access documents. An employee with no valid work … Read more