Doctor Penalized for Privacy Violations After Disclosing an Abortion Procedure on a 10-Year-Old Rape Victim

The Medical Licensing Board of Indiana has penalized obstetrician-gynecologist, Dr. Caitlin Bernard, based in Indianapolis, IN with $3,000 and issued a letter of reprimand for her violation of HIPAA and state privacy regulation after telling the media that she provided a 10-year-old rape victim with an abortion on July 1, 2022. In just hours after … Read more

Penalties Paid by HIPAA-Covered Entities to Resolve State Laws and HIPAA Violations

Premom App Creator Pays $200,000 for Impermissible Disclosure of Users’ Health Data The Premom Ovulation Tracker app creator and distributor, Easy Healthcare, has decided to resolve an FTC complaint concerning violations of the Health Breach Notification Rule and FTC Act. According to the complaint, the company disclosed app users’ health information to third parties with … Read more

Data Breaches Reported by Brightline, University Urology, McPherson Hospital and Catholic Health

Brightline Reports Approximately 964,300 Individuals Impacted by Fortra GoAnywhere Hack Brightline, a company offering virtual behavioral and mental services to households, has reported being affected by the cyberattack on Fortra’s GoAnywhere MFT file transfer solution. The attackers exploited a zero-day vulnerability targeting 130 companies during a 10-day period beginning on January 18, 2023. Although the … Read more

PHI Potentially Compromised at United Healthcare, Ethan Health, McLaren Greater Lansing and 4 More Healthcare Providers

Credential Stuffing Attack Exposed United HealthCare Member Information United HealthCare (UHC) has begun informing a number of members about the potential disclosure of some of their protected health information (PHI) to unauthorized persons due to credential stuffing attacks carried out on the UHC mobile app. In credential stuffing attacks, the username and password combinations acquired … Read more

More Healthcare Sector Malware and Ransomware Threats and New Guidance about FERPA and Student Health Records

Ransomware actors continually attack the U.S. healthcare industry, cybercriminals are more and more using malware for data theft and providing persistent access to healthcare sites. Red teams are using legitimate penetration tools to cover up their malicious activity amongst real use of these tools. These are a few of the results of Blackberry’s latest Global … Read more

HHS’ New Resources and Cybersecurity Training Program and Ongoing Challenges in Healthcare Cybersecurity

The Department of Health and Human Services’ Cybersecurity Task Force has released new resources to assist healthcare and public health (HPH) sector fight the increasing number of cyberattacks on the sector and enhance their cybersecurity posture. There is a new online educational platform with free cybersecurity training that HPH organizations can use to increase the … Read more

DNS NXDOMAIN DDoS Attacks and Recent Data Breaches on the Healthcare Sector

DNS NXDOMAIN DDoS Attacks on the Healthcare Sector The Health Sector Cybersecurity Coordination Center (HC3) released  an advisory concerning a threat actor that is performing targeted distributed denial of service (DDoS) attacks on the  healthcare industry in the U.S. The attacks entail sending to networks and servers a flood of fake Domain Name Server (DNS) requests for … Read more

What are the Seven Elements of a Compliance Program?

The purpose of a compliance program is to help organizations in an industry create a culture of compliance in their workplace. A compliance program has seven elements or integrated processes. If applied properly, the seven elements can be useful for simplifying operational procedures, optimizing organizational performance, and reducing total expenditures. Although any industry can use … Read more

Roundup of Recent Cyberattack and Data Breaches

37,000 Health Plan Members Affected by SundaySky Cyberattack SundaySky based in New York provides businesses with software solutions for producing marketing videos. It recently reported that unauthorized persons acquired access to the servers in its cloud storage and possibly stole customer information. SundaySky detected unauthorized access on January 8, 2023, and had the forensic investigation … Read more