The Medical Licensing Board of Indiana has penalized obstetrician-gynecologist, Dr. Caitlin Bernard, based in Indianapolis, IN with $3,000 and issued a letter of reprimand for her violation of HIPAA and state privacy regulation after telling the media that she provided a 10-year-old rape victim with an abortion on July 1, 2022. In just hours after … Read more
Premom App Creator Pays $200,000 for Impermissible Disclosure of Users’ Health Data The Premom Ovulation Tracker app creator and distributor, Easy Healthcare, has decided to resolve an FTC complaint concerning violations of the Health Breach Notification Rule and FTC Act. According to the complaint, the company disclosed app users’ health information to third parties with … Read more
More or Less 6 Million People Impacted by PharMerica Data Breach In April 2023, there was an announcement by the Money Message ransomware group that it had accessed the systems of PharMerica and BrightSpring Health Services, then put the two on its data leak website. The group stated that it had exfiltrated databases that contain … Read more
Brightline Reports Approximately 964,300 Individuals Impacted by Fortra GoAnywhere Hack Brightline, a company offering virtual behavioral and mental services to households, has reported being affected by the cyberattack on Fortra’s GoAnywhere MFT file transfer solution. The attackers exploited a zero-day vulnerability targeting 130 companies during a 10-day period beginning on January 18, 2023. Although the … Read more
Credential Stuffing Attack Exposed United HealthCare Member Information United HealthCare (UHC) has begun informing a number of members about the potential disclosure of some of their protected health information (PHI) to unauthorized persons due to credential stuffing attacks carried out on the UHC mobile app. In credential stuffing attacks, the username and password combinations acquired … Read more
Ransomware actors continually attack the U.S. healthcare industry, cybercriminals are more and more using malware for data theft and providing persistent access to healthcare sites. Red teams are using legitimate penetration tools to cover up their malicious activity amongst real use of these tools. These are a few of the results of Blackberry’s latest Global … Read more
The Department of Health and Human Services’ Cybersecurity Task Force has released new resources to assist healthcare and public health (HPH) sector fight the increasing number of cyberattacks on the sector and enhance their cybersecurity posture. There is a new online educational platform with free cybersecurity training that HPH organizations can use to increase the … Read more
DNS NXDOMAIN DDoS Attacks on the Healthcare Sector The Health Sector Cybersecurity Coordination Center (HC3) released an advisory concerning a threat actor that is performing targeted distributed denial of service (DDoS) attacks on the healthcare industry in the U.S. The attacks entail sending to networks and servers a flood of fake Domain Name Server (DNS) requests for … Read more
The purpose of a compliance program is to help organizations in an industry create a culture of compliance in their workplace. A compliance program has seven elements or integrated processes. If applied properly, the seven elements can be useful for simplifying operational procedures, optimizing organizational performance, and reducing total expenditures. Although any industry can use … Read more
37,000 Health Plan Members Affected by SundaySky Cyberattack SundaySky based in New York provides businesses with software solutions for producing marketing videos. It recently reported that unauthorized persons acquired access to the servers in its cloud storage and possibly stole customer information. SundaySky detected unauthorized access on January 8, 2023, and had the forensic investigation … Read more