PHI Exposed at MetroHealth, Urgent Team Holdings, and The Guidance Center

MetroHealth Reports Exposure of 1,700 Patients’ PHI MetroHealth System based in Cleveland, OH, has advised around 1,700 patients regarding the impermissible disclosure of some PHI to other patients as a result of an error that took place during the updating of its electronic health record (EHR) system. A misconfiguration suggested that if patient records were … Read more

Charleston Area Medical Center and Colorado Physician Partners Announce Data Breaches

Charleston Area Medical Center Breach Impacts 54,000 Patients Charleston Area Medical Center (CAMC) based in Charleston, WV, has lately reported a phishing attack whereby unauthorized individuals gained access to the email accounts of a number of its personnel. The breach of the email accounts occurred between January 10 and 11, 2022. CAMC learned about the … Read more

Spokane Regional Health District and Central Minnesota Mental Health Center Report Data Breaches

Spokane Regional Health District (SRHD) based in Washington experienced once more a phishing attack. It is the second time this 2022, that the health district has publicized the potential exposure of patient information because a worker responded to a phishing email. SRHD announced on March 24, 2022 that its IT section found a breached email … Read more

Bipartisan Bill Introduced to Fortify Cybersecurity in Healthcare and Public Health Industry

A bipartisan pair of senators introduced a new bill that seeks to enhance the cybersecurity of the healthcare and public health (HPH) industry, in view of the latest White House notice regarding the escalating risk of Russian cyber threats. A week ago, President Biden and the White House released an alert concerning the higher threat … Read more

Security Problems Discovered in 75% of Infusion Pumps

This week, researchers at Palo Alto’s Unit 42 team posted a report that indicates security issues and vulnerabilities usually are present in smart infusion pumps. These bedside gadgets mechanize the supply of medicines and fluids to patients and are linked to networks to enable them to be remotely monitored by hospitals. The researchers utilized crowdsourced … Read more

NIST Asks for Responses on How to Enhance its Cybersecurity Framework

The National Institute of Standards and Technology (NIST) would like to get reviews on the helpfulness of its Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) and recommendations on any changes that could be done. The NIST Cybersecurity Framework was launched in 2014 to enable public and private field establishments to employ cybersecurity specifications … Read more

Federal Court Endorses PracticeFirst Data Breach Legal Case Dismissal

The U.S. District Court for the Western District of New York has proposed the dismissal of a class action data breach legal action versus Practicefirst Medical Management Solutions concerning a ransomware attack in 2020. Medical management services company Practicefirst located in Amherst, New York offers coding, bookkeeping, credentialing, billing, and compliance services to health care … Read more

Quick Patching Needed to Resolve Critical SAP Vulnerabilities

The German business software company SAP has introduced patches to resolve a number of critical vulnerabilities that have an effect on SAP programs that make use of the SAP Internet Communications Manager (ICM). Experts at Onapsis Research Labs discovered the vulnerabilities, which were referred to as the vulnerabilities ICMAD (Internet Communications Manager Advanced Desync). The … Read more

Data Breaches at Taylor Regional Hospital and a Connecticut Accountancy Firm

Taylor Regional Hospital Still Getting Back from January Cyberattack Taylor Regional Hospital based in Campbellsville, KY has encountered a cyberattack, which led to shutting down its IT and phone systems. The healthcare provider reported the cyberattack on January 24, 2021. Up to now, the hospital continues to encounter breakdowns with selected computer systems and telephone … Read more

Data Breaches At Houston Area Community Services, NYU Langone Health And County Of Kings In California

Houston Area Community Services, Nyu Langone Health and County Of Kings In California reported data breaches lately. Avenue 360 Health and Wellness Reports Worker Email Accounts Breach Houston Area Community Services, Inc., also known as Avenue 360 Health and Wellness, found out an unauthorized person has obtained access to the email accounts of several workers … Read more

Data Breaches Announced by Memorial Health System, MedQuest Pharmacy, and Oscar Health Plan of California

Memorial Health System in Ohio has just reported that the ransomware attack it suffered in August 2021 likely affected the protected health information (PHI) of 216,478 patients. Due to the ransomware attack, the health system needed to bring a number of patients to some other establishments and call off several appointments to make certain of … Read more

Interruption to Maryland Department of Health Services Persists a Month After Ransomware Attack

Maryland Chief Information Security Officer (CISO) Chip Stewart has given an announcement stating the disruption to Maryland Department of Health (MDH) services because of a ransomware attack. A data breach was noticed in the first hours of December 4, 2021, and immediate action was undertaken to isolate the breached server and restrict the attack. Stewart … Read more

BioPlus Specialty Pharmacy Services Deals with Class Action Lawsuit Due to Data Breach

A specialty pharmacy in Florida is confronted with a class-action lawsuit regarding an October 2021 cyberattack that caused the theft of the personally identifiable information (PII) and protected health information (PHI) of approximately 350,000 patients. BioPlus Specialty Pharmacy Services in Altamonte Springs, FL mentioned a hacker acquired access to its network between October 25, 2021 … Read more

Healthcare Supply Chain Association Publishes Guidance for Medical Device and Service Cybersecurity

The Healthcare Supply Chain Association (HSCA) has published guidance for healthcare delivery institutions, medical device makers, and service suppliers on acquiring medical devices to make them tougher to cyberattacks. The usage of health care devices in the field has increased at an astounding rate and they are at this time counted upon to give important … Read more

Accountancy Business Dealing with Class Action Lawsuit Claiming Negligence and Breach Notification Problems

The certified public accounting business in Chicago, IN, Bansley & Kiener LLP, is confronting a class action lawsuit regarding a data breach that was reported to government bodies this December 2021. The breach took place in the 2nd half of 2020. The investigation revealed that hackers acquired access to its network from August 20, 2020, … Read more

The payroll of Healthcare Organizations Endangered by Kronos Ransomware Attack

The number of healthcare companies impacted by the new ransomware attack on Kronos is rising during the last couple of days. Seven healthcare organizations already affirmed that they were affected by the attack. Kronos is an employees management and human capital management system provider located in Lowell, MA that numerous healthcare providers employ for payroll, … Read more

Ransomware Attack Has Affected 81,000 Howard University College of Dentistry Patients

On September 3, 2021, Howard University College of Dentistry learned that unauthorized people had acquired access to its network and employed ransomware to encrypt files. The university made an announcement shortly after the attack that it was compelled to call off online and hybrid classes during the time its systems were fixed, and that a … Read more

Patient Sues Eskenazi Health Over Ransomware Attack

The protected health information (PHI) of an Eskenazi Health patient was stolen in a ransomware attack last August 2021. The patient is now suing the healthcare company in relation to the data breach. It is now usual for ransomware groups to exfiltrate sensitive information before utilizing ransomware for file encryption. The stolen information is utilized … Read more

Class Certification Order Lifted in Data Breach Lawsuit Against West Virginia University Health System

West Virginia University Health System is facing a class-action lawsuit over a breach of the protected health information (PHI) of 7,445 patients, but the Supreme Court of Appeals of West Virginia has lifted the class certification order. The lawsuit is associated with an insider data breach that happened in 2016. Between March 2016 and January … Read more

University Hospital Newark Reports More Than 19,000 Patients Affected by Insider Theft

University Hospital Newark (NY) learned that an ex-employee obtained the protected health information (PHI) of hundreds of patients by accessing the records with no authorized permission for over one year. That information was then given to other people who were likewise not permitted to see the data. Insider breaches including this are rather typical, however, … Read more

Two Printing Companies To Pay $130,000 to Settle HIPAA and CFA Violations

The New Jersey Attorney General has permitted a $130,000 settlement deal with two printing organizations to resolve supposed New Jersey Consumer Fraud Act (CFA) and Health Insurance Portability and Accountability Act (HIPAA) violations that led to a compromise of the protected health information (PHI) of 55,715 residents in New Jersey. Strategic Content Imaging, LLC (SCI) … Read more

PHI of 320,000 Patients Possibly Exposed in EHR Vendor Hacking Incident

QRS Inc based in Tennessee, a company providing healthcare technology services, Paradigm practice management and electronic health records (EHR) solutions, has reported a data breach that affected the protected health information (PHI) of nearly 320,000 persons. The cyberattack was discovered on August 26, 2021, after three days of the actual server breach. In its breach … Read more

42% of Healthcare Organizations Have Not Created an Incident Response Plan

Hacks, ransomware attacks, and other IT security occurrences are the reason for most data breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights, however, data breaches relating to physical documents are also prevalent. The Verizon Data Breach Investigations Report revealed that compromised physical files were 43% of all data … Read more

The Privacy Act Training and HIPAA

When a government agency gives medical care services, there may be instances in which staff members must undertake HIPAA and Privacy Act training. Moreover, as a rising number of states make their own privacy legislation, there may additionally be instances when personnel of state agencies necessitates HIPAA and Privacy Act training. The Privacy Act of … Read more

MITRE Introduces Centers to Safeguard Critical Infrastructure and Public Safety

Two new establishments announced by MITRE are assigned to address vital healthcare challenges and enhance cybersecurity to better secure critical infrastructure. MITRE is a non-profit firm that handles government-funded research and development centers to help government bureaus in defense, homeland security, healthcare, cybersecurity, and other sectors. MITRE Labs was started in 2020 in connection with … Read more

Class Action Lawsuit Versus Elekta Because of Ransomware Attack and PHI Breach

One of Northwestern Memorial HealthCare’s (NMHC) former patient filed a lawsuit against Elekta Inc. concerning its ransomware attack and data breach in April 2021. Numerous U.S. healthcare companies are business associates with Elekta, a Swedish company providing radiation medical therapies and associated equipment data services. Cybercriminals attacked Elekta’s web-based system that is employed to hold … Read more

OCR Releases Guidance about HIPAA and COVID-19 Vaccination Status Sharing

The Department of Health and Human Services’ Office for Civil Rights has released guidance to teach the general public regarding the application of the Health Insurance Portability and Accountability Act (HIPAA) laws when it comes to sharing of COVID-19 vaccination status data and requests from persons regarding whether an individual has gotten immunization against COVID-19. … Read more

K and B Surgical Center and Healthpointe Medical Group Inform Patients Concerning Hacking Incidents

K and B Surgical Center located in Beverley Hills, CA uncovered that an unauthorized person accessed its computer system. The healthcare provider discovered the security breach on March 30, 2021, and a third-party forensic investigation confirmed the breach of its network between March 25 and March 30. When K and B Surgical Center became aware … Read more

PHI of 36,500 Austin Cancer Centers Patients Compromised

Austin Cancer Centers is informing 36,503 patients regarding the exposure of some of their protected health information (PHI) because of a security incident identified on August 4, 2021. Unauthorized people were found to have acquired access to computer systems and put in malware. To avoid continuing unauthorized access, computer systems were quickly turned off and … Read more

OCR Reports 20th Financial Penalty With Regards to the HIPAA Right of Access Enforcement Initiative

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued the HIPAA Right of Access enforcement initiative’s 20th financial penalty. Pediatric care provider Children’s Hospital & Medical Center (CHMC) located in Omaha, Nebraska, was instructed to pay a fine of $80,000 to settle an alleged HIPAA Right of Access violation and … Read more

PHI Breach Affects 600,000 DuPage Medical Group Patients

DuPage Medical Group, the biggest independent physician group based in the Illinois state, has begun informing around 600,000 patients regarding a security breach whereby their personal data and protected health information (PHI) were potentially exposed. DuPage Medical Group discovered suspicious stuff in its computer system on July 13, 2021 and involved cyber forensic experts to … Read more

CISA Releases Guidance on Protecting Sensitive Information and Responding to Double-Extortion Ransomware Attacks

Ransomware attacks are significantly more in 2020 and there is no indication that cyberattacks utilizing the file-encrypting malware will decrease. Attacks still grow this 2021 to the stage where there was virtually one-half the number of attempted ransomware attacks in Quarter 2 of 2021 as there were in the entire 2019. Many threat actors doing … Read more

PHI Compromised in Breaches Impacting Children’s Hospital of The King’s Daughters and Yale New Haven Health Services Corporation

The email accounts of a few workers of Children’s Hospital of The King’s Daughters (CHKD) located in Norfolk, VA were compromised in a phishing attack. CHKD mentioned in its August 10, 2021 breach notification that the attack happened on April 20, 2021. After discovering the breach, the hospital promptly secured the email environment and engaged … Read more

Accidental PHI Disclosures at LA Fire Department and Standard Modern Company

The Los Angeles Fire Department has found out that 4,900 workers’ COVID-19 vaccination statuses were inadvertently exposed on the internet. A list that included the full names of employees, birth dates, employee numbers, and COVID-19 vaccination data (vaccination dates, doses, or rejected vaccine) had been posted on a site viewable to the public. When that … Read more

Old Scripps Health Employee Violates HIPAA in COVID-19 Unemployment Benefits Fraud Case

The Department of Justice has reported nine locals in San Diego who were charged in two different indictments associated with the stealing of patients’ protected data and the filing of fake claims for pandemic unemployment benefits. As per the Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020, new unemployment insurance was given to … Read more

REvil Ransomware Websites Vanished Fueling Rumours of Law Enforcement Shutdown

The well-known REvil ransomware gang’s Internet and dark websites have all of a sudden vanished, days following President Biden talked to Vladimir Putin demanding action against ransomware groups and other cybercriminals performing attacks from inside Russia on American firms. At about 1 a.m. on Tuesday, the sites that the gang utilizes for leaking information of … Read more

Passwords Susceptible to Brute Force Attacks Created by Kaspersky Password Generator Due to a Vulnerability

Security researchers have identified a vulnerability in the random password generator of the Kaspersky Password Manager (KPM). The generated passwords were prone to brute force attacks. Password managers usually have a password generator to give users the ability to create distinct, random, difficult passwords for their accounts. In the latest blog article, researchers at security … Read more

REvil Ransomware Attack on the University Medical Center of Southern Nevada

University Medical Center of Southern Nevada (UMC) has suffered a ransomware attack that resulted in patient data theft. The medical center affirmed its identification of suspicious activity in the hospital system in the middle of June and took speedy action to control the problem and limit unauthorized access to its servers. The cyberattack investigation is … Read more

Multiple Class Action Lawsuits Filed Against Scripps Health over Ransomware Attack

Scripps Health based in San Diego is dealing with multiple class action lawsuits due to a ransomware attack in April 29, 2021 that affected 147,267 individuals. Because of the attack, the 5-hospital healthcare system had to take down online systems as it remediates the attack, including its patient website. Although Scripps Health continued to provide … Read more

Email Breach Incidents at South Texas Health System and Atricure

South Texas Health System has advised 6,761 regarding their protected health information (PHI) that had been accidentally disclosed. South Texas Health System gives discharge information right after patients get health care care in its healthcare facilities. Part of that practice entails a staff member making and sending a monthly statement that lists patients who were … Read more

HSCC Prompts Biden to Help Fund and Reinforce Cybersecurity Posture of the Healthcare Sector

The Healthcare and Public Health Sector Coordinating Council (HSCC) has advised President Biden to provide additional funds and support to enhance the cybersecurity posture of the healthcare industry to increase resilience against cyberattacks. In a new letter addressed to President Biden and duplicated to Senate and House party leaders, the HSCC asked for more finances … Read more

Data Breach Reports of Hoboken Radiology and Glacier Medical Associates

Hoboken Radiology located in New Jersey has commenced informing patients concerning a security breach that transpired from June 2, 2019 to December 1, 2020. In the latest report, Hoboken Radiology mentioned it got a notice on November 3, 2020 with regards to dubious activity in its medical imaging server. Independent cybersecurity experts were involved to … Read more

FBI Alerts of Ongoing Conti Ransomware Attacks on Healthcare Companies and First Responders

A TLP: WHITE flash alert has been issued by the Federal Bureau of Investigation (FBI) regarding persistent Conti ransomware attacks directed at providers of healthcare and first responder systems. As per the FBI, the Conti ransomware gang already launched attacks on 16 healthcare and first responder networks in the U.S. Besides healthcare companies, the gang … Read more

President Biden Approves the Expansive Executive Order to Strengthen Federal Networks Cybersecurity

On May 13, 2021, President Joe Biden approved an extensive Executive Order that aspires to considerably reinforce cybersecurity defenses for government systems, boost threat information sharing among the government, the private sector, and police authorities, and create a cyber threat response playbook to quicken incident response and alleviation. The 34-page Executive Order consists of brief … Read more

CISA Status Updates of FiveHands Ransomware Threat

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has released a notification concerning a new ransomware variant that is utilized in attacks on many industry sectors, such as medical care. Thus far, the threat group responsible for the attacks has mostly focused on small- to medium-sized firms, as per FireEye’s researchers who have been monitoring … Read more

PHI Potentially Exposed at Manquen Vance, DNF Medical Centers and Peak Vista Community Health Breaches

The Manquen Vance group health plan broker and consultancy firm based in Michigan, called Cornerstone Municipal Advisory Group in the past – is notifying 7,018 people with regards to a potential exposure of their personal and health information (PHI). The investigation began on November 16, 2020 because the company found suspicious activity with an employee’s … Read more

HSCC Creates Guidance on Protecting the Telehealth and Telemedicine Ecosystem

Healthcare companies are more and more using health information technology to offer patients virtual medical care services. Telehealth services enable patients residing in rural locations and the elderly get needed healthcare services, and the COVID outbreak has resulted in a significant growth in telehealth to deliver virtual medical care services to patients to lessen the … Read more

Multiple Threat Groups Exploit Vulnerabilities in Mission Critical SAP Systems

Security company Onapsis researchers have noticed cybercriminals taking advantage of several vulnerabilities identified in mission-critical SAP systems. As of mid-2020, over 300 detected attacks were taking advantage of at least one of six unpatched vulnerabilities. Cybercriminals are hight targeting vulnerabilities in SAP systems because of the extensive usage of SAP systems. SAP states that 92% … Read more

PHI from A Number of Covered Entities Shared on GitHub

Med-Data Inc. has affirmed that the protected health information (PHI) of patients of a number of of its clients were published on GitHub, an open-source software creation hosting site. And unauthorized persons could have viewed the information. The revenue cycle management services vendor located in Spring, TX provides support to healthcare providers and health plans … Read more

FBI Issues Alert Concerning Mamba Ransomware

A rise in cyberattacks employing Mamba ransomware made the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) to release a flash alert cautioning agencies and businesses in various sectors concerning the potential issues of the ransomware. Unlike a lot of ransomware variants with their unique encryption activities, Mamba ransomware has adapted … Read more

Data Breaches at California Department of State Hospitals and Mendelson Kornblum Orthopedic and Spine Specialists

The Department of State Hospitals (DSH) in California has found out a worker got access to the protected health information (PHI) of 1,415 current/former patients and 617 workers without consent. The staff had an Information Technology position and received access to data servers having sensitive patient and staff information so as to do work responsibilities. … Read more

Email Security Breach at Saint Alphonsus Health System and Southeastern Minnesota Center for Independent Living

Saint Alphonsus Health System based in Boise, ID encountered a phishing attack that allowed the potential compromise of patient data. The attack likewise affected patients of Saint Agnes Medical Center in Fresno, CA. Saint Alphonsus found abnormal activity in the email account of an employee on January 6, 2021. The provider promptly secured the account, … Read more

Two People Terminated for Impermissible Disclosures of Sensitive Data to Third Parties

Humana discovered that its business associate’s subcontractor had a worker who impermissibly disclosed the protected health information (PHI) of about 65,000 of members to a third-party for training purposes. Humana hired Cotiviti to provide support in requesting medical records. And then, Cotiviti employed a subcontractor to check the requested health files. As per HIPAA, subcontractors … Read more

Data Breaches at Covenant Healthcare, University Hospital, And Fisher-Titus Medical Center

Covenant Healthcare based in Saginaw, MI has found out that an unauthorized person obtained access to two email accounts of staff members. The account contained the protected health information (PHI) of about 45,000 patients. The provider discovered the security breach on December 21, 2020, and the investigation of the email breach revealed that the first … Read more

Class Action Lawsuit Versus Wilmington Surgical Associates Because of the Netwalker Ransomware Attack

Wilmington Surgical Associates based in North Carolina is confronting a class action lawsuit in association with a Netwalker ransomware attack that caused a data breach in October 2020. In the majority of ransomware attacks these days, files were exfiltrated just before deploying the ransomware. In this instance, the Netwalker ransomware group stole 13GB of information … Read more

Ransomware Gang Exposes Data Stolen from Two U.S. Healthcare Companies

The Conti ransomware gang has exposed a sizeable collection of healthcare records online that was purportedly thieved from Nocona General Hospital in Texas and Leon Medical Centers in Florida. Leon Medical Centers encountered a Conti ransomware attack in the beginning of November 2020, which was in the beginning reported to the HHS’ Office for Civil … Read more

Recent Phishing Attacks at Lynn Community Health Center, Auris Health and Montgomery Hospice

A brief summary of healthcare phishing attacks that were published recently. PHI of 1,800 Patients Likely Exposed Because of Lynn Community Health Center Phishing Attack Lynn Community Health Center (LCHC) based in Massachusetts found out that an unauthorized individual accessed an employee’s email account right after responding to a phishing email message. LCHC identified the … Read more

7-Year Breach of Florida Medicaid Applicants’ PHI Because of Failing to Patch

Florida Healthy Kids Corporation, a Medicaid health plan based in Tallahassee, FL, learned that its web hosting service provider failed to patch vulnerabilities and cybercriminals exploited it to get access to its site and the protected health information (PHI) of persons applying for benefits in the past 7 years. Florida Healthy Kids utilized Jelly Bean … Read more

Attacks on Healthcare Industry Web Application Increased by 51% in the Last Two Months

Cybersecurity company Imperva published a new report that revealed a considerable increase of attacks on healthcare industry web apps. Imperva Research Labs recorded a 51% increase in web app attacks from November 2020 to December 2020, the same time when COVID-19 vaccines rolled out. Imperva SVP Terry Ray stated that 2020’s cyber activity was unmatched … Read more

Federal Task Force States the Likely Russian Origin of the SolarWinds Supply Chain Attack

The Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) issued a joint statement with the approval of the Trump Administration saying that Russian threat actors are behind the supply chain attack on SolarWinds Orion software. … Read more

Data Breaches Reported by Northwestern Memorial Hospital, Apex Laboratory, and Five Points Eye Care

Northwestern Memorial Hospital in Chicago learned that an ex – temporary employee may have accessed the health records of a number of patients without valid authorization while doing work at the hospital. The hospital discovered the unauthorized information access on December 2, 2020. An evaluation of access records showed the person looked at patient data … Read more

NSA Alerts of Authentication System Abuse to Get Access to Cloud Resources

The U.S. National Security Agency (NSA) has released an advisory about two hacking tactics that threat groups are using presently to obtain access to cloud resources filled with protected records. These strategies take advantage of authentication mechanisms and let attackers to steal credentials and get persistent access to systems. Threat actors who breached the SolarWinds … Read more

Serious Vulnerabilities Found in Medtronic MyCareLink Smart Patient Readers

Three serious vulnerabilities were discovered in Medtronic MyCareLink (MCL) Smart Patient Readers, which can possibly be taken advantage of to acquire access to and alter patient information from the paired implanted cardiac product. Remote code execution on the MCL Smart Patient Reader can be done when exploiting the vulnerabilities together, enabling an attacker to seize … Read more

UVM Health Electronic Health Record System is Now Operational a Month After Cyber Attack

University of Vermont Health Network made an announcement that its electronic health record (EHR) system is again back online, one month after experiencing a ransomware attack. The ransomware attack transpired on October 25, 2020 and resulted in a substantial disruption in six of its hospitals. Over the past month, staff members had no option but … Read more

$65,000 Fine Issued for University of Cincinnati Medical Center Due to HIPAA Right of Access Violation

The HHS’ Office for Civil Rights reported its 18th HIPAA financial penalty for 2020 – the 12th penalty given under the HIPAA Right of Access enforcement initiative. In 2019, OCR launched a new initiative to make certain folks have quick access to their medical records, at a sensible fee, as governed by the HIPAA Privacy … Read more

Private Practitioner to Pay $15,000 Penalty for HIPAA Right of Access Failure

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) reported the 11th financial penalty in connection with its HIPAA Right of Access enforcement initiative to Dr. Rajendra Bhayani. Dr. Bhayani who is a private practitioner based in Regal Park, NY specializing in otolaryngology is going to pay a $15,000 financial penalty … Read more

Blackbaud SEC Filing Provides Updated Information on Data Breach and Costs of Mitigation

The number of victims filing reports of being impacted by the Blackbaud ransomware attack and data breach has grown over the past couple of weeks. The Department of Health and Human Services’ Office for Civil Rights breach portal is continually being updated to log healthcare victims. The entities most recently added are OSF HealthCare System, … Read more

TigerConnect Survey Shows Prevalent Support for Telehealth Among Patients and Healthcare Providers

The coronavirus pandemic has triggered a significant increase in healthcare providers extending telehealth services to individuals. Virtual consultations are being made available to minimize the number of individuals traveling to hospitals and clinics to restrict propagation of the virus to make sure of patient safety. The growth in use is because of necessity, nevertheless new … Read more

Silent Librarian Spear Phishing Campaign On Universities Recommenced

Silent Librarian, also called Cobalt Dickens and TA407, based in Iran has initiated again spear phishing attacks on colleges in the US and across the world. Since 2013, the hacking group has been doing attacks to get access to login credentials and swipe intellectual property and research files. Stolen credentials and data are afterwards marketed … Read more

Community Health Systems To Pay $5 Million to Resolve Multi-State Action

Community Health Systems based in Franklin, TN and its subsidiary CHSPCS LLC agreed to resolve a multiple-state action with 28 state attorneys general by paying $5 million. An investigation headed by Attorney General Herbert H. Slatery III of Tennessee began subsequent to a protected health information (PHI) breach involving 6.1 million persons in 2014. During … Read more

A Number of Lawsuits Filed Because of the Recent Healthcare Data Breaches

People have taken legal action because of the impact of the recent data breaches that happened at Blackbaud and BJC Healthcare resulting in the disclosure and theft of their private data and protected health information (PHI). A Number of Lawsuits Filed in Relation to the Blackbaud Ransomware Attack The Blackbaud data breach is one of … Read more

Breaches Affect Patients at Starling Physicians, Advocate Aurora Health, Moffitt Cancer Center and INTEGRIS Baptist Medical Center

7,777 Starling Physicians Patients Affected by Email Breach Starling Physicians in Rocky Hill, CT began sending notifications to 7,777 patients concerning an unauthorized individual who potentially got access to some of their protected health information (PHI) saved in email accounts. Starling Physicians discovered a breach of its email environment on or about July 7, 2020. … Read more

Over 260,000 Patients Affected by Cybersecurity Attacks

A ransomware attack on Assured Imaging in Tucson, AZ enabled attackers to encrypt its medical record system. Assured Imaging is a Rezolut Medical Imaging subsidiary and provider of Health Screening and Diagnostic Services. Assured Imaging uncovered the ransomware attack on May 19, 2020 and worked immediately to halt more unauthorized access and regain the encrypted … Read more

TigetConnect and Call Scheduler Announces TigerSchedule Automated On-Call Physician Scheduling

TigerConnect announced its acquisition of Adjuvant’s Call Scheduler solution and has integrated it into the TigerConnect’s clinical communication and collaboration (CC&C) platform called TigerSchedule™. The Call Scheduler solution added advanced on-call physician scheduling functions to the TigerConnect platform, so that users can automate on-call and job assignments, boost efficiency, and reinforce collaboration among healthcare teams. … Read more

FBI and CISA Give Joint Alert Concerning Vishing Campaign Targeting Remote Workers

There is an ongoing voice phishing (vishing) campaign that targets remote employees from numerous industries. The attackers impersonate a respected entity and employ social engineering strategies to get targets to expose the credentials of their company Virtual Private Network (VPN). The DHS Cybersecurity and infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) … Read more

NIST Issues Final Guidance on Creating Zero Trust Architecture to Strengthen Cybersecurity Defenses

NIST has publicized the finalized version of its zero trust architecture guidance document (SP 800-207) to help out private sector institutions to implement this cybersecurity idea to strengthen their security posture. Zero trust is a strategy that consists of modifying defenses from stationary, network-based perimeters to target on users, tools, and resources. Through zero trust, … Read more

PHI Compromised in Email Security Breaches at FHN and Elkins Rehabilitation & Care Center

The healthcare system FHN based in Freeport, IL is informing a number of patients that an unauthorized person has possibly gained access to many employees’ email accounts between February 12 and February 13, 2020 ensuing in the likely exposure of their protected health information (PHI). FHN stated on April 20, 2020 that as per the … Read more

Small North Carolina Health Services Agreed to Pay $25,000 for HIPAA Security Rule Violations

The HHS’ Office for Civil Rights (OCR) reported that it has come to a $25,000 settlement deal with Metropolitan Community Health Services to resolve its HIPAA Security rule violations. Metropolitan Community Health Services centered in Washington, NC is a Federally Certified Health Center which delivers integrated medical, behavioral health, dental & pharmacy assistance for grownups … Read more

Russian APT Group is Focusing on Institutions Engaged in COVID-19 Research

Russian APT Group is Focusing on Institutions Engaged in COVID-19 Research The APT29 hacking gang, otherwise known as Cozy Bear, is focusing its attacks on healthcare companies, pharmaceutical suppliers, and research organizations in the United Kingdom, United States, and Canada and is seeking to gain access to research data regarding COVID-19 and the development of … Read more

States Begin to Make Interim COVID-19 Telehealth Changes For Good

States announced interim emergency waivers to their telehealth laws soon after the HHS’ Centers for Medicaid and Medicare Services (CMS) made a decision to widen telehealth services access and expand coverage in responding to the COVID-19 crisis. Healthcare companies and patients have accepted the adjustments to telehealth guidelines, which upgraded access to telehealth services to … Read more

Phishing Attacks in NC and TX Expose 30,000 Patients’ PHI

Choice Health Management Services located in Claremont, NC, a rehabilitation services provider and owner of a number of assisted living facilities in South and North Carolina, has suffered an email security breach impacting its staff, and present and old patients. Choice Health discovered the security breach at the end of 2019 when shady activity was … Read more

Not Enough Visibility and Poor Access Management are Big Contributors to Cloud Data Breaches

More businesses today are working on their digital transformations and are using the versatility, scalability, and cost savings offered by public cloud spaces. However, the security of public clouds can pose a big challenge. One of the primary issues that has hindered businesses from using the public cloud is security. Security teams frequently feel that … Read more

Software Error in Telehealth App Allowed Patients to Access Videos of Other Patients’ Consultations

A chatbot and telehealth startup company located in the UK has sustained an embarrassing privacy breach this week. Babylon Health made a telehealth application that general practitioners could utilize for virtual consultations with patients. The app permits users to make consultations with their physicians, make use of an AI-based chatbot for triage, and conduct voice … Read more

Fake VPN Warnings Employed as Bait in Office 365 Information Phishing Campaign

A phishing campaign was known to use bogus VPN notifications as a bait so that remote personnel would disclose their Office 365 information. Healthcare organizations are performing more telehealth services at this time of the COVID-19 public health crisis to help avoid the propagation of COVID-19 and make certain that healthcare companies can keep on … Read more

Russian Sandworm Hacking Group Exploits Exim Mail Servers

A Russian hacking group named Sandworm (Fancy Bear) is taking advantage of an Exim Mail Transfer Agent vulnerability, which is typically employed for Unix-based systems. The vulnerability, monitored as CVE-2019-10149, is a remote code execution vulnerability which was found in Exim version 4.87. An update to resolve the vulnerability was made available on June 5, … Read more

PHI Exposed Due to Geisinger Wyoming Valley Medical Center and District Medical Group Data Breaches

District Medical Group (DMG) in Arizona, which is an integrated medical group, has commenced informing 10,190 patients about the potential compromise of some of their protected health information (PHI). On March 11, 2020, DMG learned that an unauthorized man or woman had acquired access to the email accounts of a number of its employees after … Read more

Study Reveals That Paying a Ransom Increases Two-fold the Expense of Recovery from a Ransomware Attack

Institutions that suffer a ransomware attack could be persuaded to pay the ransom to diminish downtime and costs on recovery, yet a Sophos survey shows institutions that pay the ransom in fact wind up expending far more than those that restore their files using backups. The FBI doesn’t endorse paying a ransom since doing so … Read more