State privacy laws can supersede HIPAA when they provide greater protection for individuals' privacy rights than what is mandated by...
Compliance News
Who Enforces HIPAA?
The enforcement of HIPAA, specifically the Privacy and Security Rules, falls under the jurisdiction of the U.S. Department of Health and...
What is a HIPAA breach?
A HIPAA breach refers to any unauthorized acquisition, access, use, or disclosure of PHI that compromises its security or privacy....
Congress report indicates surge in HIPAA complaints over five-year period.
In an annual report published by the Office for Civil Rights (OCR) with the U.S. Department of Health and Human Services Office for Civil...
Does HIPAA apply after death?
Yes, under the HIPAA Privacy Rule, the protections afforded to an individual's Protected Health Information (PHI) continue to apply and...
What happens when HIPAA is violated?
When HIPAA is violated, covered entities or individuals can face a range of consequences including investigations by the Office for Civil...
BD Releases Security Alerts Concerning Pyxis and Synapsys Vulnerabilities
BD has released security notifications regarding two vulnerabilities that have an effect on particular BD Pyxis electronic medication...
OCR Issues Guidelines on Audio-Only Telehealth
The Department of Health and Human Services' Office for Civil Rights has issued new guidance to healthcare providers for the use of...
HHS ONC and OCR Release Updated HIPAA Security Risk Assessment Tool
A new version of the Security Risk Assessment tool has been released by the Department of Health and Human Services’ the Office for Civil...
Report Finds A Third Of Top US Hospitals Share Patient Data To Facebook
An investigation has revealed that Facebook is receiving personal patient information from roughly a third of the top U.S. hosipital's...
Connecticut Passes Comprehensive Data Privacy Legislation
Connecticut has joined Colorado, Utah California, and Virginia in approving an all-inclusive new data privacy rule that sets...
Cyberattack Reported by Salusive Health and New Creation Counseling Center
Salusive Health, the programmer of the myNurse platform, which aids physician practices to facilitate disease management, has suffered a...
Malware Attacks on Squirrel Hill Health Center and La Clinica de la Raza and Laptop Theft at Woolfson Eye Institute
La Clinica de la Raza based in Oakland, CA is notifying a number of patients with regards to a likely compromise of their protected health...
FBI/CISA Alert on Continuing Attacks On Vulnerable Fortinet FortiOS Servers
Advanced persistent threat (APT) actors are targeting vulnerabilities in the Fortinet FortiOS operating system to obtain access to servers...
Data Breaches at Mobile Anesthesiologists Patients, Heart Of Texas Community Health Center And Haven Behavioral Healthcare
Mobile Anesthesiologists lately found out about the compromise of some patients’ protected health information (PHI) as a result of a...
FBI Issues Alert of Rise in Business Email Compromise Attacks on State And Local Governments
The Federal Bureau of Investigation (FBI) in its March 17, 2021 Private Industry Notification notified state, local, tribal, and...
US Healthcare Ransomware Attacks Cost in 2020 Estimated at $21 Billion
Ransomware attacks on the healthcare sector exploded in 2020. No less than 91 U.S. healthcare companies experienced ransomware attacks, 50...
PHI Exposed Due to Breaches at Elara Caring, Cornerstone Care and ProPath
Elara Caring, one of the United States' biggest home-based medical care services providers, has encountered a phishing attack that...
Roundup of Recent Healthcare Data Breaches
Email Accounts Breach at Summit Behavioral Healthcare Summit Behavioral Healthcare based in Brentwood, TN found out about the breach of...
Online Storage Vendor Pays Ransom Demand to Retrieve Healthcare Data Stolen On Cyberattack
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen...
21st Century Oncology’s Proposed Data Breach Settlement Gains Initial Approval
The court has granted preliminary approval of a settlement offered by 21st Century Oncology to solve a November 2020 class-action legal...
Email Account Breach at Charles J. Hilton & Associates P.C. and Nevada Health Centers
University of Pittsburgh Medical Center (UPMC) has made an announcement that the protected health information (PHI) of around 36,000...
Multinational Law Enforcement Campaign Takes Down the Emotet Botnet
Europol reported that the infamous Emotet Botnet was taken down in connection with a multinational law enforcement operation. Law...
Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network
Roper St. Francis Healthcare has advised 189,761 patients regarding an unauthorized person who accessed some of their protected health...
Excellus Health Plan Pays $5.1 Million Penalty to Settle HIPAA Violation Case
The Department of Health and Human Services’ Office for Civil Rights has reported that health insurance provider Excellus Health Plan has...
Ransomware Attacks at Lake Region Healthcare and the University of Vermont Health Network
Lake Region Healthcare in Fergus Falls, Minnesota is looking into a ransomware attack that was earliest noticed on December 22, 2020. The...
2020’s Largest Healthcare Data Breaches
2020 was a really bad year when it comes to healthcare industry data breaches. There were 616 data breaches involving 500 or more health...
Data Breaches at Agency for Community Treatment Services, Proliance Surgeons and Leon Medical Centers
Agency for Community Treatment Services, Inc. (ACTS) in Tampa, FL is notifying a number of patients regarding the potential compromise of...
NIST Issues Final Guidance on Safeguarding the Picture Archiving and Communication System (PACS) Ecosystem
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has issued a final...
Seasonal Worker Sentenced to 42-Months Imprisonment for Theft of Data from Healthcare.Gov Database
A seasonal worker at a tech firm based in Virginia was sentenced to 42 months in prison for accessing patient files, stealing personally...
Mercy Health and Montefiore Medical Center Reported Insider Data Breaches
Mercy Health And Montefiore Medical Center have reported insider data breaches recently. In the two occurrences, an employee viewed...
Healthcare Data Breaches at Fairchild Medical Center, Indian Health Council Inc. and Harvard Pilgrim Health Care
Fairchild Medical Center located in Yreka, CA, started informing a number of patients about the likely access of their protected health...
Cyberattackers Ask for Ransom Demands from Advanced Urgent Care of Florida Keys and Galstan & Ward Family and Cosmetic Dentistry
Advanced Urgent Care of Florida Keys began sending breach notifications to patients on November 6, 2020 concerning a ransomware attack...
Zoll Takes Legal Action Against IT Vendor for Breach of 277,000-Records
The US District Court in Massachusetts filed a legal action on behalf of the medical device supplier Zoll against its IT service vendor...
Blackbaud SEC Filing Gives Additional Details on Data Breach and Expenditures of Mitigation
The number of entities submitting reports of being impacted by the Blackbaud cyberattack and security breach has increased in the past few...
Most Microsoft 365 Admins Have Not Setup Multi-Factor Authentication
CoreView published a new report revealing that a lot of Microsoft 365 admins haven’t activated multi-factor authentication to keep their...
HITRUST Certification Shows LuxSci’s Dedication to Safeguarding Data Privacy and Security
LuxSci, a HIPAA-compliant email communications services provider located in Massachusetts, has publicized that it has obtained HITRUST CSF...
CISA Warns Companies to Patch Wormable ‘Bad Neighbor’ Windows TCP/IP Vulnerability Immediately
On October 2020 Patch Tuesday, Microsoft issued a patch to resolve a critical remove code execution vulnerability found in the Microsoft...
Breaches at Legacy Community Health Services, Georgia Department of Human Services and Einstein Healthcare Network
Legacy Community Health Services Phishing Attack Affects 228,000 Persons Legacy Community Health Services in Texas is notifying 228,009...
Companies Facilitating or Making Ransomware Payments Could Face Sanction Risks
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has notified that firms that make ransom payments to hackers on...
Premera Blue Cross HIPAA Penalty of $6.85 Million is the 2nd Largest HIPAA Violation Penalty Ever
The Department of Health and Human Services’ Office for Civil Rights (OCR) has required a $6.85 million HIPAA fine on Premera Blue Cross...
Athens Orthopedic Clinic Settles its HIPAA Violation for $1.5 Million
The HHS’ Office for Civil Rights made an announcement regarding a settlement it has arrived at with Athens Orthopedic Clinic PA to take...
OCR Issued Five HIPAA Fines for HIPAA Right of Access Failures
The Department of Health and Human Services’ Office for Civil Rights reported five settlements that resolved HIPAA violations related to...
CISA Releases Technical Guidance on Finding and Remediating Malicious System Activity
The Cybersecurity and Infrastructure Security Agency (CISA) has fairly recently given guidance for network defenders and incident response...
PHI of Almost 19,000 Individuals Affected by Breaches at Cook Children’s Medical Center, D&S Residential Holdings and City of Lafayette
1,768 Persons Affected by Cook Children’s Medical Center Breach Cook Children’s Medical Center based in Fort Worth, TX discovered that a...
New FritzFrog P2P Botnet Targets SSH Servers of Banking Institutions, Educational Organizations, and Medical Centers
A new peer-to-peer (P2P) botnet was found targeting SSH servers located in IoT devices and routers that allow connections from remote...
657,392 Northern Light Health Foundation Donors Impacted by Blackbaud Ransomware Attack
The 10-hospital integrated healthcare system called Northern Light Health Foundation, which is located in Brewer, ME, has reported that...
Children’s Hospital Colorado Phishing Attack and Hoag Clinic Laptop Computer Theft
Children’s Hospital Colorado is informing 2,553 patients concerning the possible access of their protected health information (PHI)...
Breaches at Beaumont Health, Southcare Minute Clinic and Samaritan Medical Center
Beaumont Health, which is the leading healthcare organization in Michigan, began informing about 6,000 patients concerning the potential...
Cyberattacks at Highpoint Foot and Ankle Center and the University of Utah Affects 35,000+ Patients’ PHI
Highpoint Foot and Ankle Center based in New Britain Township, PA encountered a ransomware attack in May 2020 during which the attackers...
Breaches at Quantum Imaging and Therapeutic Associates, Delaware Department of Health and Social Services and US HealthCenter
The radiology practice Quantum Imaging and Therapeutic Associates located in Pennsylvania made an announcement that they received reports...
Breaches at Central California Alliance for Health, Wisconsin Department of Corrections and Hutton & Hale, D.D.S., Inc.
Breaches at Central California Alliance for Health, Hutton & Hale, D.D.S., Inc. and Wisconsin Department of Corrections The Central...
Up to 69,000 Persons Affected by Cyberattacks on Healthcare Fiscal Management and Friendship Community Care
Nearly 69,000 Persons Affected by Cyberattacks on Healthcare Fiscal Management and Friendship Community Care Healthcare Fiscal Management...
Ransomware Attacks on North Shore Pain Management and Florida Orthopaedic Institute
North Shore Pain Management (NSPM) based in Massachusetts started sending notifications to 12,472 patients because hackers potentially...
Hacker Busted and Charged for the UPMC Cyberattack in 2014
The United States Attorney’s Office of the Western District of Pennsylvania announced the arrest of a person who was accused of the breach...
PHI Exposed Due to Breaches at Cano Health and the Department of Behavioral Health and Intellectual Disability Services
Cano Health, a population health management firm and healthcare service provider located in Florida, reported that an unauthorized...
St Joseph Health System Confirms the Improper Disposal of Patient Documents by Health Record Storage Center
St Joseph Health System in North Central Indiana is notifying patients concerning the compromise of some of their protected health...
Increase in Mobile Phishing Attacks During the COVID-19 Health Pandemic
Cybercriminals are reforming their strategies, approaches, and processes throughout the COVID-19 health pandemic and are targeting work...
Feds Advisory to Raise Awareness of Scams Linked to COVID-19 Economic Payments
The IRS, DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury published a joint notification to...
Guidance Document on Handling the Cybersecurity Tactical Response During a Pandemic
The Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC)...
Survey Uncovers Status of Workplace Safety and Preparedness in The Healthcare Industry
Rave Mobile Safety had published the results of its yearly survey of workplace safety and preparedness performed early this 2020. The...
Ciitizen HIPAA Right of Access Report Reveals Considerable Improvement in Compliance
Healthcare organizations' compliance with the HIPAA Right of Access has considerably improved, reported by the latest Ciitizen's Patient...
Brandywine Counselling and Community Services
On March 13, 2020, ExecuPharm, a pharmaceutical company located in King of Prussia, PA, suffered a Maze ransomware attack with theft of...
CISA Alerts of Continuous Cyberattacks on Pulse Secure VPNs Despite Patching
The Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) released an alert to all businesses that utilize...
Phishing Attacks on Saint Francis Ministries and Hartford Healthcare Reported
The Saint Francis Ministries health system announced that an unauthorized person gained access to the email account of an employee causing...
Kwampirs APT Group Is Still Attacking Healthcare Companies through the Supply Chain
An Advanced Persistent Threat (APT) group identified as Kwampirs, also called OrangeWorm, still attacks healthcare companies and...
CMS Proclaims Sweeping Regulatory Adjustments Because of the Increase in COVID-19 Patients
The Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) announced that there is going to be some...
Solving the HIPAA Problem Using Compliancy Group’s Simple HIPAA Compliance Process
Compliance with all demands of the Health Insurance Portability and Accountability Act (HIPAA) Security, Privacy, Breach Notification, and...
Law Agency Files Class Action Lawsuit For Overcharging for Copy of Patient’s Health Records
A law business is filing a legal case against Medical Records Online (MRO), a healthcare release-of-information solution provider, for...
Compliance with the New York SHIELD Act Data Security Provisions Required by March 2020
The New York Governor signed the SHIELD Act or Stop Hacks and Improve Electronic Data Security Act into law last July 2019. The New York...
New Report Shows the Brands Most Impersonated by Phishers
The new Vade Secure report revealed the top 25 frequently impersonated brand names in phishing attacks. The Q4 of 2019 Phishers’ Favorite...
OIG Audit Divulges Extensive Inappropriate Use of Medicare Part D Eligibility Verification Transactions
The Department of Health and Human Services’ Office of Inspector General (OIG) performed a review, which showed that a lot of pharmacies...