The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
10/5/2020
/ Data Breach ,
Electronic Medical Records ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019....more
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion....more
It is being reported by Cointelegraph that ransomware group Netwalker is offering for sale data it exfiltrated from Pennsylvania based Crozer-Keystone Health System after the system declined to pay the requested ransom....more
These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look...more
Although email seems to be the preferred method of communication during the coronavirus pandemic, an error made by a City of Los Angeles employee is one to learn from and avoid repeat....more
HHS Targeted by Nation-State Hackers -
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS)...more
3/20/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
FERPA ,
Hackers ,
Personal Data ,
PHI ,
Scams ,
State Attorneys General ,
Telecommuting ,
Waivers
Acknowledging the “additional challenges” on health care providers following the outbreak of COVID-19, the Department of Health and Human Services (HHS) recently issued several waivers for covered entities to address the need...more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
2/21/2020
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Self-Reporting
It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-aService (BPaaS)....more
1/24/2020
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Online Platforms ,
Personal Data ,
PHI ,
Risk Management ,
SaaS
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer...more
12/23/2019
/ Biometric Information ,
Clinical Laboratories ,
Connected Cars ,
Connected Items ,
Criminal Conspiracy ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Extradition ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Identity Theft ,
Information Technology ,
Malware ,
OCR ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
Settlement
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer...more
Louisiana Governor John Bel Edwards activated the State’s cybersecurity team recently after several State offices’ computers started acting strangely. The IT team identified an intrusion of Ryuk ransomware and which programs...more
12/13/2019
/ Connected Items ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Drones ,
Federal Aviation Administration (FAA) ,
Hackers ,
Information Technology ,
Municipalities ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
Smart Devices ,
State and Local Government ,
Vulnerability Assessments
Arizona-based Banner Health has agreed to settle for up to $6 million a class action case filed against it following a 2016 incident that compromised the personal information of 3 million individuals....more
12/13/2019
/ Class Action ,
Credit Monitoring ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Debit and Credit Card Transactions ,
Hackers ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
11/22/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Fines ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Popular
Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to...more
10/25/2019
/ Amazon Marketplace ,
Connected Items ,
Cyber Attacks ,
Cyber-Stalking ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Eavesdropping ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Google ,
Hackers ,
Information Security ,
Information Technology ,
Mobile Apps ,
OCR ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Smart Devices ,
Vulnerability Assessments
A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The...more
10/25/2019
/ Data Breach ,
Data Protection ,
Government Entities ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Online Platforms ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Vulnerability Assessments ,
Websites
The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (“Jackson”), a not for profit hospital system comprised of six hospitals, urgent care centers, nursing facilities and primary care...more
10/24/2019
/ Data Breach ,
Electronic Medical Records ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
Notice of Determination (NODs) ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Assessment
The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry....more
10/14/2019
/ Americans with Disabilities Act (ADA) ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Dentists ,
Department of Defense (DOD) ,
Drones ,
FBI ,
Federal Aviation Administration (FAA) ,
Federal Contractors ,
Hackers ,
Health Care Providers ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Popular ,
Ransomware ,
SCOTUS ,
Title III ,
Unmanned Aircraft Systems ,
UPS ,
Vulnerability Assessments ,
Websites ,
WhatsApp
Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000....more
10/14/2019
/ Cybersecurity ,
Data Breach ,
Dentists ,
Enforcement Actions ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Privacy Rule
Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in...more
10/4/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
Personally Identifiable Information ,
PHI ,
Ransomware
Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of...more
The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019....more
The HIPAA (Health Insurance Portability and Accountability Act) breach notification regulations require covered entities to self-report the unauthorized access, use or disclosure of unprotected protected health information...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
2/12/2019
/ Business Associates ,
Corrective Actions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Employee Training ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Security Risk Assessments ,
Settlement Agreements