In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more
The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment,...more
Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to...more
Intel has confirmed it has a bug in its remote server management tool. The tool, known as Management Engine, permits administrators of IT systems to access devices remotely to apply updates or troubleshoot problems for users....more
12/1/2017
/ Cryptocurrency ,
Cybersecurity ,
Data Breach ,
Digital Currency ,
Drones ,
Federal Agency Taskforce ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Information Technology ,
Intel ,
PHI ,
Popular ,
Unmanned Aircraft Systems ,
Virtual Currency
The news about data breaches always seems to be dire lately. Some good news: data breaches in the healthcare industry were lower in October than in September, based upon reportable data breaches to the Office for Civil Rights...more
12/1/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI
In the wake of the national opioid overdose crisis, the Office for Civil Rights (OCR) has provided clarification on when covered entities are permitted to disclose patient information during opioid emergencies....more
The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018.
The new law expands the definition of personal information that is protected under the statute....more
Michigan Governor Rick Snyder has signed into law the Cyber Civilian Corps Act, which established the Michigan Cyber Civilian Corps, dubbed MiC3. The corps has been in existence for three years but not statutorily deployed. ...more
11/10/2017
/ Consumer Financial Protection Bureau (CFPB) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data-Sharing ,
Drones ,
Drug & Alcohol Abuse ,
Elder Issues ,
Financial Services Industry ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Malware ,
Opioid ,
Pain Management ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
State Data Breach Notification Statutes ,
Unmanned Aircraft Systems
Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of...more
11/9/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Data Protection ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Malware ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Ransomware ,
Social Engineering
Paper records continue to be problematic. An Illinois psychiatrist reported to the Office for Civil Rights (OCR) that the medical records of 10,500 patients were stored in the basement of a house that he rented to an...more
Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS -
The FBI and Department of Homeland Security issued a joint statement on October 20, 2017 warning of an increased danger of a...more
10/27/2017
/ Affordable Care Act ,
Airspace ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyberbullying ,
Cybersecurity ,
Data Protection ,
Department of Homeland Security (DHS) ,
Drones ,
Electricity ,
Electronic Medical Records ,
Energy Sector ,
FBI ,
Federal Aviation Administration (FAA) ,
FERC ,
Hackers ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Internet ,
Medical Records ,
Nonprofits ,
OCR ,
Open Enrollment ,
Personally Identifiable Information ,
PHI ,
Popular ,
Power Grid ,
TCPA ,
Technology Sector ,
Utilities Sector
Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the...more
10/26/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Ransomware
FBI Issues Flash Alert on Apache Struts Vulnerability -
The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most...more
10/18/2017
/ Blockchain ,
Breach Notification Rule ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Digital Currency ,
Distributed Ledger Technology (DLT) ,
Drones ,
Enforcement Actions ,
Faxes ,
Federal Aviation Administration (FAA) ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Initial Coin Offering (ICOs) ,
Office Equipment ,
PHI ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Unregistered Securities ,
Virtual Currency ,
Vulnerability Assessments
Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have...more
Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible....more
In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public...more
10/9/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
Personally Identifiable Information ,
PHI ,
Ransomware
McAfee Report Lists Health Care Sector as Most Targeted Industry for Cyber-Attacks -
In its cybersecurity incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care...more
10/5/2017
/ Airspace ,
BSA/AML ,
Class Action ,
Corruption ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of the Interior ,
Drones ,
Fast-Food Industry ,
Federal Aviation Administration (FAA) ,
Financial Institutions ,
FinCEN ,
Franchises ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Home Depot ,
Malware ,
Money Laundering ,
Netflix ,
Personally Identifiable Information ,
PHI ,
Ransomware ,
Restaurant Industry ,
Unmanned Aircraft Systems ,
Venezuela ,
White Collar Crimes
Cornerstone Business & Management Solutions, a medical supply company located in Nebraska, has notified 21,856 individuals and the Office for Civil Rights that while performing a routine review of system logs, it discovered a...more
Health Data Management (HDM), using information compiled by Protenus Breach Barometer, published a list this week of the biggest health care data breaches so far in 2017....more
Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531...more
Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya...more
Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more
The North Dakota Department of Human Services (NDDHS) is notifying 2,452 Medicaid recipients that their protected health information has been compromised when their records were discovered in a dumpster....more
The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?”
The Checklist is a practical tool for health care entities and outlines several steps to...more
6/16/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Health Care Providers ,
HIPAA Breach ,
Incident Response Plans ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Risk Management ,
Security Standards
Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more