Federal Judge Dismissed Houston Hospital Employees’ Lawsuit over Vaccine Mandate
Many U.S. employers have put in place a policy that calls for their workers to be vaccinated against COVID-19, which includes a number of big…
Read More
Vulnerabilities Discovered in Hillrom Medical Device Management Tools
Critical Vulnerabilities Discovered in MesaLabs Lab Temperature Monitoring System
Michigan Guy Pleads Guilty to Stealing And Selling of PII of UPMC Staff
Data Breaches at Woodholme Gastroenterology Associates and SEIU 775 Benefits Group in Washington and an Identity Theft Case
Pennsylvania Department of Health and Insight Global Sued over 72,000-Record Data Breach
Lawmakers Want the Breach of the Contact Tracing Information of 72,000 Pennsylvanians Reviewed
Guidelines for Network Defenders to Discover and Prevent Russian Cyber Operations
Data Breaches at Total Health Care Inc and Harrington Physician Services
Implementation of the HHS Information Blocking and Interoperability Regulations
The new information blocking and interoperability rules created by the Department of Health and Human Services included in the 21st Century Cures Act became effective…
Email Security Breaches at Orthopaedics Practice, Administrative Advantage, and Parkland Health and Hospital System
The Centers for Advanced Orthopaedics located in Maryland, Washington DC, and Virginia found out that unauthorized persons got access to the email accounts of several…
PHI Exposed Due to Ransomware Attacks on the University of Miami Health and Mott Community College
A ransomware attack on Accellion, a file transfer service company, permitted unauthorized individuals to access the protected health information (PHI) of University of Miami Health…
Class Action Lawsuit Filed Against UPMC and Charles Hilton and Associates
University of Pittsburgh Medical Center (UPMC) and the Charles Hilton and Associates law company are confronting a class action lawsuit due to a breach of…
NY Nurse Pleads Guilty to Consumer Product Tampering in HIPAA Case
A former nurse at Roswell Park Comprehensive Cancer Center admitted to a crime of tampering with a consumer item in a case that involves fraudulence…
FTC Urged to Implement Breach Notification Rule Whenever Fertility Tracking Apps Share User Information With no Authorization
On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Mikie Sherrill (D-New Jersey) and Bonnie Watson Coleman (D-New Jersey) authored a letter recommending…
Microsoft Launches Patches for Four Actively Exploited Vulnerabilities in Microsoft Exchange Server
Microsoft has introduced out-of-band security changes to deal with the four zero-day Microsoft Exchange Server vulnerabilities which a Chinese Advanced Persistent Threat (APT) group identified…
Facts About Healthcare Industry Cyber Threats and the Supply Chain Helping Criminal Activity
All through the pandemic, cybercriminals took advantage of new opportunities and have been attacking hospitals, medical clinics, and other companies and organizations on the front…
Impermissible Disclosure of the PHI at Campbell County Health and UT Southwestern Medical Center
A Campbell County Health (CCH) employee made an email error that resulted in the impermissible disclosure of the protected health information (PHI) of 900 people….
Hospital Researcher Jailed for Stealing and Selling Research Data to China
A female who was employed in a medical research laboratory at the Nationwide Children’s Hospital in Columbus, OH was sent to jail for theft of…
Global Law Enforcement Action Interferes with NetWalker Ransomware Activities
The U.S. Department of Justice (DOJ) issued an announcement about the seizure of a dark web website utilized by the NetWalker ransomware gang in connection…
Rady Children’s Hospital Confronted With Class Action Lawsuit as a Result of the Blackbaud Ransomware Attack
In May 2020, the cloud software corporation Blackbaud encountered a ransomware attack. As is typical in human-operated ransomware attacks, the attackers exfiltrated files before file…
M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’…
HITECH Act Amendment To Provide Cybersecurity Safe Harbor Signed into Law
On January 5, 2020, President Trump signed a bill (HR 7898) that makes changes to the Health Information Technology for Economic and Clinical Health Act…
Hidden Backdoor Found in 100,000 Zyxel Products
A vulnerability was found in Zyxel devices such as firewalls, VPN gateways, and access point (AP) controllers that hackers may take advantage of to get…
CISA Introduces Website About the SolarWinds Supply Chain Compromise and Free Tool to Detect Malicious Activity
The DHS’ Cybersecurity and infrastructure Security Agency has published a website with resources concerning the recent activities of the advanced persistent threat (APT) group liable…
19th HIPAA Penalty of 2020 Issued by OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) has arrived at a settlement deal with Peter Wrobel, M.D., P.C., dba Elite…
Seasonal Staff Sentenced to 42-Months In Jail for Theft of Information from Healthcare.Gov Database
A seasonal staff at a tech firm in Virginia got sentenced to 42 months imprisonment for accessing patient files, theft of personally identifiable information (PII),…
Rave Mobile Safety Introduces COVID-19 Vaccine Distribution Solution
Rave Mobile Safety has introduced a COVID-19 Vaccine Distribution Solution that will make it possible for public health agencies to determine who should receive priority…
University of Minnesota Physicians and McLeod Health Encounters Email Account Breaches
University of Minnesota Physicians lately encountered a phishing attack that made it possible for unauthorized persons to get access to two employees’ email accounts. One…
Phishing Incidents Reported by Connecticut Department of Social Services, Mercy Iowa City, and LSU Care Services
Connecticut Department of Social Services (DSS) sent a notification about a potential breach of the protected health information (PHI) of 37,000 persons due to several…
ASPR Gives Update on Ransomware Activities in the Healthcare Sector
The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has released a recent advisory on ransomware activity that targets the healthcare and…
PHI Incidents at Northwest Eye Surgeons and Sight Partners, DJO, LLC and Lawrence General Hospital
Server Breach Impacts Patients of Northwest Eye Surgeons and Sight Partners Northwest Eye Surgeons LLC and Sight Partners LLC began informing 20,838 patients regarding the…
Failure of New Haven, CT to Remove Past Employee’s Access Rights Led to $202,000 HIPAA Fine
The City of New Haven, Connecticut has made the decision to resolve its HIPAA violation case with the Department of Health and Human Services’ Office…
FDA Okays Tool for Determining Medical Device Vulnerability Scores
MITRE Corporation created a new rubric for determining Common Vulnerability Scoring System (CVSS) scores of medical device vulnerabilities and it has passed the FDA’s scrutiny….
Exposed Broadvoice Databases Contained 350 Million Records, Including Health Information
Comparitech security researcher Bob Diachenko has found an open group of databases that belong to the Voice over IP (VoIP) telecommunications merchant Broadvoice. The records…
CISA/FBI Advisory on APT Groups Chaining Legacy Vulnerabilities Along with Netlogon Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory about sophisticated advanced persistent threat groups sequencing…
CISA Publishes Advisory Due to Greater Emotet Malware Attacks
Subsequent to a time period of dormancy between February 2020 and July 2020, the Emotet botnet jumped back again and began spam runs circulating the…
Universal Health Services IT Systems Across the United States Shutdown Due to Ransomware Attack
Universal Health Services (UHS) based in King of Prussia, PA has encountered a major security breach that led to the unavailability of its IT systems….
A Dark Overlord Hacking Group Member Sentenced to 5 Years Imprisonment
The U.S. Department of Justice issued an advisory that an associate of the well known hacking group, The Dark Overlord, obtained his sentence to 5…
CISA Gives Alert of Continuing Attacks by Chinese Hacking Groups Aimed Towards F5, Pulse Secure, Citrix, and MS Exchange Vulnerabilities
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released a security warning that hackers associated with China’s Ministry of State Security…
Resources to Enable Healthcare Companies Boost Resilience Against Insider Threats
The National Insider Threat Awareness Month (NITAM) is being celebrated this September 2020 for the second year. All through the month, resources will be offered…
Recommended Procedures to Prevent PHI Exposure in Online Medical Presentations
An advisory issued by the American College Of Radiology, the Society For Imaging Informatics In Medicine, and the Radiological Society of North America highlight a…
Study Shows Increase in Credential Theft Through Spoofed Login Pages
IRONSCALES new research showed a substantial spike in credential theft utilizing spoofed websites. In the first half of 2020, the researchers discovered and reviewed bogus…
About 10,000 Patients Affected by Beaumont Health and The Connection, Inc. Phishing Attacks
Beaumont Health, the leading healthcare system located in Michigan, began notifying 6,000 patients about the potential access of their protected health information (PHI) by unauthorized…
House of Representatives Approves the Lift on the Ban to Create HHS National Patient Identifier System
The House of Representatives voted to remove the restriction on the Department of Health and Human Services to use federal funds for creating a national…
PHI of Consumers Compromised in Theft Incidents at Cub Pharmacies
A pharmacy chain reported that looters stole the protected health information (PHI) of some of its clients at the end of May at the time…
Lifespan to Pay OCR $1 Million HIPAA Penalty Due to Lack of Encryption and Other HIPAA Violations
The HHS’ Office for Civil Rights has issued to Lifespan ACE, an affiliated covered entity of Lifespan Health System, a $1,040,000 HIPAA fine right after…
Data Breaches at Lorien Health Services, Accu Copy of Greenville and National Cardiovascular Partners
Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020….
Serious Vulnerabilities Identified in Apache Guacamole Remote Access Software
A few vulnerabilities were discovered in the Apache Guacamole remote access system. Plenty of companies had been using Apache Guacamole to allow administrators and personnel…
NSA Releases Guidance on Protecting IPsec Virtual Private Networks
The U.S. National Security Agency (NSA) has published guidance to aid businesses in protecting IP Security (IPsec) Virtual Private Networks (VPNs) that are utilized to…