M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’…
HITECH Act Amendment To Provide Cybersecurity Safe Harbor Signed into Law
On January 5, 2020, President Trump signed a bill (HR 7898) that makes changes to the Health Information Technology for Economic and Clinical Health Act…
Hidden Backdoor Found in 100,000 Zyxel Products
A vulnerability was found in Zyxel devices such as firewalls, VPN gateways, and access point (AP) controllers that hackers may take advantage of to get…
CISA Introduces Website About the SolarWinds Supply Chain Compromise and Free Tool to Detect Malicious Activity
The DHS’ Cybersecurity and infrastructure Security Agency has published a website with resources concerning the recent activities of the advanced persistent threat (APT) group liable…
19th HIPAA Penalty of 2020 Issued by OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) has arrived at a settlement deal with Peter Wrobel, M.D., P.C., dba Elite…
Seasonal Staff Sentenced to 42-Months In Jail for Theft of Information from Healthcare.Gov Database
A seasonal staff at a tech firm in Virginia got sentenced to 42 months imprisonment for accessing patient files, theft of personally identifiable information (PII),…
Rave Mobile Safety Introduces COVID-19 Vaccine Distribution Solution
Rave Mobile Safety has introduced a COVID-19 Vaccine Distribution Solution that will make it possible for public health agencies to determine who should receive priority…
University of Minnesota Physicians and McLeod Health Encounters Email Account Breaches
University of Minnesota Physicians lately encountered a phishing attack that made it possible for unauthorized persons to get access to two employees’ email accounts. One…
Phishing Incidents Reported by Connecticut Department of Social Services, Mercy Iowa City, and LSU Care Services
Connecticut Department of Social Services (DSS) sent a notification about a potential breach of the protected health information (PHI) of 37,000 persons due to several…
ASPR Gives Update on Ransomware Activities in the Healthcare Sector
The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has released a recent advisory on ransomware activity that targets the healthcare and…
PHI Incidents at Northwest Eye Surgeons and Sight Partners, DJO, LLC and Lawrence General Hospital
Server Breach Impacts Patients of Northwest Eye Surgeons and Sight Partners Northwest Eye Surgeons LLC and Sight Partners LLC began informing 20,838 patients regarding the…
Failure of New Haven, CT to Remove Past Employee’s Access Rights Led to $202,000 HIPAA Fine
The City of New Haven, Connecticut has made the decision to resolve its HIPAA violation case with the Department of Health and Human Services’ Office…
FDA Okays Tool for Determining Medical Device Vulnerability Scores
MITRE Corporation created a new rubric for determining Common Vulnerability Scoring System (CVSS) scores of medical device vulnerabilities and it has passed the FDA’s scrutiny….
Exposed Broadvoice Databases Contained 350 Million Records, Including Health Information
Comparitech security researcher Bob Diachenko has found an open group of databases that belong to the Voice over IP (VoIP) telecommunications merchant Broadvoice. The records…
CISA/FBI Advisory on APT Groups Chaining Legacy Vulnerabilities Along with Netlogon Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory about sophisticated advanced persistent threat groups sequencing…
CISA Publishes Advisory Due to Greater Emotet Malware Attacks
Subsequent to a time period of dormancy between February 2020 and July 2020, the Emotet botnet jumped back again and began spam runs circulating the…
Universal Health Services IT Systems Across the United States Shutdown Due to Ransomware Attack
Universal Health Services (UHS) based in King of Prussia, PA has encountered a major security breach that led to the unavailability of its IT systems….
A Dark Overlord Hacking Group Member Sentenced to 5 Years Imprisonment
The U.S. Department of Justice issued an advisory that an associate of the well known hacking group, The Dark Overlord, obtained his sentence to 5…
CISA Gives Alert of Continuing Attacks by Chinese Hacking Groups Aimed Towards F5, Pulse Secure, Citrix, and MS Exchange Vulnerabilities
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released a security warning that hackers associated with China’s Ministry of State Security…
Resources to Enable Healthcare Companies Boost Resilience Against Insider Threats
The National Insider Threat Awareness Month (NITAM) is being celebrated this September 2020 for the second year. All through the month, resources will be offered…
Recommended Procedures to Prevent PHI Exposure in Online Medical Presentations
An advisory issued by the American College Of Radiology, the Society For Imaging Informatics In Medicine, and the Radiological Society of North America highlight a…
Study Shows Increase in Credential Theft Through Spoofed Login Pages
IRONSCALES new research showed a substantial spike in credential theft utilizing spoofed websites. In the first half of 2020, the researchers discovered and reviewed bogus…
About 10,000 Patients Affected by Beaumont Health and The Connection, Inc. Phishing Attacks
Beaumont Health, the leading healthcare system located in Michigan, began notifying 6,000 patients about the potential access of their protected health information (PHI) by unauthorized…
House of Representatives Approves the Lift on the Ban to Create HHS National Patient Identifier System
The House of Representatives voted to remove the restriction on the Department of Health and Human Services to use federal funds for creating a national…
PHI of Consumers Compromised in Theft Incidents at Cub Pharmacies
A pharmacy chain reported that looters stole the protected health information (PHI) of some of its clients at the end of May at the time…
Lifespan to Pay OCR $1 Million HIPAA Penalty Due to Lack of Encryption and Other HIPAA Violations
The HHS’ Office for Civil Rights has issued to Lifespan ACE, an affiliated covered entity of Lifespan Health System, a $1,040,000 HIPAA fine right after…
Data Breaches at Lorien Health Services, Accu Copy of Greenville and National Cardiovascular Partners
Lorien Health Services based in Ellicott City, MD, which manages 9 assisted living facilities throughout Maryland had encountered a ransomware attack on June 6, 2020….
Serious Vulnerabilities Identified in Apache Guacamole Remote Access Software
A few vulnerabilities were discovered in the Apache Guacamole remote access system. Plenty of companies had been using Apache Guacamole to allow administrators and personnel…
NSA Releases Guidance on Protecting IPsec Virtual Private Networks
The U.S. National Security Agency (NSA) has published guidance to aid businesses in protecting IP Security (IPsec) Virtual Private Networks (VPNs) that are utilized to…
Grays Harbor Community Hospital Agreed to $185,000 Settlement of Ransomware Lawsuit
Grays Harbor Community Hospital and Harbor Medical Group accepted the proposed settlement deal of the class-action lawsuit that the representative plaintiff filed in connection with…
Insufficient Visibility and Poor Access Management are Key Factors to Cloud Data Breaches
A lot more organizations these days are implementing their digital transformations and are utilizing the flexibility, scalability, and cost savings presented by public cloud spaces….
PHI Compromised Due to a Ransomware Attack and an Email Security Breach
Rangely District Hospital in Colorado began informing patients concerning the April 2020 ransomware attack that affected some of their protected health information (PHI) located on…
Voicemail Phishing Trick Discovered Targeting Remote Healthcare Employees
A lot of organizations are compelled to modify working strategies due to the COVID-19 crisis. A big number of workers now do their jobs from…
Healthcare Provider Employees Terminated Because of Impermissible Disclosure of PHI
Healthcare provider Kaiser Permanente based in Oakland, CA found out that an ex-employee got access to the radiology files of a lot of patients with…
Senators Wrote CISA and FBI Concerning the Danger to COVID-19 Research Data
Four Senators sent a letter to the Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) due to the new…
Lurie Children’s Hospital of Chicago Faces Lawsuit Related to Two Data Breaches
Lurie Children’s Hospital of Chicago is confronted with legal action pertaining to two privacy breaches that involved staff accessing the medical records of patients without…
PHI Exposed Due to Breaches at Florida Internal Medicine Practice, Saint Francis Healthcare Partners and Ascension Eastwood Clinic
Daniel Bendetowicz, MD, PA is informing 3,314 patients about the exposure of their PHI because of a ransomware attack. The attack took place on March…
BJC HealthCare Phishing Attack Affects PHI of Patients at 19 Hospitals
BJC Healthcare made an announcement about the unauthorized persons accessing the email accounts of three BJC employees after replying to the phishing emails in their…
PHI of 41,000 Patients Compromised in Phishing Attacks at UPMC Altoona and Aurora Medical Center
UPMC Altoona found out about an unauthorized access to the email account of one doctor and the person possibly viewed or obtained the protected health…
FBI Gives Flash Advisory Regarding COVID-19 Phishing Attacks Targeting Healthcare Organizations
FBI has released another notice subsequent to a rise in COVID-19 phishing scams aimed towards healthcare organizations. In the notification, the FBI points out that…
Phishing Attacks at the Doctors Community Medical Center and Washington University School of Medicine
Doctors Community Medical Center in Maryland sent notification to some patients concerning a breach of their PHI. The discovery of the data breach in January…
Phishing Attacks on Healthcare Resource Group and Confido Exposed the PHI of Patients
Confido, a pharmacy benefits consulting company began mailing notification letters to 3,600 of its clients’ personnel, users, and their dependents concerning the probable access of…
Vulnerability Found in BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System
Becton, Dickinson and Company (BD) found a medium severity vulnerability in the BD Pyxis MedStation medication dispensing system version 1.6.1 and in the anesthesia carts…
Remote Employees Targeted By Cybercriminals Taking Advantage of the COVID-19 Crisis
The COVID-19 pandemic has made it compulsory for lots of persons to self-isolate. Organizations are under rising pressure to permit their personnel to work from…
Hospitals Enjoy Free Use of TigerConnect Secure Communications Platform During COVID-19 Pandemic
TigerConnect is a company in the U.S.A. offering the most popular secure healthcare communications platform. It announced that it is giving U.S. health systems and…
HIV Test Phishing Campaign Targets Healthcare and Pharmaceutical Companies
Proofpoint researchers have discovered a new phishing campaign directed at healthcare organizations, insurance companies, and pharmaceutical firms. The intercepted emails imitate Vanderbilt University Medical Center…
UW Medicine Faces Class Action Lawsuit Over 974,000-Record Data Breach
The University of Washington Medicine is facing a lawsuit filed in King County Superior Court with regards to a data breach that caused the exposure…
New Report Unveils the Brand Names Most Often Impersonated by Phishers
The new Vade Secure report unveiled the top 25 commonly impersonated brands in phishing attacks. The Phishers’ Favorite report for Q4 of 2019 stated that…
Employee Email Account Breach at PSL Services and Monroe County Hospital & Clinics
Peregrine Corporation, also known as PSL Services, found out about the unauthorized access to the email accounts of several employees from December 16 to December…
Phishing Attack on MHMR of Tarrant County and Reva Impacted 7,524 People
My Health My Resources (MHMR) of Tarrant County in Fort Worth, TX suffered a phishing attack that resulted in the compromise of some employees’ email…