Maria Perez
Maria is an experienced writer, providing content for Healthcare Industry News since 2021. Working as a senior writer, Maria focuses on news reporting, making the complex healthcare topic comprehensible for readers. Maria’s expertise and dedication to delivering accurate stories make him a trusted source on our site.
by Maria Perez | Jun 21, 2022 | Compliance News, HIPAA News and Advice
The Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) have launched a more recent version of the HHS Security Risk Assessment (SRA) Tool.
The HIPAA Security Rule mandates HIPAA-regulated entities to perform an extensive, organization-wide risk assessment to find the risks and vulnerabilities to the integrity, availability, and confidentiality of electronic protected health information (ePHI). All threats determined must then be the subject of risk management procedures to decrease the recognized risks and vulnerabilities to a low and tolerable level.
Risk analyses are essential for HIPAA compliance. They allow HIPAA-covered entities to figure out if they are compliant with the administrative, technical and physical controls of the HIPAA Security Rule and enable them to determine the most efficient and proper physical, technical, and administrative measures to secure ePHI. Investigations and reviews of HIPAA-controlled entities have revealed that risk assessment is a part of compliance that numerous healthcare providers are not able to get right, and it is one of the most frequently mentioned HIPAA violations in OCR implementation activities.
In 2014, ONC and OCR together developed and introduced the SRA Tool to support small- and medium-sized healthcare practices and business associates with this essential facet of compliance with the HIPAA Security Rule. The SRA tool is a downloadable program that may be employed to lead HIPAA-governed entities through the risk analysis process. The SRA Tool is a desktop program that utilizes a wizard-based strategy with multiple-choice questions, threat and vulnerability evaluations, and asset and vendor management, and guides users through the procedure of security risk assessment.
The SRA tool has been revised over the years, with the most recent version adding new functions to respond to user comments and public insight. Those capabilities include the incorporation of Health Industry Cybersecurity Practices (HICP) references, file relationships in Windows, enhanced reports, bug fixes, and stability enhancements.
ONC and OCR have additionally created a new SRA Tool Excel Workbook, which is meant to substitute the legacy paper version of the SRA Application. The workbook consists of conditional formatting and formulas to calculate and help determine the risk in the same way as the SRA Tool software and is a good option for users who don’t have Microsoft Windows.
ONC and ORC state that the use of the software does not guarantee HIPAA compliance but could help them attain compliance. The tool was created for SMBs, and may not be suitable for larger healthcare organizations.
The SRA application, which is available for download on this page, may be installed as an app on 64-bit versions of Microsoft Windows 7/8/10/11. The new SRA Tool Excel Workbook can be utilized on other operating systems.
by Maria Perez | Jun 16, 2022 | Compliance News, HIPAA News and Advice
The health insurance provider, Choice Health located in South Carolina, currently a part of Alight Solutions, has just reported that the protected health information (PHI) of several of its members was obtained by an unauthorized individual.
Choice Health learned on May 14, 2022, that someone was giving a collection of information that was purportedly taken from Choice Health. On May 18, 2022, an investigation of a likely breach established that just one Choice Health database was compromised online because of “a technical safety settings concern due to a third-party vendor.” Because of the problem, the database is accessible on the internet with no need for authorization.
Choice Health confirmed that the database was discovered and selected database files were duplicated by an unauthorized person on May 7, 2022. As per the notice filed with the California Attorney General, the files included data such as last and first names, Medicare beneficiary identification numbers, Social Security numbers, dates of birth, addresses and contact data, and medical insurance details.
Choice Health stated it employed a third-party service agency to secure the storage system and affirmed that it was not accessible anymore over the web. Steps were likewise undertaken to avert the same problems down the road, such as using multi-factor authentication before accessing its database files.
Choice Health mentioned it hasn’t found any improper use of plan member data; nevertheless, it has mailed notifications to affected people and has given them a membership to a credit monitoring and identity theft protection and resolution service for two years.
At this time, it is uncertain how many persons were impacted. Databreaches.net said that the forum post offering the files claimed 600MB of information were acquired having 2,141,006 files. The files were identified as containing details like Agents, Contacts Commission, and Policies.
Goodman Campbell Brain and Spine Experiences Ransomware Attack
Goodman Campbell Brain and Spine based in Indianapolis, IN, has lately reported that it encountered a cyberattack last May 20, 2022. Because of this attack, there was a shutdown of its computer and communication systems. Goodman Campbell stated steps were quickly undertaken to protect its systems. A third-party company assisted with the investigation and response to the incident.
At this point, the investigation has not yet determined what is the full nature of the cyberattack and the magnitude of compromise of the patients’ PHI; however, thus far it is certain that an unauthorized individual has accessed patient and employee information. Breach notification letters will be mailed to the impacted people as soon as the investigation is complete and it is obvious which persons were impacted and the types of information that were exposed. Meanwhile, Goodman Campbell has instructed all patients to check their credit reports, acquire a scam alert, and put their credit on a security freeze as a safety measure.
Goodman Campbell did not reveal the specific nature of the cyberattack; nonetheless, the Hive ransomware group has claimed it conducted the attack and has published a part of the stolen information on its leak website.
by Maria Perez | Jun 9, 2022 | Compliance News
Alameda Health System located in California, Capsule pharmacy based in New York, and Aon PLC located in Illinois recently reported data breaches that affected a total of 56,290 persons.
90,000 Alameda Health System Patients Informed Concerning PHI Breach
Alameda Health System based in Oakland, CA has just submitted a data breach report to the Department of Health and Human Services’ Office for Civil Rights stating that about 90,000 people were impacted. There are minimal facts given to date about the cause of the breach. Alameda Health System mentioned that there was suspicious activity detected in a number of workers’ email accounts. The succeeding investigation confirmed that an unauthorized third party viewed a number of worker email accounts.
The assessment of those email accounts affirmed they included the protected health information (PHI) of patients. Nevertheless, it is unknown how many patient data was compromised. As per Alameda Health System, there is no proof identified that indicates the viewing or removal of any information in the accounts. The provider will distribute the notification letters to affected people soon and will employ measures to boost security and minimize harm to individuals.
27,486 People Impacted by Capsule Pharmacy Breach
A NY digital pharmacy Capsule Pharmacy has begun informing 27,486 persons that their PHI was compromised in a new cyberattack. As per the breach notice submitted to the California Attorney General, unauthorized people acquired access to selected Capsule accounts last April 5, 2022.
The drugstore discovered the data breach on the same day and carried out a password reset on all impacted accounts. A third-party digital forensics agency helped with the investigation and confirmed that these types of records were possibly exposed: demographic details like names, telephone numbers, email addresses, physical addresses, sex, and dates of birth, health data like medical disorders and prescribed drugs, past order records, insurance data, chat communications to and from Capsule agents, and credit card last 4 digits numbers along with expiry dates.
Capsule stated that added security measures are being executed. Even though a password reset was executed on all affected accounts, Capsule is instructing users to set new passwords for their different accounts. Make sure that the passwords are complicated or passphrases that aren’t quick to guess, and never use old passwords once again. This implies the security breach was likely a password spraying attack.
PHI of Over 28,700 Persons Likely Exposed in AON PLC Cyberattack
Business associate Aon PLC located in Chicago, IL offers financial risk-mitigation solutions, which include insurance and medical insurance plans. The company lately announced that it encountered a cyberattack. AON PLC identified the security breach on February 25, 2022, and the forensic investigation affirmed that an unauthorized third party obtained access to a number of Aon systems several times between December 29, 2020, and February 26, 2022, and that selected documents including individuals’ PHI were extracted from its systems.
AON explained it has undertaken steps to verify that the stolen data is not with the third party. There are no hints that the extracted data was further duplicated, kept, or shared. There is no explanation to surmise that any information was or will be misused. The impacted data just comprised names, Social Security numbers, driver’s license numbers, and, for some persons, benefit enrolment details. AON claimed it sent the incident report to the FBI and other law enforcement regulators, and it has done something to further boost security.
by Maria Perez | May 24, 2022 | Healthcare Industry News, Compliance News, HIPAA News and Advice
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has released a threat summary giving details on the Russian Intelligence Services cyber organizations that present a danger to companies in the U.S.A., such as the healthcare and public health (HPH) industry.
The threat summary gives details on 4 major advanced persistent threat actors that perform questionable cyber activities and surveillance inside the Russian Intelligence Services. These APT actors were connected to the Foreign Intelligence Service (SVR), the Federal Security Service (FSB), and the Main Intelligence Directorate of the General Staff of the Armed Forces (GRU). The FSB is the same as the Federal Bureau of Investigation in America and is mainly focused on domestic and foreign intelligence from Russia’s near overseas. The SVR is the same as the Central Intelligence Agency (CIA) in the U.S. and gathers foreign intelligence from military, economic, strategic, scientific, and technical targets. The GRU is the same as the Defense Intelligence Agency (DIA) and gathers foreign intelligence associated with military concerns by means of espionage and is additionally in charge of performing detrimental cyberattacks.
Turla
Turla, also known as Iron Hunter/Venomous Bear/Waterbug/KRYPTON, works under the guidance of the FSB and has mainly attacked sectors like educational, energy, military, government, telecoms, research, pharmaceutical firms, and foreign embassies since 2004. The group is recognized to employ malware and advanced backdoors and is mainly targeted on diplomatic surveillance activities in previous Eastern Bloc nations, though was in charge of the attack on United States Central Command in 2008, G20 participants in 2017, and the computer network of the German government in 2018.
APT29
APT29, also known as YTTRIUM, Iron Hemlock, Cozy Bear, and The Dukes, works under the guidance of the SVR and generally attacks the educational, energy, economic, government, medical care, media, pharmaceutical, and technological innovation sectors and think tanks. The APT actor continues to be active since 2008 and employs a variety of backdoors and malware variants. The APR actor generally attacks European and NATO nations and is recognized to perform spear-phishing campaigns to get quiet, long-term access to attack systems, and is particularly persistent and concentrated on particular targets. The APT actor takes data, however, doesn’t leak that data. APT29 is recognized to be associated with the 2015 Pentagon attack, the 2020 SolarWinds Orion attack, and targeted COVID-19 vaccine researchers at the time of the pandemic.
APT28
APT28, also known as STRONTIUM, Sofacy, Fancy Bear, Iron Twilight, works under the guidance of the GRU since 2004. APT28 attacks the government,
aerospace, defense, energy, medical care, military, and media sectors and dissidents. The group utilizes a number of malware, a downloader for following-stage infections, and gathers system data and metadata to differentiate actual environments from sandboxes.
APT28 mainly attacks NATO nations and is recognized to employ password spraying, distinctive malware, phishing and credential collection, and is likely to carry out noisy instead of quiet attacks. The attacker steals and leaks data to advance Russia’s political pursuits. The group was associated with the 2016 World Anti-Doping Agency attack, the 2016 cyberattack and leaking of information from the U.S. Democratic National Committee as well as the Clinton Campaign, and the 2016 German elections and 2017 French Elections.
Sandworm
Sandworm, also known as Voodoo Bear, IRIDIUM, Telebots, ELECTRUM, and Iron Viking, works under the guidance of the GRU since 2007. Sandworm primarily attacks the government and energy industries and is the most harmful of all ‘Bear’ threat groups. Sandworm attacks ICS and computer networks for detrimental reasons, for example performing wiper malware attacks, particularly in Ukraine. The group seems not bothered with 2nd and 3rd order consequences of attacks, like those of NotPetya, and employs malware like BlackEnergy, GCat, BadRabbit, GreyEnergy, KillDisk, Industroyer, and NotPetya.
Sandworm was responsible for the many attacks on the Ukrainian authorities and critical facilities in 2015-2016 and 2022, cyber attacks on Georgian web pages prior to the 2008 Russian Invasion, and the 2017 NotPetya attacks.
Mitigations
The tactics, techniques, procedures, and malware employed by all these groups are varied, however, many mitigations could be enforced to enhance resilience and prohibit the primary attack vectors. These are explained in the HC3 report including upgrading software, patching immediately, using MFA, segmenting systems, and going over CVEs for all public-facing networks.
by Maria Perez | May 18, 2022 | Compliance News
Refuah Health Center located in New York has just commenced informing 260,740 patients regarding a security breach that happened more or less a year ago. The April 29, 2022 announcement on the healthcare provider’s website states it uncovered unauthorized access to its system between May 31, 2021 and June 1, 2021. Upon knowing about the breach, the health center launched an investigation to figure out the nature and magnitude of the cyberattack, and a detailed review was then done on all records that were possibly accessed.
Refuah Health Center mentioned it learned on March 2, 2022, that the attackers had exfiltrated certain files from its network that included “a limited amount” of patients’ protected health information (PHI), such as names along with one or more of the following data elements: driver’s license numbers, state identification numbers, dates of birth, Social Security numbers, bank/financial account details, debit/credit card details, medical treatment/diagnosis data, Medicare/Medicaid numbers, patient account numbers, medical record numbers, and/or medical insurance policy numbers. The provider started sending notification letters to impacted people on April 29, 2022, and offered free credit monitoring services to persons whose Social Security numbers were probably compromised.
Though Refuah Health Center didn’t reveal additional data concerning the character of the attack, databreaches.net reported that the attack looks like executed by the Lorenz ransomware gang, which included Refuah Health Center to its collection of victims on its data leak site on June 11, 2021, though that entry is already removed.
Quantum Imaging Therapeutic Associates Patients’ PHI Exposed
Professional diagnostic radiology services provider Quantum Imaging Therapeutic Associates based in Lewisberry, PA lately sent notification letters to patients informing them about the exposure of their PHI. The data security breach was identified and blocked on October 7, 2021.
At that time of distributing notification letters, there was no information that indicated the attackers’ access or theft of any patient data, even though it wasn’t possible to eliminate the possibility. The compromised segments of its system comprised patient records including names, birth dates, addresses, Social Security numbers, and details linked to the radiology services offered.
After stopping the attack, Quantum started an investigation with the help of third-party IT experts and has now examined its network environment and made developments to security. Quantum will likewise be keeping track of the threat landscape tightly and will take proactive measures to handle new threats. Affected people have been provided complimentary identity theft protection services.
The incident is not yet published on the HHS’ Office for Civil Rights breach portal, thus it is uncertain how many persons were affected.
Email Security Incident Reported by RiverKids Pediatric Home Health Reports
RiverKids Pediatric Home Health based in Texas has lately begun informing 3,494 patients about the potential viewing or theft of some of their PHI due to an email security incident. RiverKids found out on March 15, 2022 that an unauthorized person had acquired access to the email account of a worker. The breach investigation confirmed the compromise of multiple employee email accounts. The accounts review also confirmed they included patient data like names, dates of birth, addresses, and medical insurance member IDs. There was no compromise of financial data or Social Security numbers.
RiverKids said additional email security measures have been implemented to prevent further security incidents.
