A bipartisan coalition with 22 state attorneys general wrote to UnitedHealth Group CEO Andrew Witty about their concern regarding the...
Bipartisan Coalition of Attorneys General Give UHG Recommendations to Address UHG Outage Problems
read more
Compliance News
Investigation of Change Healthcare’s Potential Leakage of Patient Information
Change Healthcare encountered an ALPHV/Blackcat ransomware attack and spent $22 million as a ransom payment to stop the exposure of the...
FBI Statistics Show Ransomware Attack Spike and Losses to Cybercrime Reach $12.5 Billion
The 2023 FBI Internet Crime Report revealed that the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) got high...
Data breaches Reported by Littleton Regional Healthcare, The Texas Health and Human Services Commission and UT Southwestern Medical Center
Patient Data Exposed Because of a Phishing Attack on UC San Diego Health UC San Diego Health recently sent a report to the California...
Ransomware Group Did Not Pay Affiliate’s Cut of the $22 Million Ransom
The ALPHV/Blackcat ransomware group's ransomware-as-a-service (RaaS) operation appears to have ceased, suggesting there could be an...
Cyberattacks on Bay Area Heart Center Change Healthcare, and Greater Cincinnati Behavioral Health Services
Change Healthcare Responding to Cyberattack Healthcare billing and data systems provider, Change Healthcare based in Nashville, TN has...
What is a HIPAA breach?
A HIPAA breach refers to any unauthorized acquisition, access, use, or disclosure of PHI that compromises its security or privacy....
Congress report indicates surge in HIPAA complaints over five-year period.
In an annual report published by the Office for Civil Rights (OCR) with the U.S. Department of Health and Human Services Office for Civil...
Does HIPAA apply after death?
Yes, under the HIPAA Privacy Rule, the protections afforded to an individual's Protected Health Information (PHI) continue to apply and...
What happens when HIPAA is violated?
When HIPAA is violated, covered entities or individuals can face a range of consequences including investigations by the Office for Civil...
Keystone Health sued due to significant data breach, affecting 200,000+
A class action lawsuit has been filed against Pennsylvania-based Keystone Health due to a data breach that occurred in 2022 and affected...
Who has to comply with HIPAA?
Covered entities, which include healthcare providers, health plans, and healthcare clearinghouses, as well as business associates in the...
Houston Hospital Workers’ Legal Action Due to Vaccine Requirement Dismissed by Federal Judge
A lot of U.S. employers have enforced a policy that necessitates their employees to be COVID-19 vaccinated, such as a few leading...
Ransomware Attacks Impact UF Health and Sturdy Memorial Hospital
Sturdy Memorial Hospital based in Attleboro, MA is informing 57,379 patients concerning a computer security breach that transpired on...
SolarWinds Orion Hackers Attacking U.S. Businesses Utilizing New Spear Phishing Campaign
Microsoft has uncovered a massive spear phishing campaign carried out by the Russian Advanced Persistent Threat (APT) group associated...
Clinical Laboratory Pays $25,000 to Settle HIPAA Security Rule Violations
The Department of Health and Human Services’ Office for Civil Rights (OCR) stated that it has gotten to a settlement with Peachstate...
Shut Down of DarkSide RaaS and Suspension of Ransomware Attacks on Healthcare Companies
The DarkSide ransomware gang has informed its affiliates regarding the shut down of its ransomware-as-a-service (RaaS) activity. The...
Ransomware Attack on Orthopedic Associates of Dutchess County and Entrust Medical Billing
Orthopedic Associates of Dutchess County, a New York medical group practice, has made an announcement about the potential theft of...
Lawmakers Demand the Breach of the Contact Tracing Data of 72,000 Pennsylvanians Investigated
Lawmakers in the Commonwealth of Pennsylvania want a data breach to be investigated. The case relates to the contact tracing information...
Malware Attacks on Squirrel Hill Health Center and La Clinica de la Raza and Laptop Theft at Woolfson Eye Institute
La Clinica de la Raza based in Oakland, CA is notifying a number of patients with regards to a likely compromise of their protected health...
FBI/CISA Alert on Continuing Attacks On Vulnerable Fortinet FortiOS Servers
Advanced persistent threat (APT) actors are targeting vulnerabilities in the Fortinet FortiOS operating system to obtain access to servers...
Data Breaches at Mobile Anesthesiologists Patients, Heart Of Texas Community Health Center And Haven Behavioral Healthcare
Mobile Anesthesiologists lately found out about the compromise of some patients’ protected health information (PHI) as a result of a...
FBI Issues Alert of Rise in Business Email Compromise Attacks on State And Local Governments
The Federal Bureau of Investigation (FBI) in its March 17, 2021 Private Industry Notification notified state, local, tribal, and...
US Healthcare Ransomware Attacks Cost in 2020 Estimated at $21 Billion
Ransomware attacks on the healthcare sector exploded in 2020. No less than 91 U.S. healthcare companies experienced ransomware attacks, 50...
PHI Exposed Due to Breaches at Elara Caring, Cornerstone Care and ProPath
Elara Caring, one of the United States' biggest home-based medical care services providers, has encountered a phishing attack that...
Roundup of Recent Healthcare Data Breaches
Email Accounts Breach at Summit Behavioral Healthcare Summit Behavioral Healthcare based in Brentwood, TN found out about the breach of...
Online Storage Vendor Pays Ransom Demand to Retrieve Healthcare Data Stolen On Cyberattack
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen...
21st Century Oncology’s Proposed Data Breach Settlement Gains Initial Approval
The court has granted preliminary approval of a settlement offered by 21st Century Oncology to solve a November 2020 class-action legal...
Email Account Breach at Charles J. Hilton & Associates P.C. and Nevada Health Centers
University of Pittsburgh Medical Center (UPMC) has made an announcement that the protected health information (PHI) of around 36,000...
Multinational Law Enforcement Campaign Takes Down the Emotet Botnet
Europol reported that the infamous Emotet Botnet was taken down in connection with a multinational law enforcement operation. Law...
Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network
Roper St. Francis Healthcare has advised 189,761 patients regarding an unauthorized person who accessed some of their protected health...
Excellus Health Plan Pays $5.1 Million Penalty to Settle HIPAA Violation Case
The Department of Health and Human Services’ Office for Civil Rights has reported that health insurance provider Excellus Health Plan has...
Ransomware Attacks at Lake Region Healthcare and the University of Vermont Health Network
Lake Region Healthcare in Fergus Falls, Minnesota is looking into a ransomware attack that was earliest noticed on December 22, 2020. The...
2020’s Largest Healthcare Data Breaches
2020 was a really bad year when it comes to healthcare industry data breaches. There were 616 data breaches involving 500 or more health...
Data Breaches at Agency for Community Treatment Services, Proliance Surgeons and Leon Medical Centers
Agency for Community Treatment Services, Inc. (ACTS) in Tampa, FL is notifying a number of patients regarding the potential compromise of...
NIST Issues Final Guidance on Safeguarding the Picture Archiving and Communication System (PACS) Ecosystem
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has issued a final...
Seasonal Worker Sentenced to 42-Months Imprisonment for Theft of Data from Healthcare.Gov Database
A seasonal worker at a tech firm based in Virginia was sentenced to 42 months in prison for accessing patient files, stealing personally...
Mercy Health and Montefiore Medical Center Reported Insider Data Breaches
Mercy Health And Montefiore Medical Center have reported insider data breaches recently. In the two occurrences, an employee viewed...
Healthcare Data Breaches at Fairchild Medical Center, Indian Health Council Inc. and Harvard Pilgrim Health Care
Fairchild Medical Center located in Yreka, CA, started informing a number of patients about the likely access of their protected health...
Cyberattackers Ask for Ransom Demands from Advanced Urgent Care of Florida Keys and Galstan & Ward Family and Cosmetic Dentistry
Advanced Urgent Care of Florida Keys began sending breach notifications to patients on November 6, 2020 concerning a ransomware attack...
Zoll Takes Legal Action Against IT Vendor for Breach of 277,000-Records
The US District Court in Massachusetts filed a legal action on behalf of the medical device supplier Zoll against its IT service vendor...
Blackbaud SEC Filing Gives Additional Details on Data Breach and Expenditures of Mitigation
The number of entities submitting reports of being impacted by the Blackbaud cyberattack and security breach has increased in the past few...
Most Microsoft 365 Admins Have Not Setup Multi-Factor Authentication
CoreView published a new report revealing that a lot of Microsoft 365 admins haven’t activated multi-factor authentication to keep their...
HITRUST Certification Shows LuxSci’s Dedication to Safeguarding Data Privacy and Security
LuxSci, a HIPAA-compliant email communications services provider located in Massachusetts, has publicized that it has obtained HITRUST CSF...
CISA Warns Companies to Patch Wormable ‘Bad Neighbor’ Windows TCP/IP Vulnerability Immediately
On October 2020 Patch Tuesday, Microsoft issued a patch to resolve a critical remove code execution vulnerability found in the Microsoft...
Breaches at Legacy Community Health Services, Georgia Department of Human Services and Einstein Healthcare Network
Legacy Community Health Services Phishing Attack Affects 228,000 Persons Legacy Community Health Services in Texas is notifying 228,009...
Companies Facilitating or Making Ransomware Payments Could Face Sanction Risks
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has notified that firms that make ransom payments to hackers on...
Premera Blue Cross HIPAA Penalty of $6.85 Million is the 2nd Largest HIPAA Violation Penalty Ever
The Department of Health and Human Services’ Office for Civil Rights (OCR) has required a $6.85 million HIPAA fine on Premera Blue Cross...
Athens Orthopedic Clinic Settles its HIPAA Violation for $1.5 Million
The HHS’ Office for Civil Rights made an announcement regarding a settlement it has arrived at with Athens Orthopedic Clinic PA to take...
OCR Issued Five HIPAA Fines for HIPAA Right of Access Failures
The Department of Health and Human Services’ Office for Civil Rights reported five settlements that resolved HIPAA violations related to...
CISA Releases Technical Guidance on Finding and Remediating Malicious System Activity
The Cybersecurity and Infrastructure Security Agency (CISA) has fairly recently given guidance for network defenders and incident response...
PHI of Almost 19,000 Individuals Affected by Breaches at Cook Children’s Medical Center, D&S Residential Holdings and City of Lafayette
1,768 Persons Affected by Cook Children’s Medical Center Breach Cook Children’s Medical Center based in Fort Worth, TX discovered that a...
New FritzFrog P2P Botnet Targets SSH Servers of Banking Institutions, Educational Organizations, and Medical Centers
A new peer-to-peer (P2P) botnet was found targeting SSH servers located in IoT devices and routers that allow connections from remote...
657,392 Northern Light Health Foundation Donors Impacted by Blackbaud Ransomware Attack
The 10-hospital integrated healthcare system called Northern Light Health Foundation, which is located in Brewer, ME, has reported that...
Children’s Hospital Colorado Phishing Attack and Hoag Clinic Laptop Computer Theft
Children’s Hospital Colorado is informing 2,553 patients concerning the possible access of their protected health information (PHI)...
Breaches at Beaumont Health, Southcare Minute Clinic and Samaritan Medical Center
Beaumont Health, which is the leading healthcare organization in Michigan, began informing about 6,000 patients concerning the potential...
Cyberattacks at Highpoint Foot and Ankle Center and the University of Utah Affects 35,000+ Patients’ PHI
Highpoint Foot and Ankle Center based in New Britain Township, PA encountered a ransomware attack in May 2020 during which the attackers...
Breaches at Quantum Imaging and Therapeutic Associates, Delaware Department of Health and Social Services and US HealthCenter
The radiology practice Quantum Imaging and Therapeutic Associates located in Pennsylvania made an announcement that they received reports...
Breaches at Central California Alliance for Health, Wisconsin Department of Corrections and Hutton & Hale, D.D.S., Inc.
Breaches at Central California Alliance for Health, Hutton & Hale, D.D.S., Inc. and Wisconsin Department of Corrections The Central...
Up to 69,000 Persons Affected by Cyberattacks on Healthcare Fiscal Management and Friendship Community Care
Nearly 69,000 Persons Affected by Cyberattacks on Healthcare Fiscal Management and Friendship Community Care Healthcare Fiscal Management...
Ransomware Attacks on North Shore Pain Management and Florida Orthopaedic Institute
North Shore Pain Management (NSPM) based in Massachusetts started sending notifications to 12,472 patients because hackers potentially...
Hacker Busted and Charged for the UPMC Cyberattack in 2014
The United States Attorney’s Office of the Western District of Pennsylvania announced the arrest of a person who was accused of the breach...
PHI Exposed Due to Breaches at Cano Health and the Department of Behavioral Health and Intellectual Disability Services
Cano Health, a population health management firm and healthcare service provider located in Florida, reported that an unauthorized...
St Joseph Health System Confirms the Improper Disposal of Patient Documents by Health Record Storage Center
St Joseph Health System in North Central Indiana is notifying patients concerning the compromise of some of their protected health...
Increase in Mobile Phishing Attacks During the COVID-19 Health Pandemic
Cybercriminals are reforming their strategies, approaches, and processes throughout the COVID-19 health pandemic and are targeting work...
Feds Advisory to Raise Awareness of Scams Linked to COVID-19 Economic Payments
The IRS, DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury published a joint notification to...
Guidance Document on Handling the Cybersecurity Tactical Response During a Pandemic
The Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC)...
Survey Uncovers Status of Workplace Safety and Preparedness in The Healthcare Industry
Rave Mobile Safety had published the results of its yearly survey of workplace safety and preparedness performed early this 2020. The...
Ciitizen HIPAA Right of Access Report Reveals Considerable Improvement in Compliance
Healthcare organizations' compliance with the HIPAA Right of Access has considerably improved, reported by the latest Ciitizen's Patient...
Brandywine Counselling and Community Services
On March 13, 2020, ExecuPharm, a pharmaceutical company located in King of Prussia, PA, suffered a Maze ransomware attack with theft of...
CISA Alerts of Continuous Cyberattacks on Pulse Secure VPNs Despite Patching
The Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) released an alert to all businesses that utilize...
Phishing Attacks on Saint Francis Ministries and Hartford Healthcare Reported
The Saint Francis Ministries health system announced that an unauthorized person gained access to the email account of an employee causing...