AMIA Suggests it’s Time for a HIPAA Update
The American Medical Informatics Association has suggested now is the time to update the Health Insurance Portability and Accountability Act (HIPAA) to make sure the legislation fits today’s connected...
View Article$400,000 HIPAA Penalty Agreed with Denver FQHC for Security Management...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has taken action against a Denver, CO-based federally-qualified health center (FQHC) for security management process failures...
View ArticleProtenus Publishes Healthcare Data Breach Report for March 2017
Protenus has released its Breach Barometer report for March 2017, which shows a significant increase in healthcare data breaches and a major jump in the number of individuals who have had their...
View Article21 Employees Found to Have Accessed PHI Without Authorization
A routine audit conducted by Virginia Mason Memorial has revealed employees have been accessing the protected health information of patients without authorization. Audits of PHI access logs...
View ArticleOIG Issues Warning About HHS Agency Phone Scams
This year has seen numerous email scams aimed at obtaining the tax information of employees, but phone scams have also spiked in recent weeks. One of the latest phone scams saw the Department of...
View Article68% of Healthcare Employees Would Share Regulated Data
The Dell End User Security Survey has revealed that sensitive information, including data covered by HIPAA Rules, would be shared by employees without authorization under certain circumstances. The...
View ArticleWireless Health Services Provider Settles HIPAA Violations with OCR for $2.5...
2016 was a record year for HIPAA settlements, but 2017 is looking like it will see last year’s record smashed. There have already been six HIPAA settlements announced so far this year, and hot on the...
View ArticleUnencrypted Portable Devices are a HIPAA Breach Waiting to Happen
This week, OCR announced a new settlement with a covered entity to resolve HIPAA violations discovered during the investigation of an impermissible disclosure of ePHI. The incident that sparked the...
View ArticleMDLive Faces Class Action Lawsuit Over Alleged Patient Privacy Violations
A class action lawsuit has been filed against the telemedicine company MDLive claiming the company violated the privacy of patients by disclosing sensitive medical information to a third party without...
View ArticleOCR Director Stresses Importance of Keeping Health Data Secure
The new director of the Department of Health and Human Services’ Office for Civil Rights, Roger Severino, has hinted that last year’s increase in settlements for non-compliance with HIPAA Rules was not...
View ArticleBitglass Publishes 2017 Healthcare Data Security Report
Bitglass has recently published its 2017 Healthcare Data Breach Report, the third annual report on healthcare data security issued by the data protection firm. For the report, Bitglass conducted an...
View ArticleRise in Business Email Compromise Scams Prompts IC3 Warning
There has been a massive increase in business email compromise scams over the past three years. In the past two years alone, the number of companies that have reported falling for business email...
View ArticleMajority of Organizations Failing to Protect Against Mobile Device Security...
A recent report published by Dimensional Research has highlighted the growing threat of mobile device security breaches and how little organizations are doing to mitigate risk. Cybercriminals may view...
View Article180,000 Patient Records Dumped Online by The Dark Overlord
It is a nightmare scenario far worse than a ransomware attack. A hacker infiltrates your network, steals patient data and then threatens to publish those data if you do not pay a ransom. That is the...
View ArticleNew Jersey IVF Clinic Hack Sees PHI of 14,000 Patients Potentially Compromised
A third-party server hosting the electronic health record database of the New Jersey Diamond Institute for Infertility and Menopause has been hacked and access gained by an unauthorized individual. The...
View ArticlePatient-Physician Texting to Be Covered at AMA Annual Meeting
Text messages are a quick and easy method of communication, although for healthcare professionals the use of SMS messages carries considerable privacy risks. While text messages can be used to...
View ArticleGuidance on Securing Wireless Infusion Pumps Issued by NIST
The National Institute of Standards and Technology (NIST), in collaboration with the National Cybersecurity Center of Excellence (NCCoE), has released new guidance for healthcare delivery organizations...
View ArticleMedical Device Cybersecurity Gaps Discussed at FDA Workshop
This week, the U.S. Food and Drug Administration (FDA) is hosting a two-day workshop to identify current cybersecurity gaps that could be exploited by cybercriminals to gain access to medical devices....
View ArticleRite Aid Announces Breach of Its Online Store
Pharmacy chain Rite Aid has discovered unauthorized individuals gained access to the e-commerce platform of its online store and stole sensitive information of its customers over a period of 10 weeks....
View ArticleHealthcare Organizations Reminded of HIPAA Rules Relating to Ransomware
Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of attack and...
View Article