FDA Confirms Muddy Waters’ Claims that St. Jude Medical Devices Can be Hacked
The U.S. Food and Drug Administration (FDA) issued a safety communication Tuesday about cybersecurity flaws in certain St. Jude Medical cardiac devices and the Merlin@home transmitter after it was...
View ArticleWarning for Healthcare Organizations that use MongoDB Databases
Over the course of the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been steadily growing. Ethical Hacker Victor Gevers discovered...
View ArticleOCR HIPAA Enforcement: Summary of 2016 HIPAA Settlements
The Department of Health and Human Services’ Office for Civil Rights has stepped up its enforcement activities in recent years, and 2016 HIPAA settlements were at record levels. In total, payments of...
View ArticleHHS Issues Final Rule on Confidentiality of Alcohol and Drug Abuse Patient...
In February 2016, the Department of Health and Human Services published a proposed change to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, (42 CFR Part 2) to facilitate...
View ArticleClik here to view.
No HIPAA Violation Fine for Virginia State Senator
While campaigning to become Republican state senator for Virginia in 2015, Henrico County physician Siobhan Dunnavant, M.D., used patients’ contact information – classed as protected health information...
View ArticleFinal Rule Updating Common Rule Regulations Issued by HHS
The Department of Health and Human Services has published its Final Common Rule (45 CFR part 46). The Final Rule makes considerable changes to the Common Rule, although some of the most controversial...
View ArticleProtenus Releases 2016 Healthcare Data Breach Report
Protenus, in conjunction with Databreaches.net, has published its 2016 healthcare data breach report, summarizing the hacks and mishaps that have resulted in patient and health plan members’ protected...
View ArticleHacking Group Attempts to Extort Funds from Cancer Services Provider
TheDarkOverlord has struck again, this time the victim was a small Indiana cancer charity. The attack occurred on January 11 and was accompanied with a 50 Bitcoin ($43,000) ransom demand. Little Red...
View ArticleCourt of Appeal Rules Horizon BCBS Class Action Has Standing Without Evidence...
The United States Court of Appeals for the Third Circuit has ruled that a class action lawsuit filed by customers of Horizon Blue Cross Blue Shield whose protected health information was exposed when...
View ArticleNew Report Reveals 2016 Data Breach Trends
2016 was a particularly bad year for healthcare data breaches. The healthcare industry was targeted by ransomware gangs, careless employees left healthcare records exposed, and hackers broke through...
View ArticleMailing Error Sees 1,126 Letters Sent to Patients’ Previous Addresses
A ‘software glitch’ has resulted in billing statements and other communications sent by TriHealth of Cincinnati being sent to patients’ former addresses. The privacy breach was discovered in November...
View ArticleHospital Employee Discovered to Have Improperly Accessed 6,200 Patient Records
Covenant HealthCare has notified more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its employees. Individuals affected by the privacy breach had...
View ArticleOIG: 16% Increase in Security Gaps in Medicare Contractors’ Information...
An annual review of Medicare administrative contractors’ (MACs) information security programs has shown them to be ‘adequate in scope and sufficiency’, although a number of security gaps were found to...
View ArticleeHealth Email Spoofing Attack Sees Employee W-2 Information Disclosed
In the past few days, two email spoofing attacks have been reported by healthcare organizations that have resulted in the W-2 information of employees being sent to cybercriminals. Tax season phishing...
View ArticleHigh Costs are Preventing Many Patients from Accessing their Medical Records
The HIPAA Privacy Rule permits patients to obtain a copy of their medical records from their healthcare providers on request. By obtaining copies of medical records, patients are able to take a more...
View ArticleNew York Giants Star and ESPN Agree to Settle Privacy Breach Lawsuit
A privacy breach lawsuit filed against ESPN by New York Giant’s defensive end Jason Pierre-Paul has been amicably resolved. ESPN has agreed to settle the lawsuit, although the terms of the settlement...
View ArticleXerox: Nearly Half of Americans Concerned About Theft of Their Health...
Healthcare data breaches in 2016 reached record levels, while 2015 saw more healthcare records stolen than the combined total stolen over the previous six years. Those data breaches have naturally had...
View Article2016 Healthcare Data Breach Report Ranks Breaches By State
A new 2016 healthcare data breach report has been released that analyzes incidents reported to the Department of Health and Human Services’ Office for Civil Rights last year. While other reports have...
View ArticleQuarter of Healthcare Organizations Do Not Encrypt Data Stored in the Cloud
A recent survey by HyTrust has revealed that a quarter of healthcare organizations do not use encryption to protect data at rest in the cloud, even though the lack of encryption potentially places...
View ArticleCitizens Memorial Hospital Latest Victim of W-2 Phishing Scam
Another healthcare provider has announced that one of its employees has been fooled by a W-2 phishing scam. Citizens Memorial Hospital in Bolivar, MO., says a request for W-2 Form data was sent to one...
View Article