Healthcare Information Security

Health IT Security and HIPAA News

OCR Settles with Cottage Health for $3M After 2 Patient Data Breaches


California-based Cottage Health settled with the Department of Health and Human Services’ Office for Civil Rights for $3 million and the adoption of a corrective action plan, over two separate security incidents in 2013 and 2015 that...

How Multi-Factor Authentication Can Combat Phishing, Cyberattacks


Healthcare has been steadily moving into consumerization, as the industry shifts into value-based care and patients demand easier access to their data. At the same time, cyber threats and hackers have increased in sophistication,...

24,000 Patient Records Breached in EyeSouth Partners Email Hack


Georgia-based EyeSouth Partners recently began notifying 24,113 patients that their protected health information was potentially compromised after an employee email hack. On October 25, officials discovered an individual gained...

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity


Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to...

Ransomware Attack on Connecticut Provider Impacts 24,000 Patients


Connecticut-based optometrists Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates recently began notifying about 23,578 patients that their personal data was potentially breached during a ransomware attack. On November 29, the eye...

Roper St. Francis, Valley Professionals Phishing Attacks Breach Patient Data


Charleston, South Carolina-based Roper St. Francis Healthcare and Valley Professionals Community Health Center (VPCHC) in Indiana recently began notifying patients that their data was potentially breached after employees fell victim to...

Community Health Systems Reaches Settlement over 2014 Breach of 4.5M


Tennessee-based Community Health Systems reached a settlement with the 4.5 million patients impacted by its 2014 data breach. CHS operates more than 200 hospitals across the country and is one of the largest hospital networks in the U.S....

Ransomware Attack on Florida’s FABEN OB-GYN Results in Data Loss


Florida-based FABEN Obstetrics and Gynecology was hit with a ransomware attack in November, which encrypted server files and caused some data to be permanently lost. On November 21, officials discovered a GandCrab ransomware infection on...

HIMSS19 to Showcase Compliance, Device Security, Vendor Management


Cybersecurity, compliance, medical device security, and other pressing security matters will take center stage at the HIMSS19 annual conference, taking place February 11-15 in Orlando, Florida. Throughout the conference, visitors can...

Aetna Reaches Settlement with California Over 2017 Privacy Breach


Aetna will pay California $935,000 for its 2017 privacy breach, stemming from a mailing error that inadvertently revealed the HIV-related information of 1,991 Californians and 12,000 total patients by the envelope’s clear...

Phishing Hack Breaches PHI of 23,000 Colorado Patients for 3 Months


Colorado-based Critical Care, Pulmonary & Sleep Associates recently notified 23,000 patients that their personal data was potentially breached during a phishing attack. On November 23, CCPSA officials discovered a hacker gained access...

The Hits and Misses of HHS Healthcare Cybersecurity Guidelines


The Department of Health and Human Services released a four-volume set of cybersecurity guidelines for the healthcare sector last month, which was applauded by many for its extensive breakdown of both risks and mitigations. Drafted in...

DHS Alerts to Vulnerabilities in Stryker and BD Medical Devices


The Department of Homeland Security National Cybersecurity and Communications Integration Center released two advisories on Tuesday, notifying the healthcare sector of vulnerabilities in Stryker medical beds and Becton, Dickinson (BD)...

HSCC Releases Joint Medical Device Security Lifecycle Guidance


The Healthcare and Public Health Sector Coordinating Council (HSCC) released its medical device guidance on Monday, to help vendors, providers, and other stakeholders secure these devices throughout the product lifecycle. HCSS is a...

Phishing Attack on Verity Health Breaches Patient Data


Verity Health System and Verity Medical Foundation are notifying patients that their data was potentially breached by two separate phishing attacks. According to officials, one cyberattack occurred in November and the other in...

Illinois Rules Actual Harm Not Required in Biometric Privacy Law


The Illinois Supreme Court ruled on Friday that an individual can bring a lawsuit against an organization that violates the state’s Biometric Information Privacy Act, without alleging actual injury or adverse event. The court ruled...

LabKey Server Flaws Put Medical Research Data at Risk


Tenable Research discovered three vulnerabilities in the LabKey Server, an open source medical data collaboration tool, which potentially could put medical research data at risk of unauthorized access. Released on Thursday, the report...

Credential Compromise Top Goal of Phishing Attacks in 2018


Phishing attacks exploded in 2018, with hackers leveraging the attacks in hopes to score the credentials from their victims, according to a new report from Proofpoint researchers. Compromising credentials as the goal of phishing attacks...

Alaska Bungles Breach Notification, 87,000 Patients Impacted


The Alaska Department of Health and Social Services recently updated its breach notification to include substantially more patients than were included in its initial announcement from June 2018. But in the process, those estimates also...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...