Health IT Security and HIPAA News

Threat Actors Abuse ScreenConnect Access to Target Healthcare

by

The Health Sector Cybersecurity Coordination Center (HC3) issued a sector alert to warn healthcare organizations of recent threat actor activity involving the abuse of ScreenConnect, a widely used...

Healthcare Data Breaches Continue to Impact Patients in New Year

by

In 2023, more than 540 organizations reported healthcare data breaches to HHS, impacting upwards of 112 million individuals.  As the new year begins, the aftermath of 2023 breaches continues to...

AHA Warns Hospitals of IT Help Desk Social Engineering Scheme

by

The American Hospital Association (AHA) warned hospitals of a validated IT help desk social engineering scheme and encouraged hospitals to remain vigilant and notify the Federal Bureau of Investigation...

Massachusetts Fertility Test Center Reaches $1.25M Data Breach Settlement

by

Massachusetts-based ReproSource Fertility Diagnostics reached a $1.25 million settlement to resolve claims of negligence tied to a 2021 data breach. ReproSource, which was acquired by Quest Diagnostics...

Novant Health Reaches $6.6M Settlement Over Improper PHI Disclosures

by

Novant Health agreed to pay $6.6 million to settle a class action lawsuit surrounding improper disclosures of protected health information (PHI) due to the health system’s use of third-party...

NY AG: Refuah Health Must Invest $1.2M In Security Following Ransomware Attack

by

New York Attorney General Letitia James reached an agreement with Refuah Health Center over alleged failures to protect the private health information of patients, which led to a ransomware attack....

LockBit Ransomware Claims Capital Health Cyberattack

by

Capital Health has restored all systems and operations in the wake of a November 2023 cyberattack that caused a network outage, it assured patients in a recent update. However, LockBit ransomware has...

North Kansas City Hospital Impacted By PJ&A Data Breach

by

Missouri-based North Kansas City Hospital (NKCH) and its transcription subsidiary, Meritas Health Corporation, recently notified more than 500,000 individuals of a third-party data breach stemming from...

NY AG Fines NewYork-Presbyterian Hospital Over Tracking Tech Use

by

New York Attorney General Letitia James fined the NewYork-Presbyterian Hospital (NYP) $300,000 over its use of tracking tech that resulted in private information being shared with third-party tech...

Fallon Ambulance Service Data Breach Impacts 911K Individuals

by

Fallon Ambulance Service, a medical transportation company that served the greater Boston area, reported a data breach that impacted more than 911,000 individuals. Fallon was a subsidiary of...

GAO Urges FDA, CISA to Revamp Medical Device Cybersecurity Agreement

by

The US Government Accountability Office (GAO) released a report on medical device cybersecurity to address limitations in federal agencies’ authority, explore challenges in accessing federal...

Healthcare Software Company Notifies 2.7M Individuals of Data Breach

by

ESO Solutions, a healthcare software company, notified 2.7 million individuals of a data breach caused by a September 2023 ransomware attack against its systems. ESO Solutions provides software to...

Lawmakers Push For Increased Patient Privacy Regarding Prescription Records

by

Lawmakers have urged HHS to consider revising HIPAA to further protect patient privacy after observing routine disclosures of patient information from major pharmacy chains to law enforcement agencies...

CISA’s Healthcare Risk and Vulnerability Assessment Reveals Sector-Wide Improvement Areas

by

The Cybersecurity and Infrastructure Security Agency (CISA) published a cybersecurity advisory based on key findings that the agency uncovered during a risk and vulnerability assessment (RVA) conducted...

DOJ Disrupts BlackCat Ransomware Variant, Offers Decryption Key to Victims

by

The US Department of Justice (DOJ) has successfully disrupted the BlackCat ransomware group and offered a decryption tool to more than 500 victims around the world. Also known as ALPHV or Noberus,...

OCR Settles Multiple HIPAA Right of Access Complaints With Optum Medical Care

by

The HHS Office for Civil Rights (OCR) announced its 46th enforcement action under the HIPAA Right of Access Initiative. The enforcement action resolved an investigation into Optum Medical Care, a...

Delta Dental of California MOVEit Hack Impacts 7M Individuals

by

Delta Dental of California informed nearly 7 million individuals of a data breach stemming from the May 2023 hack of Progress Software’s MOVEit Transfer software. As previously reported,...

Harrisburg Medical Center Data Breach Impacts 147K Individuals

by

Illinois-based Harrisburg Medical Center (HMC) filed a data breach notice with the Maine Attorney General’s Office regarding a December 2022 breach. The breach impacted 147,826 individuals in...

AHA Raises Concerns Over HHS Cybersecurity Strategy

by

The American Hospital Association (AHA) expressed dissatisfaction with parts of HHS’ recently released healthcare cybersecurity strategy, which was unveiled in early December. Specifically, the...

NY AG Reaches $400K Settlement With Healthplex Over Data Breach

by

New York Attorney General (NYAG) Letitia James reached a settlement with Healthplex, a large dental insurance provider, following a data breach that occurred in November 2021. Healthplex agreed to pay...