Coronavirus

Health App Security Bug Exposed COVID-19 Vaccine Records

November 2, 2021 - UPDATE 11/8/21: Docket confirmed that only one individual was able to successfully reverse engineer its API to exploit the vulnerability, and "less than a handful of QR codes were inappropriately accessed." Docket immediately engaged with public health partners and notified impacted individuals. Some residents of New Jersey and Utah who use...

Read More


More Articles

CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE

by Jill McKeon

California Governor Gavin Newsom renewed most of Executive Order N-43-20, which provides certain HIPAA penalty exemptions surrounding the release of patient information for providers who deliver...

AL Providers Illegally Accessed COVID-19 Immunization Registry

by Jill McKeon

Alabama Attorney General Steve Marshall released a statement warning healthcare providers to stop using the state’s COVID-19 immunization registry unlawfully to verify vaccination status for...

Common Misconceptions About HIPAA and COVID-19 Vaccination Status

by Jill McKeon

The HIPAA Privacy Rule does not protect one’s COVID-19 vaccination status, despite popular misconceptions. As HIPAA turns 25 this year, common misinterpretations of the law persist, a blog post...

Health Data Security a Staple of Holy Name’s Vaccine Record System

by Jill McKeon

Holy Name Medical Center in New Jersey announced a partnership with global security firm SICPA to protect health data security while providing a vaccination record platform for individuals who receive...

Insight Global Calls on Former Employees to Secure PII Data Breach

by Jill McKeon

Insight Global, a company hired by the state of Pennsylvania to administer its contact tracing program, asked former and current employees to return and secure any documents that might still contain...

The Telehealth Security Impact: Now and Beyond the COVID-19 Pandemic

by Jessica Davis

The COVID-19 response resulted in a virtual care boom that’s expected to last well beyond the pandemic. As telehealth continues to support the shift in healthcare, ensuring a minimal security...

PA Health Dept Sued; Investigation Looms, After Contact Tracing Breach

by Jessica Davis

The Pennsylvania Department of Health and its third-party contractor Insight Global have been sued, after reports that its COVID-19 contact tracing app exposed the sensitive data of at least 72,000...

MA AG Questions Retail Pharmacy Use of Patient COVID-19 Vaccine Data

by Jessica Davis

After reports that personally identifiable information is being unnecessarily collected from patients seeking the COVID-19 vaccine, Massachusetts Attorney General Maura Healy sent a letter to...

Google Sued, Lawsuit Claims COVID-19 Contact Tracing Tool Exposes Data

by Jessica Davis

Two individuals who used California’s state public health COVID-19 contact tracing app have filed a lawsuit against its developer, Google, claiming the tool exposes user data and violated their...

HSCC Shares Telehealth Cybersecurity Assessment, Mitigation Guidance

by Jessica Davis

The Healthcare and Public Health Sector Coordinating Council (HSCC) shared guidance directed at telehealth vendors and services providers, to support with the assessment and mitigation of potential...

COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

by Jessica Davis

The information blocking provisions of the 21st Century Cures Act officially went into effect this week, putting into focus the Department of Health and Human Services’ regulatory and compliance...

The Risk and Challenge of Bad Bot Traffic on Healthcare Sites, Apps

by Jessica Davis

Around the world, healthcare entities are steadily making progress on vaccinating individuals against COVID-19. Many of these providers are relying on technology for vaccine appointment scheduling and...

Vaccine Rollout Spurs 372% Rise Bad Bots; Spear-Phishing Up 26%

by Jessica Davis

The vaccine rollout has spurred an increase in nefarious activities tied to the response. Imperva found a whopping 372 percent surge in bad bot traffic against healthcare sites, while...

Actor Exploits Beaumont Health’s COVID-19 Vaccine Scheduling Tool

by Jessica Davis

Michigan-based Beaumont Health was forced to shut down its tool for scheduling COVID-19 vaccine appointments over the weekend, after an unauthorized actor exploited a flaw in the Epic platform. The...

Proposed Public Health Emergency Bill Targets COVID-19 Tech Privacy

by Jessica Davis

A group of Democratic Senators and Congressional membersproposed legislation meant to tackle the privacy and security issues tied to technologies used for the COVID-19 response, including contact...

Philly DA Investigating Possible COVID-19 Vaccine Privacy Violation

by Jessica Davis

The Philadelphia Department of Public Health abruptly ended its contract with Philly Fighting COVID, tasked with the city’s COVID-19 vaccine distribution, over allegations that the startup...

Key 2021 Insights: Proactive Security Needed for Ransomware, Phishing

by Jessica Davis

The ransomware surge during the last few months has already continued into 2021. And though the malware will remain a key trend into this year, healthcare industry stakeholders will need adopt a...

OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps

by Jessica Davis

The Office for Civil Rights announced another enforcement discretion amid the pandemic, lifting penalties for potential HIPAA violations related to the good faith use of online or web-based scheduling...

Hackers Leak COVID-19 Vaccine Data Stolen During EU Regulator Breach

by Jessica Davis

The European Medicines Agency discovered hackers have posted online the COVID-19 vaccine data exfiltrated during an earlier cyberattack on the EU regulator. As previously reported, the hacked server...

Recent Articles