Healthcare Information Security

Data Breach Management

4-Month Breach of BenefitMall Impacts 112,000 Plan Members

January 15, 2019 - Centerstone Insurance and Financial Services, operating as BenefitMall, is notifying 111,589 consumers that their personal data was potentially breached during a months-long phishing attack. On October 11, officials discovered a hacker gained accessed to several employee email accounts through phishing attacks. A third-party forensics team was hired to assist with the investigation,...


More Articles

OCR Settles with Colorado Provider for $111,000 over HIPAA Failures

by Jessica Davis

The Department of Health and Human Services’ Office for Civil Rights settled with Pagosa Springs Medical Center for $111,400, for failing to terminate a former employee’s access to electronic protected health...

Biggest Challenges, Lessons Learned from Health Cybersecurity in 2018

by Jessica Davis

The cybersecurity issues faced by the healthcare sector in 2018 aren’t much different from those in recent years. However, hackers are increasing in sophistication and steadily improving success rates. The year started off with a...

176.3 Patient Records Taken in Reported Breaches Since 2009

by Jessica Davis

Hacking is less common in the healthcare sector than theft and unauthorized disclosure, but those cybercriminals stole more than half of the breached patient records from 2009 to 2017, according to a new JAMA Internal Medicine report. The...

VUMC Fights Healthcare Phishing with Multi-Factor Authentication

by Jessica Davis

The healthcare sector has remained a primary target for phishing attacks in recent years, with highly targeted viruses like SamSam and Ryuk wreaking havoc on the industry. In fact, one in every hundred emails sent globally has malicious...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Utilizing Holistic Cybersecurity Measures Against Evolving Threats

by Elizabeth Snell

It is essential for healthcare providers to evolve their cybersecurity program to stay ahead of evolving threats, utilizing holistic cybersecurity measures that focus on prevention, detection, and response. That was the focus of a HIMSS18...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

Insufficient Staffing, Education Hinders Healthcare Cybersecurity

by Elizabeth Snell

Hospitals and payer organizations could make major strides in improving their healthcare cybersecurity measures by hiring the right staff members and by implementing comprehensive employee education and training, according to a Merlin...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

How Much Do Healthcare Data Breaches Cost Organizations?

by Elizabeth Snell

Healthcare data breaches can be devastating for any covered entity, but the subsequent recovery costs are often quite expensive. Implementing technological tools to aid in prevention and detection measures are not cheap, but not taking...

Prevent Healthcare Phishing with Employee Security Training

by Elizabeth Snell

Implementing a strong employee security training program is consistently noted as a key way for covered entities to prevent healthcare phishing attacks. Organizations of all sizes need to ensure that staff members can recognize malicious...

57% of Orgs Spend Money on Endpoint, Mobile Security Technologies

by Elizabeth Snell

With data breaches on the rise, organizations are increasingly turning to cloud, big data, Internet of Things (IoT), container, blockchain and/or mobile environments, recent research shows. Furthermore, over half of surveyed entities are...

New York Reaches $1.15M Settlement over Aetna Data Breach

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about...

Why Providers Need a Disaster Recovery Plan for EHR Security

by Elizabeth Snell

Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities...

What Precedent Will Be Set in CareFirst Data Breach Case?

by Elizabeth Snell

The flood gates could potentially be opened for “no-injury class actions arising from virtually every data breach” if the US Supreme Court does not reaffirm the Washington DC circuit court’s decision with the CareFirst...

NC Data Breach Legislation Accounts for Ransomware Attacks

by Elizabeth Snell

Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity...

Potential WV Health Data Breach from Laptop Theft Affects 43K

by Elizabeth Snell

West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s...

Are Orgs Filling Necessary Healthcare Cybersecurity Roles?

by Elizabeth Snell

Without the right healthcare cybersecurity roles being filled at covered entities, it can be more difficult for organizations to ensure that sensitive data remains secure. Along with CISOs, privacy officers, and compliance officers,...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...