Healthcare Information Security

HIPAA Administrative Safeguards

SAMBA Mailing Error Creates Data Security Concern for 13.9K

March 29, 2018 - A programming error that occurred during the preparation process for mailing out certain IRS tax forms may have led to documents being sent to the wrong recipients, creating a data security concern for some individuals, according to SAMBA Federal Employee Benefit Association (SAMBA). SAMBA is a federal employee benefit association, and also offers coverage to eligible family members of subscribers....


More Articles

Top Reminders for Implementing a HIPAA Contingency Plan

by Elizabeth Snell

Healthcare organizations must ensure they have a current HIPAA contingency plan in place to prepare for all types of adverse events, including natural disasters and cybersecurity attacks, according to the latest OCR Cybersecurity Newsletter....

Potential PHI Exposure at BJC HealthCare Impacts 33K

by Elizabeth Snell

An internal security scan revealed that there was a data server configuration error, allowing potential PHI exposure at BJC HealthCare. The Missouri-based organization revealed in an online statement that 33,420 patients may have had their information...

Weak Healthcare Cybersecurity Employee Training Affects IT Security

by Elizabeth Snell

Covered entities must ensure that staff members at all levels receive regular and comprehensive healthcare cybersecurity employee training. This is a HIPAA requirement but is also critical to keeping the workforce up to date on evolving IT security...

Healthcare Ransomware Attack Affects 6.5K at AL Practice

by Elizabeth Snell

A healthcare ransomware attack allowed an unknown hacker to gain access to EMR software containing patient medical records, Jemison Internal Medicine, PC (JIM) announced on its website. The Alabama-based practice said the virus encrypted its...

Hospital Data Breaches Most Common, Affect the Most Patients

by Elizabeth Snell

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of individuals...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell Jones...

Onco360 Email Data Security Incident Impacts 53K Patients

by Elizabeth Snell

Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email...

PA Security Breach from Missing External Hard Drive Affects 4.1K

by Elizabeth Snell

Pennsylvania-based Washington Health System (WHS) Greene recently announced that a missing external hard drive has created security breach concerns at the organization. The device was for the Bone Densitometry machine and contained certain patient...

Unauthorized Server Access Creates Data Security Concern for 47K

by Elizabeth Snell

Carl Albert State College (CASC) is re-notifying certain individuals of unauthorized server access from 2016 that may create data security concerns. CASC explained in an online statement that the server was accessed on April 7, 2016. It...

Reducing Insider Data Breach Risk with Strong IAM Policies

by Elizabeth Snell

Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017 Cybersecurity...

Applying US-CERT IoT Security Best Practices to Healthcare

by Elizabeth Snell

The Internet of Things (IoT) is quickly becoming integrated into the daily operations of numerous organizations, which means that entities need to keep IoT security a top priority, according to the US Computer Emergency Readiness Team (US-CERT)....

PHI of 9.5K Possibly Compromised in WI Healthcare Phishing Attack

by Elizabeth Snell

The Medical College of Wisconsin (MCW) announced that it suffered a healthcare phishing attack and that certain PHI may have been affected as it was in the accessed employee email accounts. An investigation and manual document review showed that...

Data Backups Aid in Ransomware Attack Recovery for KS Agency

by Elizabeth Snell

East Central Kansas Area Agency on Aging (ECKAAA) said in an online statement that it was the victim of a ransomware attack on September 5, 2017, leaving files encrypted and inaccessible. ECKAAA said it immediately hired a cybersecurity company...

Healthcare Identity, Access Management Center of Imprivata Deal

by Elizabeth Snell

Imprivata recently acquired the Identity and Access Management Business of Caradigm, according to a press release. The move should help healthcare identity and access management specifically, with a focus on reducing security risks and operational...

Kromtech Security Discovers Health Data Breach of 150K Patients

by Elizabeth Snell

Kromtech Security researchers found a potential publicly accessible Amazon S3 repository that may have led to a health data breach impacting over 150,000 individuals, according to a company report. “Patient Home Monitoring” is...

Cases Underline Audit Controls, Minimum Necessary Standard

by Elizabeth Snell

Healthcare organizations of all sizes need to utilize proper audit controls to ensure that employees are remaining compliant and following proper procedure. Lacking administrative safeguards could lead to numerous types of malicious activity,...

Potential Ransomware Attack Encrypts Patient Data in KY

by Elizabeth Snell

Kentucky-based Estill County Chiropractic (ECC) recently announced on its website that it had experienced a potential ransomware attack, where an unauthorized user installed malicious software that encrypted patient files. ECC said that it immediately...

Administrative Safeguard Need Highlighted in PA Indictment

by Elizabeth Snell

Healthcare organizations must ensure that they have comprehensive and regularly updated administrative safeguards, such as user authentication measures and proper access control. A failure to have these in place, or having outdated ones, could...

Preventing Insider Threats from Affecting Health Data Security

by Elizabeth Snell

There are numerous potential threats to health data security, and the increasingly complex level of technology will only help add to that threat level. Insider threats are one key area of concern, as careless or poorly trained employees could...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks

Continue to site...