Maxim Healthcare Group Informs 65,000 People Regarding October 2020 Email Breach

Maxim Healthcare Group based in Columbia, MD has begun informing 65,267 people concerning a historic breach of its email system and the compromise of their protected health information (PHI). Maxim Healthcare Group, which consists of Maxim Healthcare Staffing and Maxim Healthcare Services, stated it detected suspicious activity in its email system approximately December 4, 2020. It took steps to stop further unauthorized access and started an investigation to find out the nature and extent of the breach. The investigation showed that unauthorized people got access to a number of employee email accounts from October 1, 2020, to December 4, 2020….

Premier Patient Health Care and Oregon Eye Specialists Submits Data Breach Report

Premier Patient Health Care located in Carrollton, TX has learned that an unauthorized individual had acquired the protected health information (PHI) of 37,636 patients during an insider data breach. Premier Patient Health Care is an Accountable Care Organization (ACO) that collaborates with medical professionals to make improvements to clinical results covered by the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are run by Premier Management Company, a business associate to numerous primary care doctors who are covered entities by HIPAA. On April 30, 2020, Wiseman Innovations, a technology merchant utilized by Premier Management Company, confirmed…

Email Account Breaches Reported by Wisconsin Institute of Urology and Prestera Center

Prestera Mental Health Center located in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or approximately April 1, 2021, Prestera Center discovered that selected worker email accounts were accessed without authorization between August 2020 and September 2020. Although the unauthorized access was confirmed, the center wasn’t possible to determine whether any patient data had been viewed or copied. A review was done to know the types of information that were included in the email accounts and which people were affected. The types of information in the account differed from person to person and…

45,000 Patients Potentially Affected by Cyberattack on Florida Heart Associates

Florida Heart Associates is informing 45,148 patients regarding one recent security breach that resulted in the compromise of their personal data and protected health information (PHI). The security breach was discovered some time in May 19, 2021, because of strange activity seen within selected networked computers. Florida Heart Associates immediately took steps to manage the breach and protect personal data and launched an investigation to find out the nature and extent of the breach. Florida Heart Associates confirmed the breach of its computer system from May 9 to May 19, 2021. Security systems were put in place before the breach…

Prominence Health Plan and Ohio Medicaid Data Breach

The Nevada health insurance provider Prominence Health Plan has reported it experienced a security breach on November 30, 2020 resulting in the potential acquisition of the protected health information (PHI) of some plan members by hackers. Prominence Health Plan discovered the data breach on April 22, 2021 and took immediate action to avoid continuing unauthorized access, which includes altering the credentials utilized by the attacker to obtain network access. Although Prominence Health Plan hasn’t established whether or not this was a ransomware attack, all impacted plan member information has been recovered from backup copies. The breach affected the audio recordings…

Data Exposed at ZocDoc and Cincinnati Parenting Center Breaches

ZocDoc in New York, which offers a platform that enables would-be patients to reserve consultations with physicians and dentists, has uncovered a problem in its software program that made it possible for patient records to be viewed by health care and dental practices when viewing ought to have been limited. The investigation showed programming flaws had taken place from August 2020 right until the issues were identified and fixed, a number of past and present practice workers got access to the provider site, even though their accounts must have been either terminated, erased, or been restricted. On all occasions, the…

Information of 200,000 Military Veterans Compromised On the Internet

A database made up of the personal data and protected health information (PHI) of more or less 200,000 U.S. military veterans was determined to be available on the web by security specialist Jeremiah Fowler. The database was found on April 18, 2021 and an evaluation pointed out references to a business entity named United Valor Solutions located in Jacksonville, NC. United Valor Solutions is a service provider of the Department of Veterans Affairs (VA) that delivers disability review services for the VA and many other government bureaus. The database – that included veterans’ names, contact details, birth dates, medical data,…

Californian Healthcare Service Provider Discovers Exposure of Patient Information Online for Over a Year

Doctors Medical Center of Modesto (DCM) based in California learned that a company used by a previous vendor accidentally exposed patient data online. DCM had employed the SaaS platform firm Medifies for its virtual waiting room services. DCM found out on April 2, 2021 that some of its patients’ data were accessible on the internet. Upon DCM’s inquiry of Medifies concerning the exposed data, the problem was sorted out on the same day and the data was secured. The inquiry into the data breach revealed the occurrence of an error during the conduct of a software system update that is…

Wyoming Department of Health Makes Announcement of GitHub Data Breach Impacting 164,000 Persons

The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 persons was accidentally compromised on the web as a result of a blunder made by a member of its labor force. On March 10, 2021, WDH learned that a staff member had published documents with medical test information to public and private databases on the software development platform GitHub. Although security controls are set up to take care of users’ privacy, a mistake by the staff meant the information could likely have been viewed by people unauthorized to see the data since January…

Third-Party Data Breaches Announced by Apple Valley Clinic & BioTel Heart

A ransomware attack on one of the IT vendors of Apple Valley Clinic in Minnesota resulted in the potential compromise of the protected health information of 157,939 of its patients. Apple Valley Clinic, which is with Allina Health, utilized Netgain Technology LLC for hosting its IT network and computer networks. In November 2020, Netgain encountered a ransomware attack that led to the taking down of its data off the web. Netgain informed Apple Valley Clinic on December 2, 2020 concerning the exposure of patient information during the ransomware attack. Allina Health acquired affirmation on January 29, 2021 regarding the impact…

Hackers Accessed 150,000 Verkada Security Cameras Including Live Feeds and Stored Video Footage

A hacking collective has acquired access to the systems of Verkada Inc., a Californian security camera startup, and viewed the live feeds and archived video footage from surveillance cameras connected to the cloud, which are utilized by big corporations, hospitals, police departments, schools, and jails. As originally reported by Bloomberg, a white hat hacking group called Advanced Persistent Threat 69420 accessed Verkada’s systems by using credentials they got online. The credentials allowed the group to have super admin-level privileges, so it has root access to the surveillance cameras and, in certain instances, the internal systems of Verkada’s customers. The hackers…

About 100,000 People Impacted by Cochise Eye and Laser Ransomware Attack

The ophthalmology and optometry provider based in Sierra Vista, AZ, Cochise Eye and Laser, encountered a ransomware attack last January 13, 2021 that brought about the encryption of the company’s patient scheduling and billing software program. Because of the attack, Cochise Eye and Laser could not access any information in its scheduling program. It continued to provide eye care services to patients, albeit using paper charts. Based on a breach notice published on its website on February 17, 2021, the company still use paper charts because the scheduling system is still not working. The investigators of the ransomware attack did…

Breach of Information at Rehoboth Mckinley Christian Health Care Services Captial Medical Center and Sutter Buttes Imaging Medical Group

Two healthcare companies have encountered ransomware attacks wherein sensitive information was exfiltrated and exposed on the web as the victims didn’t pay the ransom demand. The Conti ransomware group has publicized information on its leak website which was apparently acquired in an attack on Rehoboth McKinley Christian Health Care Services based in New Mexico. The exposed details include sensitive patient details such as patient ID cards, diagnoses, treatment data, diagnostic data, passports, and driver’s license numbers. It is uncertain how many people have had their PHI compromised thus far. The Conti ransomware gang says it has merely posted about 2%…

Data Breaches at Legacy Community Health Services, Hillcrest Nursing Center and Dental Care Alliance

Email Breach at Legacy Community Health Services Affects 3,076 Patients Legacy Community Health Services (LCHS) located in Texas is informing 3,076 people that some of their PHI held in an email account were potentially accessed by an unauthorized individual. LCHS noticed the unauthorized access of a staff’s email account on July 24, 2020 and performed a password reset on that day. A third-party cybersecurity agency helped look into the incident and completed the review of the breach on September 22, 2020. According to the evaluation, the account stored patient names and some clinical data associated to care gotten and the…

Data Breach Incidents at Lycoming-Clinton Joinder Board and Coast Dental

Lycoming-Clinton Joinder Board (LCJB) is managing programs that provide services to persons with mental health issues or intellectual disabilities in the area of Lycoming and Clinton Counties, Pennsylvania. It encountered a breach and is now notifying 14,500 individuals concerning the potential compromise of their protected health information (PHI). On August 10, 2020, while looking into a prior data breach, LCJB learned that an unauthorized individual viewed the email accounts of three personnel. A review of the email accounts affirmed they stored patient data, nevertheless, it can’t be determined if the unauthorized persons accessed or obtained any details in the email…

Dickinson County Health, Michigan Medicine and Passavant Memorial Homes Security Breaches

Dickinson County Health based in Michigan has encountered a malware attack that resulted in its EHR system to be taken offline. The attack has obligated the health system to use EHR downtime approaches and write patient details utilizing pen and paper. The attack began on October 17, 2020 and hampered computer systems at all its Michigan and Wisconsin clinics and hospitals. Systems were turned off to restrict the malware and third-party security professionals were called in to check out the breach and fix its systems and records. Though the attack prompted major interruption, nearly all patient services stayed entirely operational….

Data Breaches at Piedmont Cancer Institute, The Health and Wellness Clinic and McLaren Oakland Hospital

Piedmont Cancer Institute (PCI) located in Atlanta, GA is informing 5,226 patients about the potential exposure of their protected health information (PHI) as a result of an unauthorized individual getting access to the email account of one employee. A third-party cybersecurity firm helped PCI in determining the compromise of the email account for more than a month. The unauthorized person initially accessed the email account on April 5, 2020. PCI secured the account on May 8, 2020. The breached account review ended on August 8, 2020 and confirmed that it comprised a selection of PHI. Aside from names, the patients…

Data Breaches at the Institute for Integrative Nutrition, Colorado Mental Health Center and Texas Recycling Center

The Institute for Integrative Nutrition in New York City encountered a phishing attack in March 2020, which resulted in the potential exposure of personal data. The institute only became aware of the breached email account on June 22, 2020. According to the investigators, an unauthorized person gained access to one email account starting March 3, 2020 up to March 4, 2020. Third party cybersecurity specialists assisted the investigation and confirmed after a manual document review that the unauthorized person potentially accessed names and personal information like Social Security numbers. But data theft is not confirmed by any evidence. As a…

2.5 Million Patient Records Hosted by Cense AI Compromised Over the Internet

Technology and security consultant Jeremiah Fowler reported that the personal and health data of over 2.5 million patients were compromised on the web. On July 7, 2020, two folders comprising the data were found publicly available over the web and without requiring any passwords to access. An artificial intelligence company called Cense AI hosted the folders marked as “staging data.” Cense AI is a firm that delivers SaaS-based intelligent process automation management solutions. The folders were managed on a similar IP address as the Cense website and were accessible by taking out the port from the IP address, which can…

Data Breach Incidents at Health Plan Member Websites, Zipari and Central California Alliance for Health

Health plan Independence Blue Cross in Philadelphia, AmeriHealth Insurance Company and AmeriHealth HMO, Inc of New Jersey learned that unauthorized persons acquired access to web pages on their member sites from March 17, 2020 to April 30, 2020 and possibly saw the private and protected health information (PHI) of a number of plan members. The types of data exposed comprise names, health plan type, member ID numbers, payment account balances, claims details and user reward summaries. According to the breach investigation, the unauthorized person utilized legit credentials to log in to the website. On all occasions, the passwords employed to…

Misconfigured Exposed Cloud Databases are Attacked In Just Hours

Security researchers often discover misconfigured public cloud databases. Wrong configurations that cause cloud data exposure may be because of insufficient knowledge of cloud security or guidelines, inadequate oversight to track down errors, or negligent conduct by insiders. The latest Trend Micro report pointed out that the top cause of cloud security issues is cloud misconfigurations. Security researchers at Comparitech frequently find unsecured cloud assets, typically Elasticsearch cases and unprotected AWS S3 buckets. Whenever the unprotected cloud databases are identified, security researchers identify the owners and notify them to make sure to secure data quickly. Upon identifying the owners, it usually…

Over 110,000 Patients’ PHI Compromised Because of Phishing Attacks on Overlake Medical Center & Clinics and VibrantCare Rehabilitation

A phishing attack on Overlake Medical Center & Clinics located in Bellevue, WA in December 2019 caused the potential exposure to personal and protected health information (PHI) of 109,000 patients. Overlake Medical Center & Clinics discovered the phishing attack on December 9, 2019 and did a password reset to prohibit unauthorized access. Overlake affirmed the unauthorized access of one email account beginning December 6, 2019 up to December 9 which was the time the Overlake secured the account. There were other email accounts compromised on December 9, however, the attacker only had access for a couple of hours. An examination…

$1.77 Billion in Losses Due to Business Email Compromise Attacks

The 2019 Internet Crime Report of the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) was just released. It reveals that cybercrime losses in 2019 maxed $3.5 billion. IC3 got nearly 1,300 per day or 467,361 online and cybercrime complaints. Above 50% of the losses were caused by business email compromise (BEC) attacks, otherwise called email account compromise (EAC). These attacks entail the impersonation of an authorized person or business to acquire finances by means of email. These complex tricks usually start off with a phishing attack on a manager to acquire email login credentials. The hacker then…

PHI Potentially Exposed at Iowa Department of Human Services and Cedarbrook Nursing Home

The Iowa Department of Human Services informed 4,784 people concerning the potential exposure of their protected health information (PHI) because of improper disposal of documents. On November 25, 2019, a member of the DHS staff put documents containing the Dallas County clients’ PHI together within the regular garbage dumpster. The staff should have shredded the documents before disposal. DHS was late in discovering the improper disposal as the dumpster had been emptied already. The incident investigators learned that the custodial employee who disposed of the records wasn’t aware that the documents contained confidential information. It was not possible to determine…

Breach of LabCorp Patients’ Personal and Health Data Due to Website Error

TechCrunch researchers found a security error on a website that LabCorp is using for hosting its internal customer relationship management system. Though the system comes with password protection, the researchers discovered an error in the back-end system and exposing patient records. The error made possible patient data access even with no security password and search engines have indexed the web URL. Google had cached just one document that contains a patient’s health data. However, the researchers were able to see other patient records with health data just by modifying the document number in the web URL. The researchers examined sample…

PHI Exposed at Alomere Health and Mercy Health Lorain Hospital Laboratory Data Breaches

Alomere Health in Alexandria, MN encountered a phishing attack that allowed unauthorized persons potential access to the protected health information (PHI) of more or less 50,000 patients. After becoming aware of the phishing attack on November 6, 2019, the healthcare provider conducted an internal investigation that revealed the account was accessed by unauthorized persons from October 31 until November 1, 2019. The computer forensics company that investigated the breach revealed on November 10, 2019 that a second email account compromise occurred on November 6. After a detailed examination of the compromised accounts, it was confirmed by the investigators that selected…

Conway Medical Center and Equinox Inc. Email Security Breaches

A phishing attack on Conway Medical Center in South Carolina resulted in the access of the email accounts of several employees by unauthorized people. Conway Medical Center became aware of the phishing attack on October 7, 2019 and immediately secured the employee’s email accounts to block the further access of unauthorized individuals. Third party cybersecurity specialists looked into the breach to confirm patient data access or theft. According to the investigators, the email accounts were first compromised on or before July 2019. It was only on November 20, 2019 that the investigators confirmed the exposure of the protected health information…

9,800 Aegis Medical Group Patients Affected by Inappropriate PHI Access by a Former Employee

Aegis Medical Group, a Florida-based physician group, started notifying 9,800 patients that a former employee potentially accessed their protected health information (PHI). Purportedly, that individual offered the patient data for sale to third parties that were supposedly involved in identity theft and fraud. The law enforcement told about the employee’s action to Aegis Medical Group on September 11, 2019. The investigators confirmed the employee’s attempt to sell off two patients’ data. The physician network together with law enforcement discovered that the employee probably accessed approximately 9,800 patients’ information from July 24, 2019 up to September 9, 2019. The patient records…

Warning on Medtronic Valleylab Energy Platform and Electrosurgery Products Vulnerabilities

Medtronic identified six vulnerabilities in the Medtronic Valleylab energy platform and electrosurgery products that include one critical vulnerability that an attacker can exploit to access the Valleylab Energy platform and view/overwrite data files and remotely implement arbitrary code. Medtronic already sent notifications about the identified vulnerabilities to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency considering its responsible vulnerability disclosure policy. The following Medtronic Valleylab products have been found to have four vulnerabilities: Valleylab Exchange Client, Version 3.4 and earlier versions Valleylab FX8 Energy Platform (VLFX8GEN) software Version 1.1.0 and earlier versions Valleylab FT10 Energy Platform (VLFT10GEN) software…

Fetal Remains Discoverd at Home of Deceased Doctor

Family members of the late Dr Ulrich Klopfer have discovered fetal remains at his home in Illinois.  Dr Klopfer operated three abortion clinics in Indiana until 2015 when his license was suspended due to failure to comply with state laws. The violations included failure to report cases of the rape of a minor following an abortion procedure, violations of state waiting periods, and improper record keeping. Indiana Attorney General Hill described Dr Klopfer as “one of the most notorious abortionists in the history of Indiana” with “a record of deplorable conditions and violations of regulatory controls.” Dr Klopfer had his…

California Hospice Experiences Ransomware Attack

The Hospice of San Joaquin in Stockton, California, is in the process of notifying patients that their protected health information may have been compromised in a recent security incident. On July 2, 2019, at 12:50 pm, hackers installed malware on the hospice’s network. The network included servers used to store the protected health information of 13,000 patients.  In the breach notification posted on their website, the hospice stated: ‘we do not believe, or have any indication patient or staff information has been utilized, disseminated or disclosed to unauthorized parties.’ The server contained patient information such as their full name, home…

Premera Blue Cross Settles for $10 Million for 2014 Data Breach

Premera Blue Cross has agreed to a $10 million settlement to resolve lawsuit involving 30 state attorneys general for a 2014 data breach which compromised 10.4 million records. A hacker compromised Premera Health’s network on May 5, 2014, and had access until March 6, 2015. During this time, the hacker could access highly sensitive plan member information such as names, contact information, dates of birth, member ID numbers, and Social Security numbers. Premera Health record’s included information on individuals from Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada,…

Error at Business Associate Exposes Turlock Irrigation District Employee Data

Turlock Irrigation District in California are notifying members of their employer-sponsored health plan that an error at a business associate has resulted in some of their protected health information (PHI) being exposed. The business associate, Delta Health Systems (DHS), provides administrative services related to Turlock Irrigation District’s health plan. As such, it requires access to employee protected health information and is required by HIPAA to protect the integrity and confidentiality of this information.  However, due to an error made by a third-party website developer, some employee information was made accessible through a link on DHS’s website. While the website had…

Centura Health Email Security Incident Compromises PHI of 7,515 Patients

Centura Health has revealed that an email security incident has resulted in the protected health information (PHI) of 7,515 patients being compromised. Centura Health, based in Centennial, Colorado, discovered the breach on April 16, 2019. IT security staff immediately took steps to secure the account and revoke unauthorised access. An investigation was launched into the incident to determine the extent of the breach and how the hacker gained access to the account. The investigation concluded that the hacker may have been able to access emails and email attachments during the window in which they had access to the account. However,…

Study Shows Quarter of Phishing Emails Bypass Office 365’s Default Defences

Avanan has released a study indicating that a quarter of all phishing emails bypass Microsoft Office 365’s default anti-phishing protections. Avanan, a cloud security platform provider, conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). They discovered that the software categorised a quarter of phishing emails sent as ‘non-malicious’, and allowed them to arrive in user inboxes. A  further 5.3% of emails were delivered as they had been whitelisted, meaning the phishing emails couldn’t be blocked. EOP works by scanning emails for malware, signatures of spam, and checking if the sender…

Mimecast Report Shows Huge Increase in Emails Containing Malicious URLs

Mimecast has released a report showing that there has been a 126% increase in the number of emails containing malicious URLs between August 2018 and February 2019. Mimecast, a company specialising in cloud-based email management, surveyed to ascertain workplace awareness of cybersecurity issues. The report was based on an analysis of 28.4 million emails that had been marked as ‘safe’ by security filters on email inboxes. These filters failed in nearly 17% of cases, as the researchers discovered 460,000 emails that contained malicious links but had made it past the email security solutions.  Previous reports suggest that the average office…

GandCrab Ransomware Campaign Targets MSPs

Hackers have launched a new GandCrab ransomware campaign targeting managed service providers (MSPs) and IT support companies. GandCrab ransomware is a popular variant of ransomware. It became popular for hackers to utilise as Ransomware-as-a-Service (Raas). RaaS allows even novice cybercriminals to launch ransomware campaigns and earn commission for the use of this ransomware. MSPs are often used by small and medium businesses (SMBs) that have insufficient resources to create and manage their cybersecurity frameworks. MSPs perform a range of functions such as patching, performing software updates, proactively finding security issues, and correcting problems in networks. As MSPs work remotely, SMBs…

DoD Report Reveals Defense Health Agency Failures

The Department of Defence (DoD) Office of Inspector General (OIG) has released a report revealing that the Defense Health Agency (DHA) failed to implement security protocols consistently. This failing resulted in failings to protect against the unauthorised accessing of systems that stored, processed, and transmitted electronic health records and other sensitive patient information. The DoD OIG Report – DoDIG-2017-085, “Protection of Electronic Patient Health Information at Army Military Treatment Facilities” details the failings and includes suggestions made by OIG to improve the system. The DoD OIG found that Common Access Cards (CACs) were not used to access three DoD EHR…

New Microsoft Office 365 Phishing Attack Discovered

A cybersecurity consultant has identified a new Microsoft Office 365 phishing attack that fools unsuspecting users into entering their Office 365 account details into a fake website. Phishing attacks are attempts made by cybercriminals to obtain sensitive information such as passwords or credit card details from a victim by pretending to be a reputable organisation via electronic communication channels. Often conducted through emails, the messages look surprisingly legitimate, and often direct the victim to a website which is a convincing copy of the genuine site. The only noticeable difference between the two web pages may be the URL, which ignorant…

Microsoft’s November Patch Tuesday Addresses 64 Vulnerabilities

November 13 2018 marked Microsoft’s November Patch Tuesday. The day saw the release of patches and security updates for Windows, Internet Explorer, Edge, and other Microsoft products. In total, 64 vulnerabilities were addressed across the range of Microsoft products. There were 12 vulnerabilities which were considered “critical” by developers. The updates are hoped to protect Microsoft devices against malware attacks, which are becoming increasingly prevalent.   The 12 critical vulnerabilities could allow hackers to execute malicious code and take full control of a vulnerable device. The majority of the critical vulnerabilities are in the Chakra Scripting Engine, which account for…

Medical Attendant Fired for HIPAA Breach

In January this year, a medical attendant assistant was let go from Wayne Memorial Hospital for a HIPAA infringement after the improper obtaining of 390 patients’ documents was found. A famous event in 2011 observed medical caretakers and other medicinal services staff snoop on patient records. All things considered, there hosted been a gathering in a neighboring town where there were numerous medication overdoses. Allina Hospitals and Clinics let go 24 individuals from staff for the unseemly getting to of PHI. Attendant Fired for HIPAA Breach at Glendale Adventist Medical Center Every year, many attendants are found to have disregarded…

Doubtful Phishing Violence on UPMC Susquehanna Revealed PHI of 1200 Patients

UPMC Susquehanna is a linkage of medical centers and the hospitals in Muncy, Pennsylvania and Williamsport Wellsboro. UPMC declared that 200 patients PHI has been checked and accessed by illegal individuals. It is believed that the access to PHI is gained when an employee of the organization answered phishing email. Although the date of the incident has not been highlighted yet. According to UPMC Susquehanna the breach was discovered on 21ts September when the worker of the organization highlighted doubtful activities on the device. According to the investigation process, the illegal individual got access to the information using the employee’s…

PHI Of 932 Members Of Texas Children’s Health Plan Emailed To Private Account By An Employee

The PHI (Protected health information) of members (932) of Children Health Plan has been emailed to the personal account of prior employee. This instance happened on 21, Sep 2017, although, the employee sent the data in November or December 2016. These emails were found during a daily review analysis. The Texas Children’s Health Plan immediately took action to the attack and responded to minimize the risk too.  In order to prevent such problems in future, the Health Plan also implemented the Insurance plan. Additionally, all the workers have been retrained for the HIPAA rules and the hospital policies. Although, the…

Alaska DHSS Revealed PHI Breach and Malware Infection

A virus named Trojan horse virus has been discovered on two devices that have been used by the Health and Social Services department. This virus access and steals the information stored on laptops. “HIPAA revealed of 500 plus individuals”, the statement was highlighted by Katie Marquette who is the communication director is Alaska DHSS. Currently, the right number of the people affected has not be discovered. Complete analysis of the affected devices has been conducted that disclosed the attackers. According to the analysis, the trackers are present in Western area, may access the important and sensitive information like reports and…

Phishing Attacks Due to Malicious URLs Increased 600% in 3rd Quarter of 2017

Among all the identified healthcare breaches, the phishing attack is one of the major threats to the privacy of PHI. A few weeks ago, different healthcare companies announced email accounts with the PHI of 1000s of patients has been stolen by different people. On the basis of which, the healthcare employees are answering the phishing emails. The reports highlighted the increase in Phishing attacks with Malicious URLs This week a new report has been released and this report shows that there is a major increase in the malicious emails in past few months. A Quarterly threat article from Proofpoint highlighted…

Aetna Issues Stated 5000 Patients PHI Revealed Online

A health insurer Aetna located in Harford, CT found that the PHI of 5000 members was exposed via online means and the information was also accessible via the search engines.  Aetna conducted an investigation on 27 April, 2017 for the security problem that affected 2 computer services. Those computer services were responsible to expose the documents showing Information of authorized people and other member plans. During the investigation Aetna found, that these documents were also submitted to search engines and unauthorized people can easily access those. On 10th May, the investigation report highlighted the fact that the data has been…

Configuration Error From Supplier Caused The Breach Of Ephi Of 14,000 Individuals

Universal care found a serious breach of PHI. On 28 Dec, 2016, Brand New Day found that an unauthorized individual got access to the PHI that was send to one of the business associated. The information was obtained by a third party supplier system that was used by the company’s contract provider. This incident happened 6 days ago on 22nd Dec 2016. The incident notification that was differed to attorney general of California does not contain any information about the affected members of the incident. Although, the information was breaches and the criminal investigation was immediately started by law. The…

The Hospital Employees Found The Data Hack Of 6,200 Patient’s Records

The Covenant HealthCare informed to 6000 patients that there information was accessed by one of their employees by illegal means. In November 2016, the breach was found during the review of EMT logs. The review highlighted the irregular access of the data from one employee. For this Covenant HealthCare took immediate actions and conducted a complete review of the employee that what type of data is accessed by the employee and either he has any reason to access those data information or not? The review highlighted that Covenant HealthCare’s employee started accessing the data improperly on 1st Feb 2016 and…

Copilot Provider Support Service Warned 220,000 Patients of ePHI Incidents

One of the unauthorized people got access and achieved secrete information of about 220,000 patients from the database of official website of CoPilot provider support Services. This website is used by the physician’s to check either MONOVISC and ORTHOVISC injection are included in the health insurance service providers or not? Usually the information added on the official website goes to the database that is acquired by Copilot. This database got accessed and downloaded by an unauthorized person, while according to the rules and policies of CoPilot, no one has right to access the databases until he is an authorized person….

ePHI Disclosure Effects 3,600 Children’s Hospital Los Angeles Patients

3,594 clients of Children’s Hospital Los Angeles Medical Group (CHLAMG) and Children’s Hospital Los Angeles (CHLA) are being advised of a potential rupture of their secured wellbeing data following the robbery of a decoded, secret word secured portable PC. The portable workstation was stolen from the bolted vehicle of a CHLAMG representative who rehearses at CHLA. The robbery is comprehended to have happened on October 18, 2016. CHLAMG scrambles its smart phones, while the examination concerning the rupture at first showed the portable PC had been encoded to institutional models, on December 21, 2016, CHLA confirmed that there was a…

PHI Of 2,100 Veterans Disclosed In April

Every month the Department of Veteran Affairs publishes an answer to the committee on the data security experiences encountered by VA offices through the span of the month. PHI disclosures expanded extensively in April, with 2,105 experts’ PHI being incidentally unveiled. Altogether, 2556 veterans were influenced by data security occurrences in April, bringing about the VA sending 1,690 break notice letters. Because of the moderately high danger of abuse of information, 866 experts were proposed credit insurance administrations. There were 39 lost and stolen equipment episodes in April and the lost PIV cards tumbled from 172 to 128 and 146…

Lincare Inc Pays $239,800 CMP for HIPAA Breach

For the second time in its history, OCR has requested a HIPAA-secured element to pay fines for HIPAA infringement. Lincare Inc. is expected to fund $239,800 for infringement of the HIPAA Privacy Rule which was found amid the examination of a criticism about a rupture of 278 client records. HIPAA Privacy Rule Infringement Revealed by OCR Lincare Inc. runs approximately 850 drugstores all through the United States, giving therapeutic gear and respiratory care to patients at its offices. An objection was recorded with OCR about a Lincare representative who left archives holding the PHI of 278 subjects at one of…

Rectification of 150K at Massachusetts Dermatology Health Centre

Civil Rights Administrator made an announcement affirming that an understanding has been come to with Adult and Pediatric Dermatology, the inadvertent exposure of around 2,200 people on the theft of a hard drive from the auto of a middle’s workers that contained patient information without encryption, which means anybody possessing the capacity gadget can explore the information it contained and it has not yet found. OCR imposed a fine on dermatology center $150,000 for negligence and requested the facility for full hazard investigation to recognize any residual protection and safety protection in future. It was first time that OCR has…

ULCA Clinical System Was Violated By 4.5 Million Information Rapture

A programmer approached the database and copied the data of 4.5 million people as reported by UCLA (University of California, Los Angeles Health System) that has 4 hospitals and 150 departments. Any individual who had treatment in the previous 25 years could be influenced and workers were accepted to having had their information uncovered. The information included entire data except financial information. Doubtful Web server activity in 2014(September) In October, the wellbeing framework’s system cautions but programmers obtained approach to company’s web servers in 2014 (September).The “suspicious action” was accounted and organization stated that around then, it didn’t give the…

Updating the Latest Legislation for Connecticut Breach

Connecticut ruptures notice legislation have been refreshed. Substitute Bill and Act acquainted various changes with enhance security and viability that influence all who work together with particular changes. One of the real changes concerns harms and hazard relief after an information break. All organizations and people working together should now give credit checking administrations to casualties for one year. Meaning of “secret data” differs from country to country. It comprehensively takes after the meanings  in HIPAA, but in this organization it particularly alludes to; Name, Mother’s original last name, Standardized savings number, Worker ID number, Business or citizen ID number,…

Online Robbery at Sacred Clinical Center

A programmer has penetrated the mail record of a local wellbeing framework and conceivably has gotten the by and by identifiable data and 14,000 people’s information as indicated by Sacred Heart Health System. The security episode was caused when a representative of the Business partner had their record username and secret key traded off in an “email hacking assault”; apparently a phishing effort. Lately programmers have effectively utilized strategies on various events to acquire client login points of interest. Messages were sent to doctor’s facility representatives that firmly impersonate require login subtle elements t. The clients are tricked into uncovering…

50,000+ PHI has revealed by Data Hack at Advantage Dental

As indicated by a report the programmers had effectively penetrated PC frameworks of Dental Hospital, and gotten to the records of more than 151,000 people. The organization had 30 facilities in all over the country. It found that programmers had accessed its inner PC frameworks and patient’s database within three days in 2015. As per Rule Dental Hospital had executed a framework which observed approach to the information. Approach to the information was rapidly closed down. No budgetary data were uncovered in the episode as this data was put away in a different database. Coverage of data concerns with dental…

Nurse at Florida is charged of theft for utilization of information

As indicated by a report, an attendant from Florida, Lee County is charged to access Secured Clinical Data from a medical center and blamed for getting to and utilizing secured information and utilizing that data to open Visa accounts and dupe no less than 8 patients. The lady got deceitful Master card reports by utilizing quiet names and information and bought gift vouchers, electronic gadgets and made costly repairing of vehicle. Under directions, the charges recorded against her for the malefactor utilization of individual data and abuse. In accommodation when mind is given, recognition of dishonorable utilization of Information and…

Hospital Employee Got 18 Month Jail Term for HIPAA Breaches

Locating to the human services information of patients without approval is restricted under HIPAA enactment, and the divulgence of this data to an outsider is a criminal issue. The offense conveys a correctional facility term of up to 10 years notwithstanding the greatest fine of $500,000 if the revelation is made for individual pick up. One of the most recent cases of the wrongful revelation of separately identifiable wellbeing data originates from the Eastern District of Texas where previous Longview inhabitant, Joshua Hippler, 30 have been indicted this offense and condemned to serve a year and a half in prison….

300,000 Reports Disclosed in the University of Maryland Security Infringement

At the University of Maryland, 309,079 faculty and students have been influenced by a security rupture that uncovered Social Security numbers, dates of birth, names, and college ID numbers. The targets are from the College Park and Shady Grove areas, and their data was put away in an old database. The records go back to 1998. Programmers could access the database by means of a server, regardless of a few layers of security being set up. They found the database and basically “made a Xerox of it and took off” as indicated by Brian Voss, the University of Maryland’s Vice…

Massachusetts Marijuana Plan Reports HIPAA Infringement

An infringement of the HIPAA Privacy Rule has been proclaimed after the Massachusetts Health Department mailed the inmates enlisted in its medicinal marijuana plan. The infringement includes an unusual mistake, which ought to have been recognized preceding the email being forwarded. Almost 7000 messages were conveyed to patients exhorting them that they had been affirmed to join the restorative cannabis program. The emails appeared with a title of “Affirmation of Patient Certification in the Medical Use of Marijuana Online System.” The messages likewise carried beneficiary’s name and enlistment number. This episode is thought to be a rupture of HIPAA Privacy Rule as…

St. Louis County Health Department Proclaims Email HIPAA Breach

St. Louis County Health Department has announced that a previous worker has unintentionally ruptured the HIPAA after she forwarded a mail carrying Protected Health Information to her own email account. The information of the patients who visited Buzz Westfall Justice Center in the vicinity of 2008 and 2014 was also included. The information was held in a report and covered private data of patients. Craig Lefebvre, the representative of St. Louis County Department of Health, declared an announcement to the media in regards to the violation. He told that the worker was communicated and advised to erase the records and she…

Inappropriate Placement Of Drugstore Records And Waste; Safeway fined $10 Million

For poorly discarding drug store records and risky waste in dustbins, California prosecutors have come to a $9.87 million settlement with the supermarket chain Safeway. The patient reports contained private data and ought to have been annihilated by HIPAA and the California’s Confidentiality of Medical Information Act. Safeway had been discarding patient drug store records and waste inappropriately for more than seven years. Investigators reviewed the trash at many stores worked by the supermarket chain over a time of year and a half. The scrap seen in a dumpster utilized by Safeway stores was bound for landfill locales. The investigations…

Houston Warehouse Had a Breach of 10 years of Abortion Data

As indicated by a current story about Houston Radio station, KTRH, the medicinal reports of many ladies that went to an indefinite Houston abortion dispensary have been found in a stockroom in the town. The documents were found by Esmeralda Cedillo, the proprietor of the warehouse. The center had not been utilized for a long time until the point when a dog got inside and pulled out various documents and started shredding them. Cedillo discovered boxes of printed material coincidentally with cases of sedative medications. The records had been left in the center by an alienated family who worked there….

Health Data Security Law in New California Plugs Holes in HIPAA

On January 1st, 2015 the Confidential Health Information Act came into power in California and insured safety to people who are not the real policyholders. Numerous people are embraced by medical support for a plan having a place with a parent; though, when messages are conveyed by the health program director, the agreement is normally directed to the policyholder. This could possibly bring about the exposure of Protected Health Information to the holder of the health treatment system. The latest law revises the State’s Confidentiality of Medical Information Act and has been proposed to grant people the privilege to decide…

485K Employee’s Health Information was exposed by 2013 USPS Security Breach

The United States Postal Office PC Network hacking in September 2013 uncovered the private data of roughly 800,000 representatives and incorporated a database of 3 million client objections including private data. On September 11, 2013, the safety violation was found when the Department of Homeland Security instructed the USPS that its servers were transferring unapproved interchanges outside of the system, showing its PC had been jeopardized. An inquiry unveiled that 29 servers had been jeopardized and a huge volume of information had been duplicated from the servers, including HR records. An FBI announced this hack as exceedingly complicated. Everyone was…

HIPAA Theft of 14,000-Record

Rady Children’s Hospital did a great effort to secure data from hackers but by a minor mistake of a staff member 14,121-record HIPAA breached that provided 6 job applicants with its patient’s genuine data. Breach of HIPPA privacy rule occurred when de-recognized data were given to candidates that included all information of patient except money related, Social Security number and guardian’s name and this breach influenced the patients who had treatment between July 1, 2012 and June 30, 2013. A spreadsheet of information was sent through email to candidates that is an unreliable. Mail was sent to four administrative position…

Rectification of 150,000 at Massachusetts Dermatology Health Centre

Civil Rights Administrator made an announcement affirming that an understanding has been come to with Adult and Pediatric Dermatology, the inadvertent exposure of around 2,200 people on the theft of a hard drive from the auto of a middle’s workers that contained patient information without encryption, which means anybody possessing the capacity gadget can explore the information it contained and it has not yet found. OCR imposed a fine on dermatology center $150,000 for negligence and requested the facility for full hazard investigation to recognize any residual protection and safety protection in future. It was first time that OCR has…

Mammoth HIPAA Data Details Violation Exposes 4 Million Patient Histories

On 15th July, four data enrich laptops were stolen from advocate medical group. Due to this high disaster, Mammoth suffers huge difficulty in patient’s records. Laptops were unencrypted and breaches of HIPAA security occur that is why they are under great loss. 4 million patients record are exposed publically which is not a short range. This is the second largest disaster ever in the history. Data in the laptops include personnel name, addresses, phone number, and date of birth and several clinical records of patient. These all information is highly sensitive which are exposed publically due to HIPAA breaches. The…

Fort Worth HIPAA Violation Exposes 277,000 Patients Record

Due to HIPAA breaches, huge blunders occur. In Texas health hospital, large amount of patient data are exposed due to security issues. This is because they did not follow the HIPAA rules due to which violation occur. 277K patients are suffered due to this breach. They are notifying to all affected patients who are under this and taking serious action so that risk can be eliminated. The major reason of this cause is that they disclosed the PHI. Leakage of data includes patient ID, address, Date of birth, telephone No, past record and Tracking ID. They are the primary attributes…

Well-Being Focused Inquiry On Community Health Centre

A previous IT Manager of Community Fitness Center, Connecticut has claimed that the social insurance supplier neglected to address various security problems and his business was ended because of featuring those issues to the higher administration. Moreover, when the manager was sent his own effects that contained a PC hard drive which contained roughly 130, 000 medicinal records of present and previous consumers of the Middletown center that has been given to the state and the Attorney General’s Office. Group Health Center works 13 facilities in the Middletown zone including medicinal and dental focuses with concentrated administer to HIV/AIDS sufferers….

Los Angeles Times Article Concluded In $275000 HIPAA Privacy Rule Fine

An article that is publicizing in LA epoch begins with a list of events that concluded in Shasta Regional Medical Center (SRMC) concurring to an adjustment of $275K violation of HIPAA privacy policy and standards. All the entities in privacy rules as well as employees and various business contacts from exposing health record of thousands of patients to illegal personnel. There is misgiving that rules are neither being adopted by HHS Office leads an inquiry and acceptance review. The two senior leaders in Shasta Regional Medical Center talked to media and publicize the news about patient records which is a…

Lawsuits Alleges IRS Breaches HIPAA With Theft Of 60 Million Patient’s Medical Records:

A course action claim alleges that IRS disrupted HIPAA rules when causes detained 60 million secret and personal condition archives linking to 10M American entities. The lawsuit is filed by a healthcare benefactor – that requests to stay anonymous – beside the IRS as well as 15 of its managers who remained unmentioned. The lawsuit is being documented with the accuser asserting the IRS ruptured HIPAA directions and unlawfully held 60 million individual health histories when the security permitted just access the monetary information of one person. The episode happened on March 11, in the year 2011, after the IRS…

HIPAA Info Violation Hits 13.5k United Homecare Services Patients

United HomeCare Services had been tirelessly executing arrangements to secure the PHI of its clients. Updating information safety standards can take some time, and keeping in mind that computers had been programmed for information encryption a few gadgets just utilized secret key protection to secure the information. On January 8, 2013, a supervisor at the hospital returned home with a laptop which she was allowed to take away from the office. In transit home from the hospital the worker made a visit to a companion who was sick. She cleared out the laptop on the front seat of the vehicle,…

Seized Laptop Endangers 57,000 Patients Reports in HIPAA Security Violation

Social insurance associations can take the essential measures to shield their PC systems from focused assaults by programmers; nonetheless one of the greatest dangers to information security originates from cell phones, for example, phones, and versatile stockpiling gadgets, for example, outside hard drives and memory sticks. Tablets and other cell phones have moved toward becoming as fundamental in the human services industry as they have progressed toward becoming to current life. Doctors and human services experts can enhance the administration gave to patients. As helpful as they may be, extraordinary care must be taken to keep the gadgets secure. Information encryption…

4000-Patient HIPAA Violation Announced By University of Michigan Health System

The University of Michigan Health System (UMHS) has declared that the records of 4000 patients may have been uncovered by Omnicell, its supply administration framework merchant. The information break influences the patients of three doctor’s facilities worked by the University of Michigan Health System, every one of whom had gone by for interviews between October 24th, 2012 and November 13, 2012. The decoded information was put away on an anonymous gadget which was stolen from an auto having a place with an Omnicell worker. This is an infringement of the information protection and security arrangements set up at UMHS. The…

$1.5 Million HIPAA Remuneration Paid By Massachusetts Healthcare Provider to HHS

The burglary of a portable PC phone a human services station having a place with Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (MEEI) has brought about a contract of $1.5 million with the HHS Office for Civil Rights for HIPAA infringement. The U.S. Bureau of Health and Human Services is implementing Health Insurance Portability and Accountability Act compliance , and MEEI was esteemed to have disregarded the Security Rule by neglecting to avoid potential risk to ensure the wellbeing data of its patients and research subjects. The tablet contained decoded information which could be gotten…

Blue Cross HIPAA Breach costs $18.5 Million

A penalty of $1.5 million from the Office for Civil Rights is a long way from imaginary; in any case, the aggregate cost of adjusting HIPAA issues and tending to all security issues can be significantly higher than the cost of the fine, as Blue Cross Blue Shield of Tennessee as of late found. The safety net provider was the business’ initially organization to get a fine to violate the HIPAA and was issued the most extreme punishment of $1.5M for the monster information rupture that uncovered the Protected Health Information of over a million of its policyholders in 2009….