Healthcare Data Security News

Creating and recalling long, difficult passwords is problematic for a lot of people, and it is made even more challenging as a result of the need to produce passwords to secure several accounts – A research by NordPass indicates the average individual has approximately 100 passwords. A lot of folks struggle to make and keep in mind several strong and unique passwords, and so with numerous accounts to protect it is not shocking that people take shortcuts, however, those password management tools make password security vulnerable. It is typical for users to not create unique passwords and utilize a similar…

Oklahoma City Indian Clinic Cyberattack Reported Oklahoma City Indian Clinic (OKCIC), a 501(c)(3) nonprofit provider of healthcare services to approximately 20,000 individuals from 200 Native American tribes based in Oklahoma, just published on its web page and social media pages that it is presently encountering technological problems and network interruption that hindered access to a number of computer systems. The attack seems to have taken place on or approximately March 10, 2022 and has impacted its pharmacy’s programmed refill line and mail order services. The OKCIC IT staff and third-party experts are investigating the occurrence now and are trying to…

North Shore University Hospital (NSUH) in Manhasset, NY has announced an incident involving an ex-employee gaining access to protected health information (PHI) with no authorization. 7,614 patients received notifications that a former employee accessed some of their PHI without authorization. It is uncertain when NSUH detected unauthorized access. According to NSUH, it was identified on April 11, 2019 that unauthorized access had happened from October 2009 to February 2019. At first, the employee was suspended from work as the breach investigation was ongoing. Later, he/she was terminated because of unauthorized access. The breach was reported to the authorities, which asked…

Philadelphia FIGHT Community Health Centers has lately reported it encountered a cyberattack last November 30, 2021. Third-party forensic experts were involved to find out the nature and extent of the breach. Based on the investigation, there was no compromise of the health center’s electronic medical record system nor other clinical systems during the attack; nevertheless, on January 13, 2022, Philadelphia FIGHT found out that the attacker got access to non-clinical systems that stored files comprising the protected health information (PHI) of approximately 15,000 patients. It wasn’t possible to know whether the attacker accessed or acquired any patient data, though no…

A new Kaspersky report shows that the substantial growth in telehealth has put healthcare information in danger. Vulnerabilities were discovered in the systems that are used in telemedicine, a lot of which have yet to be resolved. Substantial Growth in Using Telehealth The COVID-19 pandemic contributed to a growth in virtual appointments, with healthcare companies expanding telehealthcare access to help control infections and reduce healthcare costs. Virtual appointments are done through the phone, video-conferencing applications, and other platforms. A number of new systems and products like wearable devices for measuring vital signs, implanted sensors, and web services are likewise being…

Jefferson Surgical Clinic in Roanoke, VA has started informing patients concerning the potential compromise of some of their protected health information (PHI) because of a cyberattack that was discovered on June 5, 2021. As per the breach notification letter sent to the Maine Attorney General, the attacker obtained access to sections of the network that held patient data like names, Social Security numbers, dates of birth, and medical and treatment data. Jefferson Surgical Clinic quickly informed the FBI regarding the breach and employed third-party cybersecurity and forensics professionals to support the investigation. The investigation found no information that indicates any…

Monongalia Health System based in Morgantown, WV has started alerting about 400,000 patients that unauthorized individuals may have obtained some of their protected health information (PHI) in a recent cyberattack. Monongalia Health System discovered the security incident only when one of its vendors reported not receiving a July 2021 payment that had left Monongalia Health’s accounts. Based on the investigation of the incident, it was confirmed there was a business email compromise (BEC) attack. The attacker had utilized a phishing email to acquire the credentials for the email account of a Monongalia Health contractor. Then, the threat actor used it…

Maxim Healthcare Group based in Columbia, MD has begun informing 65,267 people concerning a historic breach of its email system and the compromise of their protected health information (PHI). Maxim Healthcare Group, which consists of Maxim Healthcare Staffing and Maxim Healthcare Services, stated it detected suspicious activity in its email system approximately December 4, 2020. It took steps to stop further unauthorized access and started an investigation to find out the nature and extent of the breach. The investigation showed that unauthorized people got access to a number of employee email accounts from October 1, 2020, to December 4, 2020….

Premier Patient Health Care located in Carrollton, TX has learned that an unauthorized individual had acquired the protected health information (PHI) of 37,636 patients during an insider data breach. Premier Patient Health Care is an Accountable Care Organization (ACO) that collaborates with medical professionals to make improvements to clinical results covered by the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are run by Premier Management Company, a business associate to numerous primary care doctors who are covered entities by HIPAA. On April 30, 2020, Wiseman Innovations, a technology merchant utilized by Premier Management Company, confirmed…

Prestera Mental Health Center located in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or approximately April 1, 2021, Prestera Center discovered that selected worker email accounts were accessed without authorization between August 2020 and September 2020. Although the unauthorized access was confirmed, the center wasn’t possible to determine whether any patient data had been viewed or copied. A review was done to know the types of information that were included in the email accounts and which people were affected. The types of information in the account differed from person to person and…

Florida Heart Associates is informing 45,148 patients regarding one recent security breach that resulted in the compromise of their personal data and protected health information (PHI). The security breach was discovered some time in May 19, 2021, because of strange activity seen within selected networked computers. Florida Heart Associates immediately took steps to manage the breach and protect personal data and launched an investigation to find out the nature and extent of the breach. Florida Heart Associates confirmed the breach of its computer system from May 9 to May 19, 2021. Security systems were put in place before the breach…

The Nevada health insurance provider Prominence Health Plan has reported it experienced a security breach on November 30, 2020 resulting in the potential acquisition of the protected health information (PHI) of some plan members by hackers. Prominence Health Plan discovered the data breach on April 22, 2021 and took immediate action to avoid continuing unauthorized access, which includes altering the credentials utilized by the attacker to obtain network access. Although Prominence Health Plan hasn’t established whether or not this was a ransomware attack, all impacted plan member information has been recovered from backup copies. The breach affected the audio recordings…

ZocDoc in New York, which offers a platform that enables would-be patients to reserve consultations with physicians and dentists, has uncovered a problem in its software program that made it possible for patient records to be viewed by health care and dental practices when viewing ought to have been limited. The investigation showed programming flaws had taken place from August 2020 right until the issues were identified and fixed, a number of past and present practice workers got access to the provider site, even though their accounts must have been either terminated, erased, or been restricted. On all occasions, the…

A database made up of the personal data and protected health information (PHI) of more or less 200,000 U.S. military veterans was determined to be available on the web by security specialist Jeremiah Fowler. The database was found on April 18, 2021 and an evaluation pointed out references to a business entity named United Valor Solutions located in Jacksonville, NC. United Valor Solutions is a service provider of the Department of Veterans Affairs (VA) that delivers disability review services for the VA and many other government bureaus. The database – that included veterans’ names, contact details, birth dates, medical data,…

Doctors Medical Center of Modesto (DCM) based in California learned that a company used by a previous vendor accidentally exposed patient data online. DCM had employed the SaaS platform firm Medifies for its virtual waiting room services. DCM found out on April 2, 2021 that some of its patients’ data were accessible on the internet. Upon DCM’s inquiry of Medifies concerning the exposed data, the problem was sorted out on the same day and the data was secured. The inquiry into the data breach revealed the occurrence of an error during the conduct of a software system update that is…

The Wyoming Department of Health (WDH) has found out that the protected health information (PHI) of 164,021 persons was accidentally compromised on the web as a result of a blunder made by a member of its labor force. On March 10, 2021, WDH learned that a staff member had published documents with medical test information to public and private databases on the software development platform GitHub. Although security controls are set up to take care of users’ privacy, a mistake by the staff meant the information could likely have been viewed by people unauthorized to see the data since January…

A ransomware attack on one of the IT vendors of Apple Valley Clinic in Minnesota resulted in the potential compromise of the protected health information of 157,939 of its patients. Apple Valley Clinic, which is with Allina Health, utilized Netgain Technology LLC for hosting its IT network and computer networks. In November 2020, Netgain encountered a ransomware attack that led to the taking down of its data off the web. Netgain informed Apple Valley Clinic on December 2, 2020 concerning the exposure of patient information during the ransomware attack. Allina Health acquired affirmation on January 29, 2021 regarding the impact…

A hacking collective has acquired access to the systems of Verkada Inc., a Californian security camera startup, and viewed the live feeds and archived video footage from surveillance cameras connected to the cloud, which are utilized by big corporations, hospitals, police departments, schools, and jails. As originally reported by Bloomberg, a white hat hacking group called Advanced Persistent Threat 69420 accessed Verkada’s systems by using credentials they got online. The credentials allowed the group to have super admin-level privileges, so it has root access to the surveillance cameras and, in certain instances, the internal systems of Verkada’s customers. The hackers…

The ophthalmology and optometry provider based in Sierra Vista, AZ, Cochise Eye and Laser, encountered a ransomware attack last January 13, 2021 that brought about the encryption of the company’s patient scheduling and billing software program. Because of the attack, Cochise Eye and Laser could not access any information in its scheduling program. It continued to provide eye care services to patients, albeit using paper charts. Based on a breach notice published on its website on February 17, 2021, the company still use paper charts because the scheduling system is still not working. The investigators of the ransomware attack did…

Two healthcare companies have encountered ransomware attacks wherein sensitive information was exfiltrated and exposed on the web as the victims didn’t pay the ransom demand. The Conti ransomware group has publicized information on its leak website which was apparently acquired in an attack on Rehoboth McKinley Christian Health Care Services based in New Mexico. The exposed details include sensitive patient details such as patient ID cards, diagnoses, treatment data, diagnostic data, passports, and driver’s license numbers. It is uncertain how many people have had their PHI compromised thus far. The Conti ransomware gang says it has merely posted about 2%…

Email Breach at Legacy Community Health Services Affects 3,076 Patients Legacy Community Health Services (LCHS) located in Texas is informing 3,076 people that some of their PHI held in an email account were potentially accessed by an unauthorized individual. LCHS noticed the unauthorized access of a staff’s email account on July 24, 2020 and performed a password reset on that day. A third-party cybersecurity agency helped look into the incident and completed the review of the breach on September 22, 2020. According to the evaluation, the account stored patient names and some clinical data associated to care gotten and the…

Lycoming-Clinton Joinder Board (LCJB) is managing programs that provide services to persons with mental health issues or intellectual disabilities in the area of Lycoming and Clinton Counties, Pennsylvania. It encountered a breach and is now notifying 14,500 individuals concerning the potential compromise of their protected health information (PHI). On August 10, 2020, while looking into a prior data breach, LCJB learned that an unauthorized individual viewed the email accounts of three personnel. A review of the email accounts affirmed they stored patient data, nevertheless, it can’t be determined if the unauthorized persons accessed or obtained any details in the email…

Dickinson County Health based in Michigan has encountered a malware attack that resulted in its EHR system to be taken offline. The attack has obligated the health system to use EHR downtime approaches and write patient details utilizing pen and paper. The attack began on October 17, 2020 and hampered computer systems at all its Michigan and Wisconsin clinics and hospitals. Systems were turned off to restrict the malware and third-party security professionals were called in to check out the breach and fix its systems and records. Though the attack prompted major interruption, nearly all patient services stayed entirely operational….

Piedmont Cancer Institute (PCI) located in Atlanta, GA is informing 5,226 patients about the potential exposure of their protected health information (PHI) as a result of an unauthorized individual getting access to the email account of one employee. A third-party cybersecurity firm helped PCI in determining the compromise of the email account for more than a month. The unauthorized person initially accessed the email account on April 5, 2020. PCI secured the account on May 8, 2020. The breached account review ended on August 8, 2020 and confirmed that it comprised a selection of PHI. Aside from names, the patients…

The Institute for Integrative Nutrition in New York City encountered a phishing attack in March 2020, which resulted in the potential exposure of personal data. The institute only became aware of the breached email account on June 22, 2020. According to the investigators, an unauthorized person gained access to one email account starting March 3, 2020 up to March 4, 2020. Third party cybersecurity specialists assisted the investigation and confirmed after a manual document review that the unauthorized person potentially accessed names and personal information like Social Security numbers. But data theft is not confirmed by any evidence. As a…

Technology and security consultant Jeremiah Fowler reported that the personal and health data of over 2.5 million patients were compromised on the web. On July 7, 2020, two folders comprising the data were found publicly available over the web and without requiring any passwords to access. An artificial intelligence company called Cense AI hosted the folders marked as “staging data.” Cense AI is a firm that delivers SaaS-based intelligent process automation management solutions. The folders were managed on a similar IP address as the Cense website and were accessible by taking out the port from the IP address, which can…

Health plan Independence Blue Cross in Philadelphia, AmeriHealth Insurance Company and AmeriHealth HMO, Inc of New Jersey learned that unauthorized persons acquired access to web pages on their member sites from March 17, 2020 to April 30, 2020 and possibly saw the private and protected health information (PHI) of a number of plan members. The types of data exposed comprise names, health plan type, member ID numbers, payment account balances, claims details and user reward summaries. According to the breach investigation, the unauthorized person utilized legit credentials to log in to the website. On all occasions, the passwords employed to…

Security researchers often discover misconfigured public cloud databases. Wrong configurations that cause cloud data exposure may be because of insufficient knowledge of cloud security or guidelines, inadequate oversight to track down errors, or negligent conduct by insiders. The latest Trend Micro report pointed out that the top cause of cloud security issues is cloud misconfigurations. Security researchers at Comparitech frequently find unsecured cloud assets, typically Elasticsearch cases and unprotected AWS S3 buckets. Whenever the unprotected cloud databases are identified, security researchers identify the owners and notify them to make sure to secure data quickly. Upon identifying the owners, it usually…

A phishing attack on Overlake Medical Center & Clinics located in Bellevue, WA in December 2019 caused the potential exposure to personal and protected health information (PHI) of 109,000 patients. Overlake Medical Center & Clinics discovered the phishing attack on December 9, 2019 and did a password reset to prohibit unauthorized access. Overlake affirmed the unauthorized access of one email account beginning December 6, 2019 up to December 9 which was the time the Overlake secured the account. There were other email accounts compromised on December 9, however, the attacker only had access for a couple of hours. An examination…

The 2019 Internet Crime Report of the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) was just released. It reveals that cybercrime losses in 2019 maxed $3.5 billion. IC3 got nearly 1,300 per day or 467,361 online and cybercrime complaints. Above 50% of the losses were caused by business email compromise (BEC) attacks, otherwise called email account compromise (EAC). These attacks entail the impersonation of an authorized person or business to acquire finances by means of email. These complex tricks usually start off with a phishing attack on a manager to acquire email login credentials. The hacker then…

The Iowa Department of Human Services informed 4,784 people concerning the potential exposure of their protected health information (PHI) because of improper disposal of documents. On November 25, 2019, a member of the DHS staff put documents containing the Dallas County clients’ PHI together within the regular garbage dumpster. The staff should have shredded the documents before disposal. DHS was late in discovering the improper disposal as the dumpster had been emptied already. The incident investigators learned that the custodial employee who disposed of the records wasn’t aware that the documents contained confidential information. It was not possible to determine…

TechCrunch researchers found a security error on a website that LabCorp is using for hosting its internal customer relationship management system. Though the system comes with password protection, the researchers discovered an error in the back-end system and exposing patient records. The error made possible patient data access even with no security password and search engines have indexed the web URL. Google had cached just one document that contains a patient’s health data. However, the researchers were able to see other patient records with health data just by modifying the document number in the web URL. The researchers examined sample…

Alomere Health in Alexandria, MN encountered a phishing attack that allowed unauthorized persons potential access to the protected health information (PHI) of more or less 50,000 patients. After becoming aware of the phishing attack on November 6, 2019, the healthcare provider conducted an internal investigation that revealed the account was accessed by unauthorized persons from October 31 until November 1, 2019. The computer forensics company that investigated the breach revealed on November 10, 2019 that a second email account compromise occurred on November 6. After a detailed examination of the compromised accounts, it was confirmed by the investigators that selected…

A phishing attack on Conway Medical Center in South Carolina resulted in the access of the email accounts of several employees by unauthorized people. Conway Medical Center became aware of the phishing attack on October 7, 2019 and immediately secured the employee’s email accounts to block the further access of unauthorized individuals. Third party cybersecurity specialists looked into the breach to confirm patient data access or theft. According to the investigators, the email accounts were first compromised on or before July 2019. It was only on November 20, 2019 that the investigators confirmed the exposure of the protected health information…

Aegis Medical Group, a Florida-based physician group, started notifying 9,800 patients that a former employee potentially accessed their protected health information (PHI). Purportedly, that individual offered the patient data for sale to third parties that were supposedly involved in identity theft and fraud. The law enforcement told about the employee’s action to Aegis Medical Group on September 11, 2019. The investigators confirmed the employee’s attempt to sell off two patients’ data. The physician network together with law enforcement discovered that the employee probably accessed approximately 9,800 patients’ information from July 24, 2019 up to September 9, 2019. The patient records…

Medtronic identified six vulnerabilities in the Medtronic Valleylab energy platform and electrosurgery products that include one critical vulnerability that an attacker can exploit to access the Valleylab Energy platform and view/overwrite data files and remotely implement arbitrary code. Medtronic already sent notifications about the identified vulnerabilities to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency considering its responsible vulnerability disclosure policy. The following Medtronic Valleylab products have been found to have four vulnerabilities: Valleylab Exchange Client, Version 3.4 and earlier versions Valleylab FX8 Energy Platform (VLFX8GEN) software Version 1.1.0 and earlier versions Valleylab FT10 Energy Platform (VLFT10GEN) software…

Family members of the late Dr Ulrich Klopfer have discovered fetal remains at his home in Illinois.  Dr Klopfer operated three abortion clinics in Indiana until 2015 when his license was suspended due to failure to comply with state laws. The violations included failure to report cases of the rape of a minor following an abortion procedure, violations of state waiting periods, and improper record keeping. Indiana Attorney General Hill described Dr Klopfer as “one of the most notorious abortionists in the history of Indiana” with “a record of deplorable conditions and violations of regulatory controls.” Dr Klopfer had his…

The Hospice of San Joaquin in Stockton, California, is in the process of notifying patients that their protected health information may have been compromised in a recent security incident. On July 2, 2019, at 12:50 pm, hackers installed malware on the hospice’s network. The network included servers used to store the protected health information of 13,000 patients.  In the breach notification posted on their website, the hospice stated: ‘we do not believe, or have any indication patient or staff information has been utilized, disseminated or disclosed to unauthorized parties.’ The server contained patient information such as their full name, home…

Premera Blue Cross has agreed to a $10 million settlement to resolve lawsuit involving 30 state attorneys general for a 2014 data breach which compromised 10.4 million records. A hacker compromised Premera Health’s network on May 5, 2014, and had access until March 6, 2015. During this time, the hacker could access highly sensitive plan member information such as names, contact information, dates of birth, member ID numbers, and Social Security numbers. Premera Health record’s included information on individuals from Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada,…

Turlock Irrigation District in California are notifying members of their employer-sponsored health plan that an error at a business associate has resulted in some of their protected health information (PHI) being exposed. The business associate, Delta Health Systems (DHS), provides administrative services related to Turlock Irrigation District’s health plan. As such, it requires access to employee protected health information and is required by HIPAA to protect the integrity and confidentiality of this information.  However, due to an error made by a third-party website developer, some employee information was made accessible through a link on DHS’s website. While the website had…

Centura Health has revealed that an email security incident has resulted in the protected health information (PHI) of 7,515 patients being compromised. Centura Health, based in Centennial, Colorado, discovered the breach on April 16, 2019. IT security staff immediately took steps to secure the account and revoke unauthorised access. An investigation was launched into the incident to determine the extent of the breach and how the hacker gained access to the account. The investigation concluded that the hacker may have been able to access emails and email attachments during the window in which they had access to the account. However,…

Avanan has released a study indicating that a quarter of all phishing emails bypass Microsoft Office 365’s default anti-phishing protections. Avanan, a cloud security platform provider, conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). They discovered that the software categorised a quarter of phishing emails sent as ‘non-malicious’, and allowed them to arrive in user inboxes. A  further 5.3% of emails were delivered as they had been whitelisted, meaning the phishing emails couldn’t be blocked. EOP works by scanning emails for malware, signatures of spam, and checking if the sender…

Mimecast has released a report showing that there has been a 126% increase in the number of emails containing malicious URLs between August 2018 and February 2019. Mimecast, a company specialising in cloud-based email management, surveyed to ascertain workplace awareness of cybersecurity issues. The report was based on an analysis of 28.4 million emails that had been marked as ‘safe’ by security filters on email inboxes. These filters failed in nearly 17% of cases, as the researchers discovered 460,000 emails that contained malicious links but had made it past the email security solutions.  Previous reports suggest that the average office…

Hackers have launched a new GandCrab ransomware campaign targeting managed service providers (MSPs) and IT support companies. GandCrab ransomware is a popular variant of ransomware. It became popular for hackers to utilise as Ransomware-as-a-Service (Raas). RaaS allows even novice cybercriminals to launch ransomware campaigns and earn commission for the use of this ransomware. MSPs are often used by small and medium businesses (SMBs) that have insufficient resources to create and manage their cybersecurity frameworks. MSPs perform a range of functions such as patching, performing software updates, proactively finding security issues, and correcting problems in networks. As MSPs work remotely, SMBs…

The Department of Defence (DoD) Office of Inspector General (OIG) has released a report revealing that the Defense Health Agency (DHA) failed to implement security protocols consistently. This failing resulted in failings to protect against the unauthorised accessing of systems that stored, processed, and transmitted electronic health records and other sensitive patient information. The DoD OIG Report – DoDIG-2017-085, “Protection of Electronic Patient Health Information at Army Military Treatment Facilities” details the failings and includes suggestions made by OIG to improve the system. The DoD OIG found that Common Access Cards (CACs) were not used to access three DoD EHR…

A cybersecurity consultant has identified a new Microsoft Office 365 phishing attack that fools unsuspecting users into entering their Office 365 account details into a fake website. Phishing attacks are attempts made by cybercriminals to obtain sensitive information such as passwords or credit card details from a victim by pretending to be a reputable organisation via electronic communication channels. Often conducted through emails, the messages look surprisingly legitimate, and often direct the victim to a website which is a convincing copy of the genuine site. The only noticeable difference between the two web pages may be the URL, which ignorant…

November 13 2018 marked Microsoft’s November Patch Tuesday. The day saw the release of patches and security updates for Windows, Internet Explorer, Edge, and other Microsoft products. In total, 64 vulnerabilities were addressed across the range of Microsoft products. There were 12 vulnerabilities which were considered “critical” by developers. The updates are hoped to protect Microsoft devices against malware attacks, which are becoming increasingly prevalent.   The 12 critical vulnerabilities could allow hackers to execute malicious code and take full control of a vulnerable device. The majority of the critical vulnerabilities are in the Chakra Scripting Engine, which account for…

UPMC Susquehanna is a linkage of medical centers and the hospitals in Muncy, Pennsylvania and Williamsport Wellsboro. UPMC declared that 200 patients PHI has been checked and accessed by illegal individuals. It is believed that the access to PHI is gained when an employee of the organization answered phishing email. Although the date of the incident has not been highlighted yet. According to UPMC Susquehanna the breach was discovered on 21ts September when the worker of the organization highlighted doubtful activities on the device. According to the investigation process, the illegal individual got access to the information using the employee’s…

The PHI (Protected health information) of members (932) of Children Health Plan has been emailed to the personal account of prior employee. This instance happened on 21, Sep 2017, although, the employee sent the data in November or December 2016. These emails were found during a daily review analysis. The Texas Children’s Health Plan immediately took action to the attack and responded to minimize the risk too.  In order to prevent such problems in future, the Health Plan also implemented the Insurance plan. Additionally, all the workers have been retrained for the HIPAA rules and the hospital policies. Although, the…

A virus named Trojan horse virus has been discovered on two devices that have been used by the Health and Social Services department. This virus access and steals the information stored on laptops. “HIPAA revealed of 500 plus individuals”, the statement was highlighted by Katie Marquette who is the communication director is Alaska DHSS. Currently, the right number of the people affected has not be discovered. Complete analysis of the affected devices has been conducted that disclosed the attackers. According to the analysis, the trackers are present in Western area, may access the important and sensitive information like reports and…

Among all the identified healthcare breaches, the phishing attack is one of the major threats to the privacy of PHI. A few weeks ago, different healthcare companies announced email accounts with the PHI of 1000s of patients has been stolen by different people. On the basis of which, the healthcare employees are answering the phishing emails. The reports highlighted the increase in Phishing attacks with Malicious URLs This week a new report has been released and this report shows that there is a major increase in the malicious emails in past few months. A Quarterly threat article from Proofpoint highlighted…

Every month the Department of Veteran Affairs publishes an answer to the committee on the data security experiences encountered by VA offices through the span of the month. PHI disclosures expanded extensively in April, with 2,105 experts’ PHI being incidentally unveiled. Altogether, 2556 veterans were influenced by data security occurrences in April, bringing about the VA sending 1,690 break notice letters. Because of the moderately high danger of abuse of information, 866 experts were proposed credit insurance administrations. There were 39 lost and stolen equipment episodes in April and the lost PIV cards tumbled from 172 to 128 and 146…

For the second time in its history, OCR has requested a HIPAA-secured element to pay fines for HIPAA infringement. Lincare Inc. is expected to fund $239,800 for infringement of the HIPAA Privacy Rule which was found amid the examination of a criticism about a rupture of 278 client records. HIPAA Privacy Rule Infringement Revealed by OCR Lincare Inc. runs approximately 850 drugstores all through the United States, giving therapeutic gear and respiratory care to patients at its offices. An objection was recorded with OCR about a Lincare representative who left archives holding the PHI of 278 subjects at one of…

Civil Rights Administrator made an announcement affirming that an understanding has been come to with Adult and Pediatric Dermatology, the inadvertent exposure of around 2,200 people on the theft of a hard drive from the auto of a middle’s workers that contained patient information without encryption, which means anybody possessing the capacity gadget can explore the information it contained and it has not yet found. OCR imposed a fine on dermatology center $150,000 for negligence and requested the facility for full hazard investigation to recognize any residual protection and safety protection in future. It was first time that OCR has…

A programmer approached the database and copied the data of 4.5 million people as reported by UCLA (University of California, Los Angeles Health System) that has 4 hospitals and 150 departments. Any individual who had treatment in the previous 25 years could be influenced and workers were accepted to having had their information uncovered. The information included entire data except financial information. Doubtful Web server activity in 2014(September) In October, the wellbeing framework’s system cautions but programmers obtained approach to company’s web servers in 2014 (September).The “suspicious action” was accounted and organization stated that around then, it didn’t give the…

Connecticut ruptures notice legislation have been refreshed. Substitute Bill and Act acquainted various changes with enhance security and viability that influence all who work together with particular changes. One of the real changes concerns harms and hazard relief after an information break. All organizations and people working together should now give credit checking administrations to casualties for one year. Meaning of “secret data” differs from country to country. It comprehensively takes after the meanings  in HIPAA, but in this organization it particularly alludes to; Name, Mother’s original last name, Standardized savings number, Worker ID number, Business or citizen ID number,…

A programmer has penetrated the mail record of a local wellbeing framework and conceivably has gotten the by and by identifiable data and 14,000 people’s information as indicated by Sacred Heart Health System. The security episode was caused when a representative of the Business partner had their record username and secret key traded off in an “email hacking assault”; apparently a phishing effort. Lately programmers have effectively utilized strategies on various events to acquire client login points of interest. Messages were sent to doctor’s facility representatives that firmly impersonate require login subtle elements t. The clients are tricked into uncovering…

As indicated by a report the programmers had effectively penetrated PC frameworks of Dental Hospital, and gotten to the records of more than 151,000 people. The organization had 30 facilities in all over the country. It found that programmers had accessed its inner PC frameworks and patient’s database within three days in 2015. As per Rule Dental Hospital had executed a framework which observed approach to the information. Approach to the information was rapidly closed down. No budgetary data were uncovered in the episode as this data was put away in a different database. Coverage of data concerns with dental…

As indicated by a report, an attendant from Florida, Lee County is charged to access Secured Clinical Data from a medical center and blamed for getting to and utilizing secured information and utilizing that data to open Visa accounts and dupe no less than 8 patients. The lady got deceitful Master card reports by utilizing quiet names and information and bought gift vouchers, electronic gadgets and made costly repairing of vehicle. Under directions, the charges recorded against her for the malefactor utilization of individual data and abuse. In accommodation when mind is given, recognition of dishonorable utilization of Information and…

Locating to the human services information of patients without approval is restricted under HIPAA enactment, and the divulgence of this data to an outsider is a criminal issue. The offense conveys a correctional facility term of up to 10 years notwithstanding the greatest fine of $500,000 if the revelation is made for individual pick up. One of the most recent cases of the wrongful revelation of separately identifiable wellbeing data originates from the Eastern District of Texas where previous Longview inhabitant, Joshua Hippler, 30 have been indicted this offense and condemned to serve a year and a half in prison….

Rady Children’s Hospital did a great effort to secure data from hackers but by a minor mistake of a staff member 14,121-record HIPAA breached that provided 6 job applicants with its patient’s genuine data. Breach of HIPPA privacy rule occurred when de-recognized data were given to candidates that included all information of patient except money related, Social Security number and guardian’s name and this breach influenced the patients who had treatment between July 1, 2012 and June 30, 2013. A spreadsheet of information was sent through email to candidates that is an unreliable. Mail was sent to four administrative position…

On 15th July, four data enrich laptops were stolen from advocate medical group. Due to this high disaster, Mammoth suffers huge difficulty in patient’s records. Laptops were unencrypted and breaches of HIPAA security occur that is why they are under great loss. 4 million patients record are exposed publically which is not a short range. This is the second largest disaster ever in the history. Data in the laptops include personnel name, addresses, phone number, and date of birth and several clinical records of patient. These all information is highly sensitive which are exposed publically due to HIPAA breaches. The…

Due to HIPAA breaches, huge blunders occur. In Texas health hospital, large amount of patient data are exposed due to security issues. This is because they did not follow the HIPAA rules due to which violation occur. 277K patients are suffered due to this breach. They are notifying to all affected patients who are under this and taking serious action so that risk can be eliminated. The major reason of this cause is that they disclosed the PHI. Leakage of data includes patient ID, address, Date of birth, telephone No, past record and Tracking ID. They are the primary attributes…

A previous IT Manager of Community Fitness Center, Connecticut has claimed that the social insurance supplier neglected to address various security problems and his business was ended because of featuring those issues to the higher administration. Moreover, when the manager was sent his own effects that contained a PC hard drive which contained roughly 130, 000 medicinal records of present and previous consumers of the Middletown center that has been given to the state and the Attorney General’s Office. Group Health Center works 13 facilities in the Middletown zone including medicinal and dental focuses with concentrated administer to HIV/AIDS sufferers….

An article that is publicizing in LA epoch begins with a list of events that concluded in Shasta Regional Medical Center (SRMC) concurring to an adjustment of $275K violation of HIPAA privacy policy and standards. All the entities in privacy rules as well as employees and various business contacts from exposing health record of thousands of patients to illegal personnel. There is misgiving that rules are neither being adopted by HHS Office leads an inquiry and acceptance review. The two senior leaders in Shasta Regional Medical Center talked to media and publicize the news about patient records which is a…

A course action claim alleges that IRS disrupted HIPAA rules when causes detained 60 million secret and personal condition archives linking to 10M American entities. The lawsuit is filed by a healthcare benefactor – that requests to stay anonymous – beside the IRS as well as 15 of its managers who remained unmentioned. The lawsuit is being documented with the accuser asserting the IRS ruptured HIPAA directions and unlawfully held 60 million individual health histories when the security permitted just access the monetary information of one person. The episode happened on March 11, in the year 2011, after the IRS…

United HomeCare Services had been tirelessly executing arrangements to secure the PHI of its clients. Updating information safety standards can take some time, and keeping in mind that computers had been programmed for information encryption a few gadgets just utilized secret key protection to secure the information. On January 8, 2013, a supervisor at the hospital returned home with a laptop which she was allowed to take away from the office. In transit home from the hospital the worker made a visit to a companion who was sick. She cleared out the laptop on the front seat of the vehicle,…

Social insurance associations can take the essential measures to shield their PC systems from focused assaults by programmers; nonetheless one of the greatest dangers to information security originates from cell phones, for example, phones, and versatile stockpiling gadgets, for example, outside hard drives and memory sticks. Tablets and other cell phones have moved toward becoming as fundamental in the human services industry as they have progressed toward becoming to current life. Doctors and human services experts can enhance the administration gave to patients. As helpful as they may be, extraordinary care must be taken to keep the gadgets secure. Information encryption…

A penalty of $1.5 million from the Office for Civil Rights is a long way from imaginary; in any case, the aggregate cost of adjusting HIPAA issues and tending to all security issues can be significantly higher than the cost of the fine, as Blue Cross Blue Shield of Tennessee as of late found. The safety net provider was the business’ initially organization to get a fine to violate the HIPAA and was issued the most extreme punishment of $1.5M for the monster information rupture that uncovered the Protected Health Information of over a million of its policyholders in 2009….