Almost 190,000 Patients Affected by Roper St. Francis Healthcare Phishing Attack

Roper St. Francis Healthcare has notified 189,761 patients that some of their protected health information was contained in employee email accounts that were accessed by an unauthorized individual. The email security breach was detected in late October 2020, and the subsequent investigation revealed three email accounts were compromised between October 14 and October 29, 2020.… Read More »

Rady Children’s Hospital Facing Class Action Lawsuit over Blackbaud Ransomware Attack

In May 2020, the cloud software company Blackbaud suffered a ransomware attack. As is common in human operated ransomware attacks, data was exfiltrated prior to file encryption. Some of the stolen data included the fundraising databases of its healthcare clients. One of the affected healthcare providers was Rady Children’s Hospital-San Diego, the largest children’s hospital… Read More »

FBI Issues Warning Following Spike in Vishing Attacks

Many data breaches start with a phishing email, but credential phishing can also occur via other communication channels such as instant messaging platforms or SMS messages. One often overlooked way for credentials to be obtained is phishing over the telephone. These phishing attacks, termed vishing, can give attackers the credentials they need to gain access… Read More »

Study Indicates Majority of EHR Vendors are Engaging in Information Blocking Practices

Information blocking by electronic health record (EHR) vendors is still highly prevalent, despite recent policymaking that prohibits information blocking practices, according to a recent study published in the Journal of the American Medical Informatics Association (JAMIA). To identify the extent of the problem, the researchers conducted a national survey of health information exchange organizations (HIEs).… Read More »

Micky Tripathi and Robinsue Frohboese Head ONC and OCR at the HHS

The Biden administration has appointed Micky Tripathi as the National Coordinator for Health IT at the Department of Health and Human Services’ Office. Tripathi will head the Office of the National Coordinator for Health IT, which is tasked with coordinating efforts to implement advanced health information technology to ensure the secure exchange of health information.… Read More »

HIPAA Enforcement by State Attorneys General

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Health Insurance Portability and Accountability Act Rules. The Health Information Technology for Clinical and Economic Health (HITECH) Act gave state attorneys general the authority… Read More »

Data Breaches Reported by Gainwell Technologies, TaylorMade Diagnostics, and Mattapan Community Health Center

Gainwell Technologies has discovered unauthorized individuals have potentially accessed the information of certain participants of Wisconsin’s Medicaid program, which was stored in emails and email attachments in a compromised account. Access to the email account was first gained on October 29, 2020 and continued until November 16, 2020. The account contained information such as names,… Read More »

OCR Announces Enforcement Discretion Regarding Use of Online or Web-based Scheduling Applications for COVID-19 Vaccination Appointments

The Department of Health and Human Services’ Office for Civil Rights has announced it will be exercising enforcement discretion and will not impose financial penalties on HIPAA-covered entities or their business associates for violations of the HIPAA Rules in connection with the good faith use of online or web-based scheduling applications (WBSAs) for scheduling individual… Read More »