Hospital Ransomware Attack Results in Patient Death

Ransomware attacks on hospitals pose a risk to patient safety. File encryption results in essential systems crashing, communication systems are often taken out of action, and clinicians can be prevented from accessing patients’ medical records. Highly disruptive attacks may force hospitals to redirect patients to alternate facilities, which recently happened in a ransomware attack on… Read More »

Vulnerabilities Identified in Philips Clinical Collaboration Platform

5 low- to medium-severity vulnerabilities have been identified in the Philips Clinical Collaboration Platform (Vue PACS). If successfully exploited, an attacker could convince an authorized user to execute unauthorized actions or could result in the disclosure of information that could be used in further attacks. Philips has not received any reports to indicate exploits for… Read More »

CISA/FBI Warn of Targeted Attacks by Iranian Hacking Groups

A hacking group with links to the Iranian government has been observed exploiting several vulnerabilities in attacks on U.S. organizations and government agencies, according to a recent joint cybersecurity advisory released by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The alert closely follows a similar cybersecurity advisory… Read More »

Express Scripts HIPAA-Based Lawsuit Dismissed by Court of Appeals

In 2019, a lawsuit was filed against Express Scripts by five independent pharmacies alleging improper use of patient data in violation of HIPAA. Express Scripts is the largest pharmacy benefits manager in the United States with its own retail pharmacies and pharmacy service. The five pharmacies were part of the Express Scripts network and were… Read More »

HHS Releases Updated Security Risk Assessment Tool

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that a new version of its Security Risk Assessment (SRA) Tool has now been released. The SRA tool was developed by the Office of the National Coordinator for Health Information Technology (ONC) in collaboration with OCR to help small- to medium-sized… Read More »

HIPAA Right of Access Failures Result in Five OCR HIPAA Fines

The Department of Health and Human Services’ Office for Civil Rights has announced five settlements have been reached to resolve HIPAA violations discovered during the investigation of complaints from patients who had experienced problems obtaining a copy of their health records. The HIPAA Privacy Rule gives individuals the right to have timely access to their… Read More »