Author Archives: Blog HIPAA

LuxSci, the Massachusetts-based provider of HIPAA-compliant email communications services, has announced it has achieved HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is a comprehensive, certifiable framework for organizations that create, access, store, or transmit sensitive and regulated data.  The HITRUST CSF consists of a prescriptive set of scalable controls that confirm to multiple… Read More »

Earlier this year, HIPAA Journal readers were invited to take part in the 2020 Healthcare Emergency Preparedness and Security Trends Survey conducted by Rave Mobile Safety. On November 12, 2020, Rave Mobile Safety will be hosting a webinar in which the findings of the survey will be revealed. The survey was conducted on 295 healthcare… Read More »

The FDA has approved a new rubric designed by the MITRE Corporation for assigning Common Vulnerability Scoring System (CVSS) scores to medical device vulnerabilities. The CVSS was designed for assigning scores to vulnerabilities in IT systems according to their severity, and while the system works well for many IT systems, it is less well suited… Read More »

Several vulnerabilities have recently been identified in B. Braun products used by healthcare organizations in the United States. B.Braun OnlineSuite Three vulnerabilities have been identified in B. Braun OnlineSuite, a clinical IT solution for creating and sending drug libraries and managing infusion devices and other medical equipment. If exploited, an attacker could escalate privileges, upload… Read More »

September has been a bad month for data breaches. 95 data breaches of 500 or more records were reported by HIPAA-covered entities and business associates in September – A 156.75% increase compared to August 2020. Not only did September see a massive increase in reported data breaches, the number of records exposed also increased significantly.… Read More »

The U.S. Department of Justice has announced 6 Russian hackers have been indicted for their role in the 2017 NotPetya malware attacks and a long list of offensive cyber campaigns on multiple targets in the United States and other countries. The six individuals are suspected members of the GRU: Russia’s Main Intelligence Directorate, specifically GRU… Read More »

Michigan-based Dickinson County Health has suffered a malware attack that has taken its EHR system offline. The attack has forced the health system to adopt EHR downtime procedures and record patient data using pen and paper. The attack commenced on October 17, 2020 and disrupted computer systems at all its clinics and hospitals in Michigan… Read More »

The UK National Cyber Security Centre (NCSC) has recently issued a security alert advising organizations to patch a serious remote code execution vulnerability in Microsoft SharePoint. The DHS Cybersecurity and infrastructure Security Agency is also urging organizations to patch the flaw promptly to prevent exploitation. The vulnerability, tracked as CVE-2020-16952, is due to the failure… Read More »

Comparitech security researcher Bob Diachenko has discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications vendor Broadvoice that contained the records of more than 350 million customers. The exposed Elasticsearch cluster was discovered on October 1, 2020, the day the database cluster was indexed by the Shodan.io search engine. The… Read More »

The Iran-based hacking group known as Silent Librarian – aka Cobalt Dickens and TA407 – has recommenced spear phishing attacks on universities in the United States and around the world. The hacking group has been conducting attacks since 2013 to gain access to login credentials and steal intellectual property and research data. Credentials and data… Read More »