The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint cybersecurity advisory about Cuba Ransomware and have shared details of the tactics, techniques, and procedures (TTPs) used by the group, along with Indicators of Compromise (IoCs) to help network defenders improve their defenses against attacks and rapidly… Read More »
CommonSpirit Health has provided an update on its October 2022 ransomware attack and has confirmed that the threat actors behind the attack accessed files containing patient information. The attack was detected by CommonSpirit Health on October 2, 2022, and action was immediately taken to secure its network. While the attack caused disruption at its healthcare… Read More »
San Juan Regional Medical Center (SJRMC) in Farmington, New Mexico, has proposed a settlement to resolve a class action lawsuit filed in response to a September 2020 data breach that affected 68,792 patients. On September 8, 2020, hackers gained access to the SJRMC network and exfiltrated files that contained patient information such as names, dates… Read More »
LastPass has confirmed that hackers have gained access to a third-party cloud storage service that contained customer data, although no user passwords were compromised. The hacking incident is linked to the security breach that occurred in August 2022. In August, a hacker successfully compromised a developer account that provided access to the LastPass developer environment.… Read More »
The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites, web applications, and mobile apps without a business associate agreement (BAA) is a HIPAA violation if the tracking technology collects and transmits individually identifiable health information. Even with a BAA in place, the use of… Read More »
Health Care Management Solutions LLC, a West Virginia-based consulting company focused on improving care quality for vulnerable populations including veterans, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 500,000 individuals. Little is currently known about the data breach as the company has yet to publicly… Read More »
One Brooklyn Health System is currently dealing with a cyberattack that has caused disruption at its three hospitals – Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. Little information has been released about the attack so far, which is believed to have occurred on or just before November 19. That was… Read More »
There was a slight downturn in ransomware attacks in Q3, although it is too early to tell if that downward trend will continue. Even with the reduction in attacks, ransomware is still the biggest cyber threat faced by organizations, and the attacks are among the costliest cybersecurity incidents to mitigate. Attacks on the healthcare industry… Read More »
Connexin Software Inc., which provides electronic medical records and practice management software (Office Practicum) to pediatric physician practice groups has recently confirmed that it was the victim of a cyberattack in which an unauthorized third party gained access to its internal computer network. While the electronic medical record system was not accessed in the attack,… Read More »
HIPAA Journal is conducting interviews with healthcare professionals and service providers to find out more about their compliance journeys, how the HIPAA Rules have affected their working lives, and the successes and challenges they have faced with HIPAA compliance. John Jessop, MHA, CISSP, CHPS, HCISPP, CISA, CMPE, Sr. Director, HIPAA Security & Regulatory Compliance, PPFA… Read More »