Health Quest, now part of Nuvance Health, has discovered the phishing attack it experienced in July 2018 was more extensive than previously thought. Several employees were tricked into disclosing their email credentials by phishing emails, which allowed unauthorized individuals to access their accounts. A leading cybersecurity firm was engaged to assist with the investigation and… Read More »
The Portland, ME-based healthcare provider InterMed is notifying 33,000 patients that some of their protected health information has potentially been compromised as a result of a phishing attack. The attack was detected on September 6, 2019. An internal investigation confirmed that the account was compromised on September 4 and the attackers had access to the… Read More »
Microsoft has issued patches for several critical vulnerabilities in all supported Windows versions that require urgent attention to prevent exploitation. While there have been no reports of exploitation of the flaws in the wild, the seriousness of the vulnerabilities and their potential to be weaponized has prompted both the Department of Homeland Security (DHS) and… Read More »
SouthEast Eye Specialist (SEES) Group in Franklin, TN, is notifying 13,000 patients that some of their protected health information has been exposed as a result of a recent phishing attack. It is unclear from the SEES Group’s substitute breach notice when the phishing attack occurred, but on November 1, 2019, SEES Group determined patient information… Read More »
A California healthcare provider was attacked with ransomware and two weeks on and its medical record system is still out of action. Enloe Medical Center in Chico, CA, discovered the attack on January 2, 2020. Its entire network was encrypted, including its electronic medical record (EMR) system, which prevented staff from accessing patient information. Emergency… Read More »
Many group health plan sponsors are not fully compliant with the Health Insurance Portability and Accountability Act Rules, according to a recent survey by the integrated HR and benefits consulting, technology, and administration services firm, Buck. The survey uncovered several areas where group health plan sponsors are noncompliant and revealed many group health plan sponsors… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to Pulse Secure customers urging them to patch the 2019 Pulse Secure VPN vulnerability, CVE-2019-11510. Pulse Secure VPN servers that have not been patched are continuing to be attacked by cybercriminals. The threat actors behind Sodinokibi (REvil) ransomware are targeting unpatched Pulse Secure VPN servers and… Read More »
Microsoft is stopping free support for Windows 7, Windows Server 2008, and Windows Server 2008 R2 on January 14, 2020, meaning no more patches will be released to fix vulnerabilities in the operating systems. Support for Office 2010 has also come to an end. The operating systems will be up to date as of January… Read More »
A Georgia man has been charged over an elaborate scheme to frame an acquaintance for violations of the Health Insurance Portability and Accountability Act (HIPAA) that never occurred. Jeffrey Parker, 43, of Richmond Hill, GA, claimed he was a whistleblower reporting HIPAA violations by a nurse. He reported the violations to the hospital where the… Read More »
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a recently discovered vulnerability in the Citrix Application Delivery Controller and Citrix Gateway web server appliances. Exploitation of the vulnerability – tracked as CVE-2019-19781 – is possible over the internet and can allow remote execution of arbitrary code on… Read More »