A class action lawsuit filed against West Virginia University Health System over a breach of the protected health information of 7,445 patients has had the class certification order lifted by the Supreme Court of Appeals of West Virginia. The lawsuit is related to an insider data breach that occurred in 2016. Between March 2016 and… Read More »
A former employee of Huntington Hospital in New York has been charged with a criminal HIPAA violation over the unauthorized accessing of 13,000 patient records. The employee worked the night shift at the hospital impermissibly accessed the medical records of patients between October 2018 and February 2019. The types of information viewed by the employee included… Read More »
Retinal Consultants Medical Group, ACE Surgical Supply, and Three Rivers Regional Commission have recently reported cyberattacks in which the protected health information of patients may have been obtained by unauthorized individuals. Retinal Consultants Medical Group Hacking Incident Affects 11,603 Patients Vitreo-Retinal Medical Group Inc., dba Retinal Consultants Medical Group, says it was the victim of… Read More »
The Health Insurance Portability and Accountability Act requires HIPAA-covered entities and their business associates to complete a risk assessment to identify all risks to the confidentiality, integrity, and availability of ePHI. Not only is a risk assessment required for compliance, it allows organizations to identify and address risks before they can be exploited, thus helping… Read More »
Perkasie, PA-based TriValley Primary Care has started notifying 57,596 patients that some of their personal and protected health information has potentially been compromised. Suspicious activity was detected in its IT environment on October 11, 2021. Steps were immediately taken to secure its systems and prevent further unauthorized access, and third-party forensic experts were engaged to… Read More »
The Albuquerque, NM-based health insurance agency True Health New Mexico has started notifying certain health plan members about the exposure and potential theft of some of their protected health information. A data security incident was detected on October 5, 2021, and steps were immediately taken to secure its IT systems. The internal incident response team… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned organizations in the United States about the increased risk of cyberattacks over Thanksgiving weekend. Cyber threat actors are often at their most active during holidays and weekends, as there are likely to be fewer IT and security employees available… Read More »
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief warning the healthcare and public health sector about an increase in financially motivated zero-day attacks, outlining mitigation tactics that should be adopted to reduce risk to a low and acceptable level. A zero-day attack leverages a vulnerability for which a patch has… Read More »
October saw 59 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights, which represents a 25.5% increase from September. Over the past 12 months, from November 2020 to October 2021, there have been 655 reported breaches of 500 or more records, 546 of… Read More »
Five vulnerabilities have been identified that affect the IntelliBridge EC 40 and EC 80 Hub, Philips Patient Information Center iX, and Efficia CM series patient monitors. IntelliBride EC 40 and EC 80 Hub Two vulnerabilities have been identified that affect C.00.04 and prior versions of the IntelliBridge EC 40 and EC 80 Hub. Successful exploitation of… Read More »