A vulnerability has been identified in the Philips IntelliBridge EC40/80 hub which could allow an attacker to gain access to the hub and execute software, modify files, change the system configuration, and gain access to identifiable patient information. Philips IntelliBridge EC40/80 hubs are used to transfer medical device data from one format to another, based… Read More »
An AWS S3 storage bucket belonging to Sunshine Behavioral Health, LLC, a San Juan Capistrano, CA-based network of drug and alcohol addiction rehabilitation centers, has been misconfigured, resulting in the exposure of sensitive patient information. The misconfigured AWS S3 bucket was initially reported to databreaches.net in August 2019. Sunshine Behavioral Health was contacted and the… Read More »
The Department of Health and Human Services’ Office for Civil Rights is cracking down on noncompliance with the HIPAA Right of Access and for good reason. A recent report from Ciitizen has revealed more than half of healthcare providers (51%) are not fully compliant with this aspect of HIPAA. This is the second such report… Read More »
University of North Carolina Chapel Hill School of Medicine has experienced a phishing attack in which the protected health information of 3,716 patients has potentially been accessed by unauthorized individuals. An investigation by third-party forensics experts confirmed that several employee email accounts were compromised between May 17, 2018 and June 18, 2018. It is unclear… Read More »
Main Street Clinical Associates, PA., in Durham, NC has informed certain patients that some of their protected health information was stored on devices that were stolen from its offices. The theft occurred when the Main Street offices had been evacuated due to a severe gas explosion. Staff at the office were ordered to evacuate the… Read More »
The Proofpoint Q3 2019 Threat Report has been released. The report provides insights into the main threats in Q3, 2019 and reveals the changing tactics, techniques, and procedures used by cybercriminals. The data for the report comes from an analysis of more than 5 billion email messages, hundreds of millions of social media posts, and… Read More »
Further healthcare organizations have confirmed they have been affected by a data breach at Magellan Health National Imaging Associates, a business associate of several HIPAA-covered entities that provides managed pharmacy and radiology benefits services. Danville, PA-based Geisinger Health Plan announced last month that 5,848 of its members had been affected by the breach. In the… Read More »
Following a report in the Wall Street Journal, Google has confirmed it is collaborating with one of the largest healthcare systems in the United States, which gives it access to a huge volume of patient data. Google has partnered Ascension, the world’s largest catholic health system and the second largest non-profit health system in the… Read More »
U.S. Senator, Mark. R. Warner (D-VA) has written to the Director of the HHS’ Office for Civil Rights, Roger Severino, expressing concern over the HHS response to the mass exposure of medical images by U.S. healthcare organizations. Sen. Warner is the Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus.… Read More »
Prompt patching, or rather the lack of it, has prompted a fresh round of warnings to patch the BlueKeep vulnerability (CVE-2019-0708) that was exploited in a mass attack that started on October 23. The attack was first detected on November 2, with the delay due to the failure of the attacker to take full advantage… Read More »