The number of individuals affected by a ransomware attack on St. Cloud-based Netgain Technology LLC has increased, with a further 210,000 individuals now known to have been affected. Netgain Technology provides IT and technology services to several entities in the healthcare industry, including the medical practice management company Woodcreek Provider Service in Washington. Ramsey County… Read More »
A phishing attack on Saint Alphonsus Health System in Boise, ID has resulted in the exposure of patient information and has also impacted patients of Saint Agnes Medical Center in Fresno, CA. Saint Alphonsus identified unusual activity in an employee’s email account on January 6, 2021. The account was immediately secured, and an investigation was… Read More »
Changes to the HIPAA Rules are infrequent, so when updates are proposed they tend to include a slew of new requirements and updates to existing provisions. Before any updates are made, a request for information (RFI) is issued to allow the HHS to obtain feedback on aspects of the HIPAA Rules that are causing problems,… Read More »
On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Bonnie Watson Coleman (D-New Jersey) and Mikie Sherrill (D-New Jersey) wrote a letter urging the Federal Trade Commission (FTC) to start enforcing the Health Breach Notification Rule. The Federal Trade Commission (FTC) has a mandate to protect Americans from bad actors that betray consumer… Read More »
This week, the Arizona Supreme Court revived a HIPAA violation lawsuit filed by a Phoenix man over a privacy violation by a pharmacy employee related to an erectile dysfunction medication prescription. Greg Shepherd, 50, had visited his doctor for a routine medical appointment in January 2016 and his doctor provided him with a erectile dysfunction… Read More »
The Virginia Consumer Data Protection Act (CDPA) has been signed into law by Governor Ralph Northam. CDPA requires persons conducting business in the Commonwealth of Virginia to comply with new data privacy and security requirements. The CDPA comes into effect on January 1, 2023. The CDPA mirrors some of the privacy and security provisions of… Read More »
Humana has discovered an employee of a subcontractor of a business associate impermissibly disclosed the protected health information of approximately 65,000 of its members to a third-party for training purposes. Cotiviti was contracted by Humana to provide assistance requesting medical records and used a subcontractor to review the requested medical records. Under HIPAA, subcontractors used… Read More »
Elara Caring, one the largest providers of home-based healthcare services in the United States, has suffered a phishing attack that has impacted more than 100,000 patients. In mid-December, suspicious activity was identified in some employee email accounts. Prompt action was taken to secure the accounts to prevent further unauthorized access and a third-party security firm… Read More »
2020 saw cyberattacks on healthcare organizations increase significantly. While large healthcare organizations are being targeted by Advanced Persistent Threat (APT) groups and ransomware gangs, there has also been a marked increase in attacks on small- to medium-sized healthcare organizations. A cyberattack on a large healthcare organization could allow the hackers to steal large quantities of… Read More »
The Sierra Vista, AZ-based ophthalmology and optometry provider Cochise Eye and Laser experienced a ransomware attack on January 13, 2021 that resulted in the encryption of its patient scheduling and billing software. The attack prevented Cochise Eye and Laser from accessing any data in its scheduling system. Eye care services continued to be provided to… Read More »