On October 2020 Patch Tuesday, Microsoft released a patch to correct a critical remove code execution vulnerability in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The flaw concerns how the TCP/IP stack handles Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. The flaw was assigned a CVSS v3 score of 9.8 out of… Read More »
Compliancy Group has announced that NeuronUP has demonstrated its good faith effort toward HIPAA compliance and has met all requirements of the Health Insurance Portability and Accountability Act’s Rules. NeuronUP is a 3-in-1 tool developed to help save neurorehabilitation specialists time in a clinical setting. The tool uses an online library of over 10,000 digital… Read More »
Piedmont Cancer Institute (PCI) in Atlanta, GA is notifying 5,226 patients that some of their protected health information may have been viewed or obtained by an unauthorized individual who gained access to the email account of one of its employees. Assisted by a third-party cybersecurity firm, PCI determined the email account was compromised for more… Read More »
Universal Health Services has confirmed that all 250 of its hospitals in the United States are back up and running after a suspected ransomware attack that knocked out its systems for 3 weeks. The attack started on or around September 27, 2020. All systems were brought back online by October 12. An update was posted… Read More »
A joint advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warning about sophisticated advanced persistent threat actors chaining exploits for multiple vulnerabilities in cyberattacks against federal and state, local, tribal, and territorial (SLTT) government networks, critical infrastructure, and election support systems. While there have been successful… Read More »
Legacy Community Health Services in Texas is alerting 228,009 patients about a data breach involving some of their protected health information (PHI). The PHI was stored in an email account that was accessed by an unauthorized individual. The breach was detected on July 29, 2020, one day after an employee responded to a phishing email… Read More »
The HHS’ Office for Civil Rights (OCR) is continuing its crackdown on healthcare providers that are not fully complying with the HIPAA right of access. Last week, OCR announced its ninth enforcement action against a HIPAA-covered entity for the failure to provide patients with timely access to their medical records at a reasonable cost. HIPAA… Read More »
Franklin, TN-based Community Health Systems and its subsidiary CHSPCS LLC have settled a multi-state action with 28 state attorneys general for $5 million. A joint investigation, led by Tennessee Attorney General Herbert H. Slatery III, was launched following a breach of the protected health information (PHI) of 6.1 million individuals in 2014. At the time… Read More »
Mayo Clinic has started notifying more than 1,600 patients that some of their protected health information has been viewed by a former employee without authorization. Mayo Clinic confirmed on August 5, 2020 that a licensed health care professional had accessed the records of patients when there was no legitimate reason for doing so. The employee… Read More »
The Department of Health and Human Services’ Office for Civil Rights has announced its 12th HIPAA penalty of 2020 and its 8th under the HIPAA Right of Access enforcement initiative that was launched in 2019. The $160,000 settlement is the largest HIPAA penalty to date for a failure to provide an individual with timely access to… Read More »