University of Pittsburgh Medical Center has agreed to settle a class action data breach lawsuit and will make $450,000 available to cover claims from individuals who have suffered losses due to the theft and misuse of their protected health information. The data breach affected approximately 36,000 patients and saw their protected health information accessed and… Read More »
A lawsuit has been filed against Meta that alleges the social media giant has been knowingly collecting patient data from hospital websites via the Meta Pixel tracking tool, and in doing so has violated the privacy of millions of patients. The lawsuit was filed in the U.S. Northern District of California and alleges violations of… Read More »
PHI of Almost 69,000 Individuals Compromised in Hacking Incident at Comstar Comstar, a Rowley, MA-based provider of ambulance billing, collection, ePCR Hosting, and client/patient services, has discovered an unauthorized third-party gained access to some of its servers which housed files that contained individuals’ personally identifiable and protected health information. Some of those files were confirmed… Read More »
May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in May 2022, which is the highest monthly total this year and well above the 12-month average… Read More »
Hillrom Medical Device Management has announced that two vulnerabilities have been identified in certain Welch Allyn medical devices. If exploited the vulnerabilities could allow an unauthorized attacker to compromise software security by executing commands, gaining privileges, and reading sensitive information while evading detection. The vulnerabilities affect the following Hillrom products: Welch Allyn ELI 380 Resting… Read More »
The HHS’ Health Sector Cybersecurity Coordination Sector (HC3) has published guidance for healthcare organizations to help them improve their cyber posture. Cyber posture is the term given for the overall strength of an organization’s cybersecurity, protocols for predicting and preventing cyber threats, and the ability to continue to operate while responding to cyber threats. To… Read More »
Lake Mary, FL-based Central Florida Inpatient Medicine (CFIM) has recently discovered that the email account of an employee has been accessed by an unauthorized individual, who may have viewed emails and files containing patients’ protected health information. The substitute breach notice states that CFIM learned that the email account contained sensitive patient data on May… Read More »
Healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities that come into contact with protected health information (PHI) are required to ensure policies, processes, and people are compliant with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). Ensuring you have a good security posture is an important part of… Read More »
A new bill has been introduced by Sen. Elizabeth Warren (D-MA) that seeks to ban data brokers from selling the health and location data of Americans. The bill, The Health and Location Data Protection Act, was co-sponsored by Sens. Ron Wyden (D-OR), Chair of the Senate Finance Committee; Patty Murray (D-WA), Chair of the Senate… Read More »
A bipartisan bill – The Strengthening Cybersecurity for Medical Devices Act – has been introduced which calls for the U.S. Food and Drug Administration (FDA) to review and update its guidelines on medical device cybersecurity more frequently to ensure devices are protected from potential hacking and cyberattacks. The bill, introduced by Sen. Jacky Rosen (D-NV)… Read More »