Compliancy Group has announced that Miiskin has taken all necessary steps to prove its good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA) Rules. Miiskin is an app and teledermatology platform provider whose solution is currently used by more than 500,000 individuals around the world to track skin changes.… Read More »

Prestera Center for Mental Health Services, the largest behavioral health services provider in West Virginia, has discovered an unauthorized individual potentially accessed the protected health information of a small percentage of its current and former patients. An unauthorized individual gained access to Prestera Center’s business email environment which contained protected health information such as patient… Read More »

Compliancy Group has confirmed that Warwick, Rhode Island-based Brightside Behavioral Health has implemented an effective HIPAA compliance program. Brightside Behavioral Health provides high quality behavioral health services to support individuals and families in Rhode Island communities through awareness, education, and the treatment of behavioral health issues. As a provider of mental health services, Brightside Behavioral… Read More »

The National Security Agency (NSA) has released guidance to help organizations eliminate weak encryption protocols, which are currently being exploited by threat actors to decrypt sensitive data. Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols were developed to create protected channels using encryption and authentication to ensure the security of sensitive data between a… Read More »

In the fall of 2020, a warning was issued to the healthcare and public health sector following a spike in ransomware activity. The joint CISA, FBI, and HHS cybersecurity advisory explained that the healthcare industry was being actively targeted by threat actors with the aim of infecting systems with ransomware. Several ransomware gangs had stepped… Read More »

A vulnerability has been identified in Zyxel devices such as VPN gateways, firewalls, and access point (AP) controllers that could be exploited by threat actors to gain remote administrative access to the devices. By exploiting the vulnerability, threat actors would be able to make changes to firewall settings, allow/deny certain traffic, intercept traffic, create new… Read More »

Northwestern Memorial Hospital in Chicago discovered a former temporary worker may have inappropriately viewed the medical records of certain patients while employed at the hospital. The unauthorized access was detected on December 2, 2020. A review of access logs revealed the individual viewed patient records without a work-related purpose for doing so between October 27,… Read More »

2020 was the worst ever year for healthcare industry data breaches. 616 data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights. 28,756,445 healthcare records were exposed, compromised, or impermissibly disclosed in those breaches, which makes 2020 the third worst year in terms of the number of breached healthcare… Read More »

In October 2020, the NetWalker ransomware gang claimed responsibility for a ransomware attack on the North Carolina-based surgical center, Wilmington Surgical Associates. The gang claimed to have stolen around 13GB of data prior to deploying NetWalker ransomware and encrypting files. The stolen batch of data included thousands of documents containing sensitive information. HIPAA Journal has… Read More »

The DHS’ Cybersecurity and infrastructure Security Agency has launched a website providing resources related to the ongoing cyber activities of the advanced persistent threat (APT) group responsible for compromising the SolarWinds Orion software supply chain. The threat actors behind the attack gained access to the networks of federal, state, and local governments, critical infrastructure entities,… Read More »