Compliancy Group has announced that Safe Partner Inc. has demonstrated it has implemented an effective HIPAA compliance program and has successfully completed its proprietary 6-stage HIPAA risk analysis and remediation process. Safe Partner Inc. is a Belmont, CA-based boutique software development and consulting company that provides a full range of software services, from design to… Read More »
The U.S. Federal Trade Commission (FTC) is seeking comment on its breach notification requirements for non-HIPAA-covered entities that collect personally identifiable health information. The FTC’s Health Breach Notification Rule was introduced in 2009 as part of the American Recovery and Reinvestment Act of 2009 (ARRA). The rule took effect on August 22, 2010 and the… Read More »
Why Must Covered Entities Have a Business Associate Agreement? Both the HIPAA Privacy Rule and the HIPAA Security Rule require that a HIPAA covered entity enter into a business associate agreement with each of its business associates. A “business associate” is a person or entity, other than a member of the workforce of a covered… Read More »
Business email compromise scammers operating out of Nigeria have been targeting government healthcare agencies, COVID-19 research organizations, and pandemic response organizations to obtain fraudulent wire transfer payments and spread malware. The attacks were detected by Palo Alto Networks’ Unit 42 team researchers and have been attributed to a cybercriminal organization called SilverTerrier. SilverTerrier actors have… Read More »
Saint Francis Healthcare Partners in Connecticut is notifying 38,529 patients that some of their protected health information has potentially been obtained by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email system. The attack occurred on December 30, 2019 but it took until March… Read More »
Advanced Persistent Threat (APT) groups are continuing to target healthcare providers, pharmaceutical firms, research institutions, and others involved in the COVID-19 response, prompting a further joint alert from cybersecurity authorities in the United State and United Kingdom. The latest warning from the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the… Read More »
Ann & Robert H. Lurie Children’s Hospital of Chicago has terminated an employee for improperly accessing the medical records of patients without authorization over a period of 15 months. The privacy violations were identified by the hospital on March 5, 2020. The employee’s access to hospital systems was immediately terminated while the investigation was conducted.… Read More »
The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy Rule does not allow the media and film crews to access healthcare facilities where patients’ protected health information is accessible unless written authorization has been obtained from the patients concerned in advance. A public health… Read More »
Several healthcare providers have been affected by an unusual data breach at Waupaca, WI-based STAT Informatics Solutions, LLC. STAT provides secure medical records services to several healthcare providers which includes scanning paper files so they can be added to hospital medical record systems. On March 3, 2020, a STAT facility in Lebanon, TN was hit… Read More »
BJC Healthcare has announced that the email accounts of three of its employees have been accessed by an unauthorized individual after the employees responded to phishing emails. Suspicious activity was detected in the email accounts on March 6, 2020 and the accounts were immediately secured. A leading computer forensics firm was engaged to conduct an… Read More »