Data Breach Affects 120,000 Priority Health Plan Members

The Michigan-based health plan provider, Priority Health, has confirmed that it has been affected by a data breach at a business associate, the law firm Warner Norcross & Judd (WNJ). WNJ identified suspicious network activity on October 22, 2021. Steps were immediately taken to prevent further unauthorized access and a digital forensics firm was engaged… Read More »

Healthcare Providers Targeted in Evernote Phishing Campaign

A malicious phishing campaign has been identified that is targeting healthcare providers. The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The Health Information Cybersecurity Coordination Center (HC3) has recently issued an alert about the campaign which has targeted several healthcare providers… Read More »

CISA Sounds Alarm About Zeppelin Ransomware Targeting Healthcare Organizations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security alert about the Zeppelin ransomware-as-a-service (RaaS) operation, which has extensively targeted organizations in the healthcare and medical industries. Zeppelin ransomware, a variant of Vega malware, has been used in attacks on critical infrastructure organizations since… Read More »

1H 2022 Healthcare Data Breach Report

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being reported in high numbers, there has been a fall… Read More »

Zenith American Solutions Reports Mailing Error that Exposed SSNs of 37,000 Individuals

Zenith American Solutions, a third-party administrator for the Sound Health and Wellness Trust, has recently notified individuals about a mailing error that exposed individuals’ Social Security numbers. According to the breach notification, a mailing was sent to individuals on June 24, 2022, advising them to complete their Personal Health Assessments or Health Profiles to enroll… Read More »

New Draft of ADPPA Law Introduced with Bipartisan Support

The American Data Privacy and Protection Act (ADPPA) was introduced in June, was substantially revised within a matter of days, and last month a new draft of ADPPA law was introduced with further revisions. The revised ADPPA has attracted considerable bipartisan support and sailed out of the committee with a vote of 53-2, and there… Read More »

Webinar: Aug 17, 2022: Do I Need to be HIPAA Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information and to prevent that information from being disclosed without an individual’s knowledge or consent. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, which are classed as HIPAA-covered entities. There is a misconception that only HIPAA-covered entities… Read More »

Updates on Cyberattacks on Goodman Campbell Brain and Spine and Behavioral Health Group

Further information has been released on two cyberattacks on healthcare organizations: Goodman Campbell Brain and Spine and Behavioral Health Group. Goodman Campbell Brain and Spine Notifies 363,000 Patients About Public Release of PHI on Dark Web Carmel, IN-based Goodman Campbell Brain and Spine has started notifying 363,000 current and former patients that some of their… Read More »