CaptureRx, a San Antonio, TX-based provider of 340B administrative services to healthcare providers, has suffered a ransomware attack in which files containing the protected health information of customers’ patients were stolen. The security breach was detected on February 19, 2021, with the investigation confirming unauthorized individuals had accessed and acquired files containing sensitive data on… Read More »
Network intrusion incidents have overtaken phishing as the leading cause of healthcare data security incidents, which has been the main cause of data breaches for the past 5 years. In 2020, 58% of the security incidents dealt with by BakerHostetler’s Digitial Assets and Data Management (DADM) Practice Group were network intrusions, most commonly involving the… Read More »
The Health Insurance Portability and Accountability Act can be confusing and complying with all provisions of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules can be challenging. One way to ensure compliance is to receive assistance from compliance experts and to be guided through the process. This will ensure no aspect of compliance is… Read More »
The National Institute of Standards and Technology (NIST) is planning on revising and updating its guidance on implementing the HIPAA Security Rule and is seeking comment from stakeholders on aspects of the guidance that should be changed. NIST published the guidance – NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the… Read More »
Lawmakers in the Commonwealth of Pennsylvania are calling for an investigation into a data breach involving the contact tracing information of 72,000 Pennsylvanians after it was discovered that sensitive information was being shared via unauthorized channels without the necessary security protections. Insight Global is an Atlanta-based firm that has been assisting the Commonwealth of Pennsylvania… Read More »
Are you looking to become HIPAA compliant? Regardless of where you are in the HIPAA compliance process, help is at hand. On May 12, 2021, Compliancy Group is hosting a webinar and will share 6 secret ingredients for a well run and easily maintained HIPAA compliance program. Webinar attendees will discover a recipe for a… Read More »
The San Diego-based healthcare provider Scripps Health suffered a cyberattack on May 1, 2021 which forced it to take its information technology systems offline. Scripps Health operates four hospitals in the San Diego area and has been able to continue to provide care to patients; however, stroke, heart attack, and trauma patients seeking emergency treatment… Read More »
Health Aid of Ohio, a Parma, OH-based full-service home medical equipment provider, has discovered unauthorized individuals gained access to its systems and exfiltrated some files from its network. The breach was detected on February 19, 2021 when suspicious network activity was detected. Action was quickly taken to eject the attackers from the network and secure… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have published guidance to help organizations improve their defenses against software supply chain attacks. The guidance document – Defending Against Software Supply Chain Attacks – explains the three most common methods that threat groups use in supply chain attacks… Read More »
Doctors Medical Center of Modesto (DCM) in California has discovered a contractor used by a former vendor accidentally exposed patient data over the Internet. DCM had contracted with the SaaS platform provider Medifies to provide virtual waiting room services. On April 2, 2021, DCM discovered the data of some of its patients was accessible over… Read More »