Category Archives: Latest Posts

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

Police Department of the City of New York Reports 21,500-Record Data Breach Unauthorized individuals have gained access to the email system of the Administrative Fund of the Detectives’ Endowment Association of the Police Department of the City of New York (NYCDEA) and potentially viewed or obtained the protected health information of 21,544 individuals. Suspicious activity… Read More »

Pennsylvania Updates Data Breach Notification Law

The Governor of Pennsylvania, Tom Wolf, has signed Senate Bill 696 into law, which expands the definition of personal information under the Breach of Personal Information Notification Act that warrants individual notifications to be issued in the event of a data breach. The updated law will take effect on May 2, 2023. The updated definition… Read More »

Five Former Tennessee Hospital Employees Charged with Criminal HIPAA Violations

Five former employees of Methodist Hospital in Tennessee have been indicted by a federal grand jury in Memphis for criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) for impermissibly accessing the protected health information of patients and providing that information to another individual for financial gain. According to the indictment, between November… Read More »

New York Provider of Administrative Anesthesiology Services Facing Multiple Class Action Data Breach Lawsuits

A New York-based physician-owned provider of administrative services to anesthesiology firms is facing several class action lawsuits over a cyberattack and data breach that has affected at least 24 entities and involved the exposure and potential theft of the protected health information of more than 450,000 patients. Anesthesiology firms started reporting data breaches to the… Read More »

CISA Releases Decision Tree Methodology for Assessing and Remediating Software Vulnerabilities

CISA has issued a decision tree methodology that can be adopted by healthcare organizations to help them develop an efficient and effective vulnerability management program. The Importance of an Efficient Patch Management Program When it comes to vulnerability management, the best practice is to patch promptly. When software updates and patches are released, they should… Read More »

HC3 Sounds Alarm About Venus Ransomware

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks. Venus ransomware, aka GOODGAME, is a relatively new threat, having first been identified in mid-August 2022;… Read More »