Category Archives: Latest Posts

Second Class Action Lawsuit Filed Against CommonSpirit Health Over Ransomware Attack

Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data. CommonSpirit Health announced in early October that it was dealing with a cyberattack that took down… Read More »

2022 Healthcare Data Breach Report

For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), albeit only by 1.13% with 707 data breaches of 500 or more records reported. Even with that reduction, 2022 still ranked as the second-worst-ever… Read More »

PHI of More Than 240K Patients Compromised in 5 Healthcare Data Breaches

A round-up of data breaches that have recently been reported to the HHS’ Office for Civil Rights and state Attorneys General. BayCare Clinic Announced Pixel-Related Data Breach The Wisconsin-based healthcare provider, BayCare Clinic, LLP, has recently announced that the protected health information of up to 134,000 of its patients has been impermissibly disclosed to unauthorized… Read More »

Editorial: Benefits of HIPAA for Healthcare Professionals

It has been almost 27 years since the Health Insurance Portability and Accountability Act (HIPAA) was signed into law, more than 2 decades since the Privacy Rule was enacted, and this February will be the 20th anniversary of the HIPAA Security Rule. This article is the second in a series that explores the benefits of… Read More »

Hackers are Using AI Tools such as ChatGPT for Malware Development

There are many benefits of using AI in healthcare, including the acceleration of drug development and medical image analysis, but the same AI systems that benefit healthcare could also be used for malicious purposes such as malware development. The Health Sector Cybersecurity Coordination Center (HC3) recently published an analyst note summarizing the potential for artificial… Read More »

Vulnerability Management and Remediation Deficiencies Identified at Alabama VA Medical Center

An inspection of information security at Tuscaloosa VA Medical Center in Alabama by the VA Office of Inspector General (OIG) uncovered deficiencies in three of the four assessed security control areas. The OIG inspection covered configuration management, contingency planning, security management, and access controls, with deficiencies identified in configuration management, security management, and access controls.… Read More »

Phishing Attack on Washington Therapist Exposes Patients’ PHI

A Washington therapist, Robert S. Miller LICSW, ACSW (RSM), has recently notified 640 current and former clients about a phishing incident that resulted in the exposure of some of their protected health information. State laws require notifications to be sent to state attorneys general when there has been a breach of the private information of… Read More »

ADEC Innovations Healthcare, Inc. Confirmed as HIPAA Compliant

ADEC Innovations Healthcare has recently been confirmed as being in full compliance with all appropriate provisions of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules, and the HITECH Act. ADEC Innovations Healthcare is a service provider to the healthcare industry, providing a range of services to reduce the administrative burden on healthcare organizations, including… Read More »