San Juan Regional Medical Center (SJRMC) in Farmington, New Mexico, has proposed a settlement to resolve a class action lawsuit filed in response to a September 2020 data breach that affected 68,792 patients. On September 8, 2020, hackers gained access to the SJRMC network and exfiltrated files that contained patient information such as names, dates… Read More »
LastPass has confirmed that hackers have gained access to a third-party cloud storage service that contained customer data, although no user passwords were compromised. The hacking incident is linked to the security breach that occurred in August 2022. In August, a hacker successfully compromised a developer account that provided access to the LastPass developer environment.… Read More »
The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites, web applications, and mobile apps without a business associate agreement (BAA) is a HIPAA violation if the tracking technology collects and transmits individually identifiable health information. Even with a BAA in place, the use of… Read More »
Health Care Management Solutions LLC, a West Virginia-based consulting company focused on improving care quality for vulnerable populations including veterans, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 500,000 individuals. Little is currently known about the data breach as the company has yet to publicly… Read More »
One Brooklyn Health System is currently dealing with a cyberattack that has caused disruption at its three hospitals – Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. Little information has been released about the attack so far, which is believed to have occurred on or just before November 19. That was… Read More »
There was a slight downturn in ransomware attacks in Q3, although it is too early to tell if that downward trend will continue. Even with the reduction in attacks, ransomware is still the biggest cyber threat faced by organizations, and the attacks are among the costliest cybersecurity incidents to mitigate. Attacks on the healthcare industry… Read More »
Connexin Software Inc., which provides electronic medical records and practice management software (Office Practicum) to pediatric physician practice groups has recently confirmed that it was the victim of a cyberattack in which an unauthorized third party gained access to its internal computer network. While the electronic medical record system was not accessed in the attack,… Read More »
HIPAA Journal is conducting interviews with healthcare professionals and service providers to find out more about their compliance journeys, how the HIPAA Rules have affected their working lives, and the successes and challenges they have faced with HIPAA compliance. John Jessop, MHA, CISSP, CHPS, HCISPP, CISA, CMPE, Sr. Director, HIPAA Security & Regulatory Compliance, PPFA… Read More »
A database containing the personally identifiable information (PII) of more than 16,000 children has been exposed over the Internet and could be accessed without a password or any other form of authentication. The database was found by security researcher Jeremiah Fowler and the Website Planet team and was traced to Tridas Group LLC. Tridas Group… Read More »
The Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued a Notice of Proposed Rulemaking (NPRM) detailing changes to the Confidentiality of Substance Use Disorder (SUD) Patient Records (42 CFR Part 2) and HIPAA to increase care coordination and better align Part 2 with the… Read More »