Blog HIPAA

Multiple Vulnerabilities Identified in OpenEMR Health Record and Practice Management Software

Multiple vulnerabilities have been identified in the popular open source electronic health record and medical practice management software, OpenEMR. OpenEMR is used by healthcare organizations around the world for recording and managing sensitive patient data, and patients used the software for scheduling appointments online, communicating with their healthcare providers, and paying medical bills. OpenEMR is… Read More »

Editoirial: Benefits of HIPAA for Patients

This is the third article in the ‘Benefits of HIPAA’ series, this time around exploring how the Health Insurance Portability and Accountability Act (HIPAA) and its subsequent amendments have benefited patients. The first article in the series explored how HIPAA has benefited healthcare organizations and the second covered the key benefits of HIPAA for healthcare… Read More »

Up to 184,000 Clients of Lutheran Social Services of Illinois Impacted by Ransomware Attack

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. The cyberattack was detected on January 27, 2022, and systems were taken offline to contain the attack. and third-party cybersecurity professionals were… Read More »

Lawsuit Alleges Christ Hospital Website Has Sent Patient Data to Meta

Earlier this month, a lawsuit was filed against The Christ Hospital in Cincinnati, OH, alleging third-party tracking code had been added to its website that was transmitting sensitive patient data to Meta and other third parties, without obtaining authorization from patients. An investigation by The Markup last summer revealed one-third of the top 100 hospitals… Read More »

Hive Ransomware Operation Disrupted as FBI Seizes the Gang’s Infrastructure

While the Hive ransomware operation was infiltrating servers, exfiltrating data, and demanding ransom payments from their victims, their activities were being observed from within. The FBI has had access to Hive’s ransomware servers since July 2022 and was learning about the group’s methods and has been helping victims recover without paying the ransom. The FBI… Read More »

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

Blackberry has recently published its Global Threat Intelligence Report, which provides actionable and contextualized intelligence that can be used to improve cyber resilience. The report is based on data collected by Blackberry and threat intelligence provided by third parties, gathered over 90 days between September and November 2022. Throughout the reporting period, downloaders were among the… Read More »

Feds Warn of Malicious Use of RMM Software in Callback Phishing Attacks

Cybercriminals are increasingly using legitimate remote monitoring and management (RMM) software in their attacks, according to a recent joint alert from the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The campaign was first identified in October 2022 and involves callback phishing. The… Read More »

Ransomware Profits Decline as Victims Refuse to Pay Ransoms

Ransomware gangs are finding it much harder to profit from their attacks as fewer victims are ransoms to obtain the decryption keys and prevent the exposure of stolen data, according to two recently released reports from the ransomware remediation firm, Coveware, and blockchain analysis firm, Chainalysis. Coveware reports that in Q1, 2019, 85% of ransomware… Read More »

Logan Health Proposes $4.3 Million Settlement to Resolve Class Action Data Breach Lawsuit

Logan Health has agreed to settle a class action lawsuit related to a 2021 hacking incident that exposed the protected health information of 213,543 individuals. Under the terms of the settlement, Logan Health has agreed to create a fund of $4.3 million to cover claims from individuals affected by the breach. Logan Health, formerly Kalispell… Read More »

Second Class Action Lawsuit Filed Against CommonSpirit Health Over Ransomware Attack

Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data. CommonSpirit Health announced in early October that it was dealing with a cyberattack that took down… Read More »