Police Department of the City of New York Reports 21,500-Record Data Breach Unauthorized individuals have gained access to the email system of the Administrative Fund of the Detectives’ Endowment Association of the Police Department of the City of New York (NYCDEA) and potentially viewed or obtained the protected health information of 21,544 individuals. Suspicious activity… Read More »
A former employee of Axia Women’s Health in Pennsylvania has been charged in a 39-count indictment for stealing patient information for personal gain. The Upper Moreland Police Department in Montgomery County, PA, uncovered an elaborate scheme involving the theft of the identities of patients, which were used to obtain credit cards and loans, rent high-end… Read More »
In the event of a cyberattack that impacts the functionality of medical devices, a rapid and effective response is essential to ensure patient safety and the continuity of clinical operations. While healthcare organizations have practiced protocols that can be implemented immediately in the event of a natural disaster such as a hurricane, they tend to… Read More »
The Governor of Pennsylvania, Tom Wolf, has signed Senate Bill 696 into law, which expands the definition of personal information under the Breach of Personal Information Notification Act that warrants individual notifications to be issued in the event of a data breach. The updated law will take effect on May 2, 2023. The updated definition… Read More »
Five former employees of Methodist Hospital in Tennessee have been indicted by a federal grand jury in Memphis for criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) for impermissibly accessing the protected health information of patients and providing that information to another individual for financial gain. According to the indictment, between November… Read More »
A New York-based physician-owned provider of administrative services to anesthesiology firms is facing several class action lawsuits over a cyberattack and data breach that has affected at least 24 entities and involved the exposure and potential theft of the protected health information of more than 450,000 patients. Anesthesiology firms started reporting data breaches to the… Read More »
HIPAA Journal is conducting interviews with healthcare professionals and service providers to find out more about their compliance journeys, how the HIPAA Rules have affected their working lives, and the successes and challenges they have faced with HIPAA compliance. This week, Erich Scheunemann, Assistant Fire Chief for the Anchorage Fire Department in Alaska shares his… Read More »
CISA has issued a decision tree methodology that can be adopted by healthcare organizations to help them develop an efficient and effective vulnerability management program. The Importance of an Efficient Patch Management Program When it comes to vulnerability management, the best practice is to patch promptly. When software updates and patches are released, they should… Read More »
CommonSpirit Health has recently provided an update on the progress that has been made in recovering from an October 2022 ransomware attack that affected many facilities across its network. The attack was detected on October 3, which forced the health system to take its IT systems offline, including its MyChart electronic health records (EHRs). CommonSpirit… Read More »
The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks. Venus ransomware, aka GOODGAME, is a relatively new threat, having first been identified in mid-August 2022;… Read More »