The number of connected devices being used in hospitals continues to grow and while these devices can improve efficiency, safety, and patient outcomes, they have also substantially increased the attack surface, and many of these devices either lack appropriate security features or are not correctly configured. According to a recent Microsoft-sponsored study by the Ponemon… Read More »
Ann & Robert H. Lurie Children’s Hospital has proposed a settlement to resolve a class action lawsuit filed in response to two privacy breaches involving unauthorized medical record access by employees. On November 15, 2019, the Chicago hospital discovered an employee had been impermissibly accessing patient records. The investigation determined the unauthorized access occurred between… Read More »
The audio transcription service provider, GoTranscript, has completed Compliancy Group’s HIPAA compliance methodology and has been confirmed as being in compliance with the HIPAA Rules. GoTranscript is an audio transcription company that was formed in 2005 in Edinburgh, Scotland. Over the past 17 years, the company has grown into a global provider of audio transcription… Read More »
Security awareness training is a vital part of any security strategy; however, one area where it appears to be having little effect is improving password hygiene. Employees can be taught what a strong password is and how passwords should be created, but even though the theory is understood it is not being put into practice.… Read More »
The federal government has issued a warning to the healthcare sector about the threat of cyberattacks by Iranian threat actors. Iranian state-sponsored actors lack the sophisticated technical capabilities of Russian and Chinese threat actors, but still pose a significant threat to the sector. The threat actors mostly use social engineering in their attacks to gain… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have recently issued guidance for federal and private agencies on the prevention and mitigation of distributed Denial of Service (DDoS) attacks. These attacks are conducted to overload applications and websites with traffic, thus rendering… Read More »
USV Optical, a subsidiary of U.S. Vision, has recently confirmed that the information of patients at several entities within its network has been exposed. Suspicious activity was detected within its network on May 12, 2021, with the forensic investigation confirming unauthorized individuals had access to its network for a month between April 20, 2021, and… Read More »
St. Luke’s Health has recently notified 16,906 patients that some of their protected health information has been exposed in a security incident at a vendor that provides consulting services. On November 5, 2021, the email accounts of two employees of Adelanto Healthcare Ventures (AHCV) were accessed by an unauthorized individual. An investigation was launched into the… Read More »
Oakbend Medical Center in Richmond, TX, and Keystone Health in Chambersburg, PA, are facing class action lawsuits over recent hacking incidents that resulted in the exposure and theft of the protected health information of hundreds of thousands of patients. OakBend Medical Center On September 1, 2022, OakBend Medical Center discovered its systems had been compromised… Read More »
HIPAA Journal is conducting interviews with healthcare professionals to find out more about their compliance journeys, how the HIPAA Rules have affected their working lives, and the successes of HIPAA compliance and the challenges they have faced. The first HIPAA Journal Reader to share his views on HIPAA is Nathanael Ayala, Compliance Officer at Hospital… Read More »