A round-up of healthcare data breaches that have recently been reported to the HHS’ Office for Civil Rights, state attorneys general, and the media. Wisconsin Department of Health Services: Accidental Disclosure of PHI via Email The Wisconsin Department of Health Services (DHS) has recently confirmed that there has been an accidental disclosure of protected health… Read More »
Questions are often sent to HIPAA Journal about the Health Insurance Portability and Accountability Act, one of which is how HIPAA has improved healthcare. In this article, I explain some of the main ways that healthcare has been improved by HIPAA for healthcare providers, health plans, and patients. How Does HIPAA Improve Healthcare? There has… Read More »
Cytometry Specialists, Inc., doing business as CSI Laboratories in Alpharetta, GA, has recently announced that the email account of an employee has been accessed by an unauthorized individual, who may have viewed or obtained the protected health information of 244,850 patients. CSI Laboratories is a leading cancer testing and diagnostics laboratory that serves pathologists, oncologists,… Read More »
Anthem has confirmed that the protected health information of certain plan members has been compromised in a data breach at its vendor, Choice Health. Choice Health was provided with the data of plan members to perform its contracted duties. On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database… Read More »
An affiliate of the infamous Netwalker ransomware gang has been sentenced to serve 20 years in jail for his role in ransomware attacks on entities in the United States. Netwalker is a ransomware-as-a-service (RaaS) operation where affiliates are recruited to conduct attacks and deploy ransomware in exchange for a cut of the ransom payments they… Read More »
Mon Health is facing a class action lawsuit over a hacking incident that allowed unauthorized individuals to gain access to its network for an 11-day period in December 2021. Mon Health said it detected the breach on December 30, 2021, with the forensic investigation determining hackers accessed its network between December 9 and December 19.… Read More »
LifeBridge Health Inc. has agreed to settle a class action lawsuit to resolve claims from patients affected by a data breach that was discovered in 2018. The total value of the settlement is $9.475 million, which includes an $800,000 fund to cover claims from class members. In March 2018, LifeBridge Health discovered a malware infection… Read More »
CommonSpirit Health is experiencing a data security incident that has affected many of its healthcare facilities. According to a statement issued by the health system on October 4, 2022, IT systems have been taken offline as a precautionary step while the incident is investigated, and the exact nature and scope of the incident is determined.… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a medical advisory about a recently discovered vulnerability that affects the BD Totalys MultiProcessor, which is used by hospitals and labs for processing clinical tissue specimens. The vulnerability is due to the use of hard-coded credentials, which could allow an attacker with access to a vulnerable… Read More »
The Health Sector Coordinating Council (HSCC) has urged the National Institute for Standards & Technology to provide tailored guidance for smaller and lesser-resourced healthcare organizations on implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and makes several other recommendations to improve the utility of its new HIPAA Security Rule implementation guidance. Background… Read More »