The California Department of Corrections and Rehabilitation (CDCR) has recently discovered that unauthorized individuals have gained access to one of its information systems. The compromised system contained medical information on all individuals who had been tested for COVID-19 between June 2020 and January 2022, including staff members, visitors, and other individuals, although not inmates. The… Read More »
The Health Sector Cybersecurity Coordination Center has issued a warning about social engineering and voice phishing (vishing) attacks on the healthcare and public health (HPH) sector. In cybersecurity terms, social engineering is the manipulation of individuals by malicious actors to further their own aims. It is a broad term that covers many different types of… Read More »
In July 2022, 66 healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights, which is a 5.71% reduction from the 70 data breaches reported in June 2022 and July 2021. While the number of data breaches fell slightly from last month, data… Read More »
There has been a marked increase in the number of healthcare organizations that have implemented zero trust initiatives, according to the 2022 State of Zero Trust Security report from Okta. In 2022, 58% of surveyed organizations said they had or have started implementing zero trust initiatives, up 21 percentage points from the 37% last year.… Read More »
Healthcare data breaches are being reported in record numbers with tens of millions of patients having their healthcare data exposed or impermissibly disclosed every year. Healthcare data should remain private and confidential but it is clear that is no longer the case. The American Medical Association (AMA) recently teamed up with the Savvy Cooperative to explore… Read More »
A lawsuit has been filed against the Federal Trade Commission by an Idaho-based digital marketing and analytics company, which is alleged to have violated the Federal Trade Commission (FTC) Act with its data practices. Kochava’s primary business unit provides mobile advertising attribution through customizable software tools, which are provided under the software-as-a-service model. The software… Read More »
The Health Insurance Portability and Accountability Act (HIPAA) requires HIPAA-covered entities and their business associates to complete a risk assessment. The purpose of the risk assessment is to identify and evaluate all risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). An annual risk assessment is also required by… Read More »
Little Rock, AR-based Independent Case Management (ICM), a provider of home and community-based support for individuals with intellectual and developmental disabilities, has recently notified 3,307 individuals that some of their protected health information may have been stolen in a ransomware attack. According to the notification letters, three servers were affected by the attack. The servers… Read More »
Florida Orthopaedic Institute has proposed a $4 million settlement to resolve claims from patients affected by a 2020 data breach. In April 2020, Musculoskeletal Institute, dba Florida Orthopaedic Institute, discovered an unauthorized third party had gained access to a server that contained patients’ protected health information (PHI) and used ransomware to encrypt files. The forensic… Read More »
Practice Resources, a Syracuse, NY, provider of billing and other professional services, has suffered a data breach involving the records of 942,138 individuals. According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. Assisted by third-party digital forensics experts, Practice Resources… Read More »