A round-up of data breaches that have recently been reported to the HHS’ Office for Civil Rights and state Attorneys General. Californian EHR Vendor Reports Breach of 77,652 Records Further information has been obtained on a data breach reported to the HHS’ Office for Civil Rights on June 2, 2022, by Clinivate, a Pasadena, CA-based… Read More »
A cyberattack and data breach cost Tenet Healthcare $100 million in lost revenue and mitigation costs in Q2, 2022. Dallas, TX-based Tenet Healthcare is one of the largest healthcare providers in the United States, running 65 hospitals and more than 450 healthcare facilities across the United States through its brands and subsidiaries. In April 2022,… Read More »
A peer-reviewed study conducted by researchers at Princeton University explored the password policies of the most popular English Language websites and found that only 13% of the websites followed all appropriate best practices. The researchers reverse-engineered the password policies of 120 of the leading websites based on visitor numbers and sought to establish whether password… Read More »
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued guidance to help healthcare organizations protect against web application attacks. Web applications have grown in popularity in healthcare in recent years and are used for patient portals, electronic medical record systems, scheduling appointments, accessing test results, patient monitoring, online pharmacies,… Read More »
Benson Health in North Carolina has recently started notifying 28,913 patients that some of their protected health information was potentially accessed or acquired in a cyberattack that was detected on May 5, 2021. Benson Health said an investigation was immediately launched when the breach was detected, and a specialist cybersecurity and data privacy law firm… Read More »
The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security Rule to help them better protect patients’ personal and protected health information. The Security Rule of the Health Insurance Portability and Accountability Act established national standards for protecting the electronic protected health information (ePHI) that… Read More »
The U.S Department of Justice has announced that around $500,000 in Bitcoin has been seized from North Korean threat actors who were using Maui ransomware to attack healthcare organizations in the United States. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued a security alert warning that North… Read More »
The Methodist Hospitals Inc. has agreed to settle a class action lawsuit and has created a fund of $425,000 to cover claims from victims of a 2019 data breach that affected almost 70,000 current and former patients. The Gary, IN-based healthcare provider reported an email security incident to the HHS’ Office for Civil Rights on… Read More »
June 2022 saw 70 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) – two fewer than May and one fewer than June 2021. Over the past 12 months, from July 2021 to June 2022, 692 large healthcare data breaches have been… Read More »
BJC HealthCare has agreed to settle a class action lawsuit to resolve claims it failed to adequately protect patient data from phishing attacks. The nonprofit St. Louis-based hospital system reported a breach of its email system to the HHS’ Office for Civil Rights on May 5, 2020, that affected 287,876 individuals. The investigation confirmed that three… Read More »