A recent Phishing by Industry Benchmarking Report has confirmed that providing security awareness training to the workforce significantly reduces susceptibility to phishing attacks. The benchmarking study was conducted by KnowBe4 to determine how effective security awareness training is at reducing susceptibility to phishing attacks. For the report, KnowBe4 analyzed data from more than 9.5 million… Read More »

The Cyber Safety Review Board (CSRB), established by President Biden in February 2022, has published a report on the Log4j vulnerability – CVE-2021-44228 – and associated vulnerabilities that were discovered in late 2021. The vulnerabilities affect the open source Java-based logging tool, Log4j, and, according to CSRB, they are endemic and are likely to be… Read More »

The Department of Health and Human Services’ Office for Civil Rights has sent a warning to healthcare providers about the importance of compliance with the HIPAA Right of Access with the announcement that a further 11 financial penalties for HIPAA-covered entities that have failed to provide patients with timely access to their medical records. The… Read More »

The Department of Health and Human Services’ Office for Civil Rights enforces the HIPAA Rules, which restrict uses and disclosures of healthcare data by HIPAA-covered entities and business associates of those entities. When entities are not covered by HIPAA, privacy violations and illegal uses and disclosures of sensitive consumer data are policed by the Federal… Read More »

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced that Oklahoma State University – Center for Health Sciences (OSU-CHS) has agreed to settle a HIPAA investigation stemming from a web server hacking incident and has agreed to pay a financial penalty of $875,000 to resolve potential violations of the… Read More »

The Winston-Salem, NC-based managed behavioral health organization, Carolina Behavioral Health Alliance (CBHA), the administrator of behavioral health benefits for Wake Forest University and Wake Forest Baptist Medical Center, has recently announced it was the victim of a ransomware attack. The attack was detected on March 20, 2022, and resulted in computer systems being disabled. The… Read More »

Tenet Healthcare and Baptist Health are facing a class action lawsuit over a recently reported data breach that affected 1.2 million patients. The breach was detected on April 20, 2022, with the forensic investigation confirming an unauthorized third-party had accessed the IT networks of Baptist Medical Center or Resolute Health Hospital between March 31 and… Read More »

Microsoft has warned of a large-scale phishing campaign targeting Office 365 credentials that bypasses multi-factor authentication (MFA). The campaign is ongoing and more than 10,000 organizations have been targeted by scammers in the past 10 months. Microsoft reports that one of the phishing runs used emails with HTML file attachments, with the email telling the… Read More »

On Friday, the House Committee on Oversight and Reform announced that a probe has been initiated to determine how data brokers and health app companies are collecting and selling individuals’ personal reproductive health data. The probe was initiated as a result of the SCOTUS decision that overturned Roe v. Wade, as members of the committee were… Read More »

Montana-based Associated Eye Care Providers (AEC) has recently started notifying patients that their private health information was compromised in a data breach at a business associate that was detected in early December 2020. The data breach in question occurred at Netgain Technologies, which provided managed IT services to many organizations in the healthcare sector. Netgain… Read More »