HIPAA Journal has partnered with The Compliancy Group to offer its readers a free annual HIPAA Risk Assessment. Covered Entities like medical practices and Business Associates like IT providers are required conduct a HIPAA risk assessment by the 2003 HIPAA Security Rule (45 CFR § 164.308 – Security Management Process) and HITECH Act… Read More »
Allwell Behavioral Health Services in Zanesville, OH, has announced that a computer system used to store quality assurance information related to the treatment of patients has been accessed by an unauthorized individual. The unauthorized access was detected on March 5, 2022, with the subsequent forensic investigation determining the system was breached on March 2, 2022.… Read More »
A class action lawsuit has been filed in the U.S. District Court for the District of Massachusetts by the law firm Morgan & Morgan against Injured Workers Pharmacy (IWP) over a breach of the personal information of 75,771 customers. IWP is an Andover, MA-based pharmacy that serves employees who were injured at work and receive workers’… Read More »
BD has issued security advisories about two vulnerabilities that affect certain BD Pyxis automated medication dispensing system products and the BD Synapsys microbiology informatics software platform. BD Pyxis – CVE-2022-22767 According to BD, certain BD Pyxis products have been installed with default credentials and may still operate with those credentials. In some scenarios, the affected… Read More »
Microsoft has issued a security advisory and has provided workaround to prevent a zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) from being exploited. The vulnerability is tracked as CVE-2022-30190 and has been dubbed Follina by security researchers. According to Microsoft, “a remote code execution vulnerability exists when MSDT is called using the… Read More »
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) added a further 75 vulnerabilities to its Known Exploited Vulnerability Catalog. The Known Exploited Vulnerability Catalog is a list of vulnerabilities in software and operating systems that are known to be exploited in real-world attacks. The list now includes 737 vulnerabilities. The latest additions came in… Read More »
BJC HealthCare, a non-profit healthcare organization based in St. Louis, MO, has started notifying certain patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual. The investigation confirmed that a small number of email accounts of physicians and general practitioners had been accessed between March… Read More »
A recent study by Source Defense examined the risks associated with the use of third- and fourth-party code on websites and found that all modern, dynamic websites included code that could be targeted by hackers to gain access to sensitive data. SOurce Defense explained that websites typically have their own third-party supply chains, with those… Read More »
A class action lawsuit filed against NorthEast Radiology PC and Alliance HealthCare Services over a data breach that exposed the protected health information of more than 1.2 million individuals has been dismissed by a New York Federal Judge for lack of standing. The lawsuit was filed in July 2021 on behalf of plaintiffs Jose Aponte… Read More »
An information technology consultant who worked as a contractor at a suburban healthcare company in Chicago has been charged with illegally accessing the company’s network and intentionally causing damage to a protected computer. Aaron Lockner, 35, of Downers Grove, IL, worked for an IT company that had a contract with a healthcare company to provide… Read More »