The French Computer Emergency Response Team (CERT-FR) has warned about an ongoing ransomware campaign targeting VMware ESXi hypervisors that have not been patched against the critical heap-overflow vulnerability tracked as CVE-2021-21974. VMware issued a patch on February 3, 2021, to fix the vulnerability; however, hundreds of VMware ESXi virtual machines are still vulnerable to the… Read More »
Last Thursday, Tallahassee Memorial HealthCare (TMH) in Florida was forced to take its IT systems online, divert ambulances, and suspend all non-emergency medical procedures due to a cyberattack. The hospital issued a statement confirming that it would only be accepting patients with Level 1 traumas from its immediate service area while the cyberattack is investigated… Read More »
The HHS’ Office for Civil Rights has announced its second financial penalty of 2023 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). Banner Health has agreed to pay a financial penalty of $1,250,000 and adopt a corrective action plan to resolve the alleged HIPAA Security Rule violations. Phoenix, AZ-based Banner… Read More »
The Federal Trade Commission’s Health Breach Notification Rule requires vendors of personal health records and related entities to issue notifications to consumers in the event of a breach of unsecured personal records. The rule took effect in 2009, yet compliance has not been enforced. That has now changed. Yesterday, the FTC issued its first penalty… Read More »
In 2022 the Office for Civil Rights (OCR) did not slow down its enforcement actions. Over 55% of HIPAA fines in 2022 were levied against small medical practices. Watch this recorded webinar to learn about: The breaches and fines of 2022 (what caused them and who was affected). How to protect yourself from committing a… Read More »
In late January, the U.S. Occupational Safety and Health Administration (OSHA) at the U.S. Department of Labor published new enforcement guidance which will see the agency adopt a much more aggressive stance on serious violations of the Occupational Safety and Health Act (OSH Act) in an effort to improve OSH Act compliance. OSHA will be… Read More »
When a data breach occurs and sensitive information is disclosed, the HIPAA Breach Notification Rule requires affected individuals to be notified. The FTC Health Breach Notification Rule also has breach reporting requirements, and all 50 states have enacted data breach notification laws. What is lacking in many of these regulations – at both the federal… Read More »
UCLA Health Announces Pixel-Related Data Breach UCLA Health has recently started notifying approximately 94,000 patients about an impermissible disclosure of their protected health information to certain unnamed service providers due to the use of analytics tools on its website and mobile app. UCLA Health said analytics tools were used to better understand how patients interacted… Read More »
San Andreas Regional Center has agreed to settle a class action lawsuit that was filed in response to a July 2021 ransomware attack in which hackers gained access to the personal information of more than 57,000 patients The San Jose, CA-based healthcare provider supports individuals with developmental disabilities through its facilities in the Santa Clara,… Read More »
The pro-Russian hacking group, Killnet, is conducting a campaign of Distributed Denial of Service (DDoS) attacks on U.S. hospitals in apparent retaliation for U.S. support of Ukraine. The attacks started a few days after the United States and other countries agreed to provide tanks to Ukraine to help with the fight against the Russian invasion.… Read More »