Class action lawsuits have recently been filed against Partnership Health Plan in Northern California and Oregon Anesthesiology Group in response to ransomware attacks and the theft of sensitive patient/plan member data. Partnership Health Plan of California Partnership HealthPlan of California (PHC) is a non-profit community-based healthcare organization that serves over 550,000 Medi-Cal beneficiaries in Northern… Read More »

Illinois Gastroenterology Group has recently announced that unauthorized individuals gained access to its computer environment and potentially accessed and exfiltrated sensitive patient data. The cyberattack was detected on October 22, 2021, when suspicious activity was identified within its computer network. Third-party cybersecurity specialists were engaged to investigate the attack and determine the nature and scope… Read More »

Healthplex Inc., one of the largest providers of dental insurance in New York state, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Upon discovery of the breach, the email account was immediately secured to prevent further unauthorized access and an investigation was launched to… Read More »

Connecticut has joined California, Colorado, Utah, and Virginia in passing a comprehensive new data privacy law that establishes responsibilities for businesses that collect and process the personal data of state residents and gives consumers new rights. The Connecticut Data Privacy Act (Senate Bill 6) was passed 35-0 by the Senate and 144-5 in the House… Read More »

The American College of Physicians (ACP), American Telemedicine Association (ATA), and the Organization for the Review of Care and Health Applications (ORCHA) have collaborated to produce a new framework for assessing the digital health technologies used by healthcare professionals and patients. Currently, more than 86 million Americans use a health or fitness app. These digital… Read More »

On Thursday, the National Institute of Standards and Technology (NIST) published updated cybersecurity supply chain risk management (C-SCRM) guidance to help organizations develop an effective program for identifying, assessing, and responding to cybersecurity risks throughout the supply chain. Cyber threat actors are increasingly targeting the supply chain. A successful attack on a single supplier can… Read More »

The average ransom payment in ransomware attacks fell by 34% in Q1, 2022, from an all-time high in Q4, 2021, according to ransomware incident response firm Coveware. The average ransom payment in Q1, 2022 was $211,259 and the median ransom payment was $73,906. The fall in total ransom payments has been attributed to several factors.… Read More »

The Federal Bureau of Investigation (FBI) has issued a public service announcement warning about the threat of Business Email Compromise/Email Account Compromise (BEC/EAC) scams. The number of attacks reported to the FBI Internet Crime Complaint Center (IC3) and the amount of money lost to these scams continues to grow each year, with losses to BEC/EAC… Read More »

Thursday, May 5, 2022, is World Password Day. Established in 2013, the event is observed on the first Thursday of May with the goal of improving awareness of importance of creating complex and unique passwords and adopting password best practices to keep sensitive information private and confidential. Passwords were first used to protect accounts against… Read More »

An audit of the Department of Health and Human Services conducted for the HHS’ Office of Inspector General (OIG) to assess compliance with the Federal Information Security Modernization Act of 2014 (FISMA) in the fiscal year 2021 has seen the agency’s security program rated ‘not effective’, as was the case in fiscal years 2018, 2019,… Read More »