The HIPAA Enforcement Rule of 2006 – and subsequent amendments attributable to the passage of HITECH – details the procedures for investigating violations of HIPAA and the penalties that the HHS Office for Civil Rights can impose on Covered Entities and Business Associates for failing to comply with the Privacy, Security, and Breach Notification Rules.… Read More »
A preliminary settlement has recently been approved by a California Federal court to resolve a consolidated class action lawsuit against Solara Medical Supplies. Solara Medical Supplies is a Chula Vista, California-based direct-to-consumer provider of medical devices and disposable medical products and a registered pharmacy. On June 28, 2019, Solara Medical identified suspicious activity in an… Read More »
Security incidents have recently been reported by Georgia Pines CSB and Ballard Health, which have included the protected health information (PHI) of 28,295 individuals. Ballad Health Discovers Breach of Employee Email Account Ballard Health, an integrated community health improvement organization serving communities in the Appalachian Highlands in Northeast Tennessee, Southwest Virginia, Northwest North Carolina, and… Read More »
HIPAATizer.com, an all-in-one WordPress plugin and form builder that can be used by web developers to make websites HIPAA-compliant, has been confirmed as compliant with all standards of the HIPAA Rules that apply to business associates of HIPAA-covered entities. HIPAA-covered entities that wish to include forms on their websites that capture individuals’ protected health information… Read More »
American Addiction Centers (AAC), a network of treatment centers for individuals struggling with drug addiction, alcohol addiction, and co-occurring mental/behavioral health issues, has recently been confirmed as having achieved compliance with all of the necessary standards of the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and the HITECH Act. To confirm compliance… Read More »
Healthcare data breaches are occurring in record numbers, but not all privacy and security threats come from outside the organization. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has recently issued a warning about the threat from within. Insider Threats in Healthcare Nation-state hacking groups, cybercriminal gangs, and lone hackers… Read More »
A new report from Comcast Business indicates 2021 was another record-breaking year for Distributed Denial of Service (DDoS) attacks. 9.84 million DDoS attacks were reported in 2021, which is a 14% increase from 2019, although slightly lower than the previous year when 10.1 million attacks were reported. The slight decline in attacks was due to… Read More »
The Federal Bureau of Investigation (FBI) has issued a TLP: WHITE flash alert about the BlackCat ransomware-a-s-a-service (RaaS) operation. BlackCat, also known as ALPHAV, was launched in November 2021, shortly after the shutdown of the BlackMatter ransomware operation, which was a rebrand of DarkSide, which was behind the ransomware attack on Colonial Pipeline. A member of… Read More »
The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has issued a TLP: White alert about the Hive ransomware group – A particularly aggressive cybercriminal operation that has extensively targeted the healthcare sector in the United States. HC3 has shared an analysis of the tactics, techniques, and procedures (TTPs) known to be… Read More »
An Adaptive Health Integrations data breach has recently been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) that involved the protected health information (PHI) of 510,574 individuals. Adaptive Health Integrations is listed as a Williston, North Dakota-based provider of LIS software services and billing/revenue services to laboratories, physician offices,… Read More »