Becton, Dickinson and Company (BD) has self-reported two vulnerabilities that affect its BD Pyxis automated medication dispensing systems, BD Rowa pouch packaging systems, and BD Viper LT automated molecular testing systems. Both vulnerabilities are due to the use of hard-coded credentials. If exploited, the vulnerabilities could allow an unauthorized individual to access, modify, and delete… Read More »
West Virginia-based Monongalia Health System (Mon Health) has announced it was the victim of a cyberattack that has exposed patient, employee, and contractor data. This is the second major data breach to be reported by the health system in the past 12 months. Mon Health has confirmed that these two data breaches are separate incidents,… Read More »
There is no one-size-fits-all HIPAA violation reporting process because different organizations have different policies and procedures for reporting HIPAA violations, while the process for reporting violations to HHS´ Office for Civil Rights varies according to the nature of the violation and who is making the report. There are many different types of HIPAA violations, but… Read More »
The healthcare industry has been extensively targeted by ransomware gangs and victims often see paying the ransom as the best option to ensure a quick recovery, but the payment does not always put an end to the extortion. Many victims have paid the ransom to obtain the decryption keys or to prevent the publication of… Read More »
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the U.S. health sector about potential cyber threats that could spill over from the conflict and affect U.S. healthcare organizations. HC3 said the HHS is unaware of any specific threats to the Health and Public Health (HPH)… Read More »
The Health Insurance Accountability and Portability Act (HIPAA) introduced multiple HIPAA rights. Some of the rights were introduced directly via the text of the Act, but the majority followed later in the Privacy Rule. Unfortunately, the failure to comply with Privacy Rule HIPAA rights is one of the leading reasons for complaints to the HHS… Read More »
In a recent blog post, Director of the HHS’ Office for Civil Rights, Lisa J. Pino, urged HIPAA-regulated entities to take steps to strengthen their cybersecurity posture in 2022 in light of the increase in cyberattacks on the healthcare industry. 2021 was a particularly bad year for healthcare organizations, with the number of reported healthcare… Read More »
Healthcare organizations and their business associates need to be HIPAA compliant, but complying with the HIPAA Rules can be a daunting task and many new businesses don’t know where to start. To help HIPAA-regulated entities get on the right track, Compliancy Group is hosting a webinar this month and will explain the ins and outs… Read More »
The Houston Health Department has recently announced that the personal information and COVID-19 test results of 10,291 individuals have been exposed online as a result of a technical issue with its portal. The issue allowed approximately 3,500 portal users to access the data of other individuals. The Houston Health Department said it detected the issue… Read More »
Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. Jax Spine & Pain Centers Jax Spine and Pain Centers in Jacksonville, FL has recently announced it was the victim of a… Read More »