The Medical Review Institute of America (MRoiA) suffered a suspected ransomware attack in November 2021 in which sensitive patient data were stolen. MRoiA is provided with patient data by HIPAA-covered entities as part of the clinical peer review process of healthcare services. In a data breach notice provided to the Vermont attorney general, MRoiA said… Read More »
The Chicago, IN-based certified public accounting firm Bansley & Kiener LLP is facing a class action lawsuit over a data breach that was reported to regulators this December. The breach in question occurred in the second half of 2020, with the investigation indicating hackers accessed its systems between August 20, 2020, and December 1, 2020.… Read More »
A hacker gained access to the IT network of Altamonte Springs, FL-based BioPlus Specialty Pharmacy Services and accessed files containing sensitive patient data. The intrusion was detected on November 11, 2021, and steps were immediately taken to remove the hacker from its network. Assisted by a third-party computer forensics firm, BioPlus determined its IT environment was… Read More »
Morgantown, WV-based Monongalia Health System has started notifying almost 400,000 patients that some of their protected health information (PHI) may have been obtained by unauthorized individuals in a recent cyberattack. The security incident came to light when one of its vendors reported not receiving a July 2021 payment that had left Monongalia Health’s accounts. The… Read More »
Paducah, KY-based Southern Orthopaedic Associates (SOA) has started notifying 106,910 patients about a breach of some of their protected health information. SOA detected unauthorized activity in an employee email account on or around July 8, 2021. Steps were immediately taken to secure the account and an investigation was launched to determine the nature and scope… Read More »
The number of reported healthcare data breaches has increased for the third successive month, with November seeing 68 data breaches of 500 or more records reported to the HHS’ Office for Civil Rights – a 15.25% increase from October and well above the 12-month average of 56 data breaches a month. From January 1 to… Read More »
The Department of Health and Human Services’ Office for Civil Rights (OCR) has published new guidance to explain how the HIPAA Privacy Rule applies to disclosures of protected health information (PHI) to support applications for extreme risk protection orders. In June 2021, the U.S. Department of Justice published model legislation to provide states with a… Read More »
The CyberPeace Institute has released new data on cyberattacks on the healthcare industry. According to the latest figures, 295 cyberattacks are known to have been conducted on the healthcare sector in the past 18 months between June 2, 2020, and December 3, 2021. The attacks have been occurring at a rate of 3.8 per week… Read More »
The original vulnerability identified in Log4j (CVE-2021-44228) that sent shockwaves around the world due to its seriousness, ease of exploitation, and the extent to which it impacts software and cloud services, is not the only vulnerability in the Java-based logging utility. After releasing version 2.15.0 to fix the flaw, it was determined that version 2.15.0… Read More »
In 2019, it was alarming that healthcare data breaches were being reported at a rate of more than 1 a day. In 2021, there have been several months where healthcare data breaches have been occurring at a rate of more than 2 per day. With data breaches occurring so regularly and ransomware attacks disrupting healthcare… Read More »