Four healthcare providers have recently announced their IT systems have been compromised and patient data may have been accessed. Hacker Gains Access to Server of New York Psychotherapy and Counseling Center New York Psychotherapy and Counseling Center (NYPCC), an NYC-based non-profit mental health services provider, has announced it was the victim of a cyberattack that… Read More »
Compliancy Group has confirmed the Dubai-based healthcare technology startup Wasfago has implemented an effective HIPAA compliance program and has met the required standards of the Health Insurance Portability and Accountability Act Rules. In Dubai, UAE, the Dubai Health Authority (DHA) provides strategic oversight for the complete health sector and conducts activities to enhance private sector… Read More »
An advanced persistent threat (APT) actor has been conducting an espionage campaign that has seen the systems of at least 9 organizations compromised. The campaign targeted organizations in a range of critical sectors, including healthcare, energy, defense, technology, and education. The campaign was identified by security researchers at Palo Alto Networks and while the identity… Read More »
QRS Inc, a Tennessee-based healthcare technology services company and provider of the Paradigm practice management and electronic health records (EHR) solution, has announced a data breach involving the protected health information (PHI) of almost 320,000 individuals. The cyberattack was detected on August 26, 2021, three days after a server was breached. QRS explained in its breach… Read More »
In healthcare, OSHA and HIPAA compliance are both essential. There are separate standards that must be adhered to for compliance, but there are broad similarities in terms of reporting, recordkeeping, and enforcement. The Occupational Safety and Health Act (OSH Act) The Occupational Safety and Health Act (OSH Act) was signed into law more than 50… Read More »
Boca Raton, FL-based Nationwide Laboratory Services, which was acquired by Quest Diagnostics in the summer, was the victim of a ransomware attack earlier this year. Nationwide Laboratory Services detected a breach of its systems on May 19, 2021, when ransomware was used to encrypt files across its network and prevent files from being accessed. Steps… Read More »
Two high severity vulnerabilities have been identified in the Philips Tasy EMR that could allow sensitive patient data to be extracted from the database. The vulnerabilities can be exploited remotely, there is a low attack complexity, and exploits for the vulnerabilities are in the public domain. Philips says the vulnerabilities affect Tasy EMR HTML5 3.06.1803… Read More »
Seneca Family of Agencies, a California provider of mental health, education, juvenile justice, placement, and permanency services, identified unauthorized activity within its computer systems on August 27, 2021. Action was immediately taken to secure its systems and prevent further unauthorized access, with the subsequent investigation confirming its systems were compromised on August 25. While no… Read More »
Baywood Medical Associates, doing business as Desert Pain Institute (DPI) in Mesa, AZ, has discovered unauthorized individuals gained access to parts of its computer network that contained the protected health information of patients. The security breach was detected and stopped by DPI on September 13, 2021, and a third-party cybersecurity company was engaged to assist… Read More »
Family of Woodstock (FOW), a New York provider of crisis intervention, information, prevention, and support services, has suffered a cyberattack in which the protected health information of 8,214 individuals was potentially compromised. The cyberattack was detected on August 3, 2021, and rapid steps were taken to eject the attackers from its network and restore its… Read More »