Ransomware gangs often use double extortion tactics to encourage victims to pay the ransom. In addition to file encryption, sensitive data are stolen and a threat is issued to sell or publish the data if the ransom is not paid. The Federal Bureau of Investigation (FBI) has recently issued a private industry notification warning of… Read More »
This article includes a summary of the Occupational Safety and Health Act of 1970, compliance with which is enforced by the Occupational Safety and Health Administration (OSHA). At the end of the article, there is a guide for creating an OSHA compliance checklist. An OSHA compliance checklist is a checkbox list of all OHSA requirements… Read More »
Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, but data breaches involving physical records are also commonplace. According to the Verizon Data Breach Investigations Report, disclosed physical records accounted for 43% of all breaches in… Read More »
The Department of Health and Human Services’ Office for Civil Rights has advised HIPAA-covered entities to assess the protections that they have implemented to secure their legacy IT systems and devices. A legacy system is any system that has one or more components that have been supplanted by newer technology and reached end-of-life. When software… Read More »
The advanced persistent threat (APT) actor Nobelium (aka APT29; Cozy Bear) that was behind the 2020 SolarWinds supply chain attack is targeting cloud service providers (CSPs), managed service providers (MSPs), and other IT service providers, according to a recent alert from Microsoft. Rather than conducting attacks on many companies and organizations, Nobelium is favoring a… Read More »
The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers. CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October… Read More »
Patients want a convenient way to communicate with their healthcare providers; however, care must be taken when choosing a communication platform as the Health Insurance Portability and Accountability Act covers patient communications and many platforms are not compliant with the HIPAA Rules. On November 18, Compliancy Group will be hosting a webinar to explain how… Read More »
A federal judge has ruled in favor of University of Mississippi Medical Center (UMMC) in an unauthorized access and data theft case against three former employees. UMMC took legal action against Dr. Spencer Sullivan and other former employees over the alleged theft and use of patients’ medical records. In July 2014, UMMC hired Dr. Sullivan… Read More »
Lavaca Medical Center, a critical access hospital in Hallettsville, TX, has started notifying 48,705 patients about a security breach in which their protected health information was exposed. Lavaca Medical Center said unusual activity was detected in its computer network on August 22, 2021, indicating a potential cyberattack. Steps were immediately taken to secure its network… Read More »
Tech Etch, a Plymouth, MA-based manufacturer of precision-engineered thin metal components, flexible printed circuits, and EMI/RFI shielding, has announced it was the victim of a ransomware attack in which the personal and protected health information of current and former employees was potentially compromised. Companies such as Tech Etch would not normally be required to comply… Read More »