Multiple lawsuits have been filed against Massachusetts-based Shields Health Care Group, which suffered one of the largest healthcare data breaches of the year, affecting almost 2 million individuals. The lawsuits have recently been consolidated into a single lawsuit – Biscan v. Shields Health Care Group Inc – that was filed in a Massachusetts federal court… Read More »

According to HHS’ Enforcement Highlights web page, the most common issue alleged in complaints to the Office for Civil Rights (OCR) is impermissible uses and disclosures of Protected Health Information. This is often interpreted as a failure to understand which uses and disclosures are permissible without patient authorizations; however, it could be just as likely… Read More »

One of the problems with developing legislation for the entire healthcare industry is rules must be written for organizations of different sizes, with vastly different business models, budgets, staffing levels, and capabilities. Rules need to be written that are sufficiently flexible to accommodate this variety and be appropriate for all organizations and their unique operating… Read More »

Healthcare organizations can put a host of cybersecurity measures in place to secure their networks and prevent direct attacks by malicious actors, but significant challenges are faced securing the supply chain. Healthcare organizations use vendors to provide services that cannot be handled in-house, and while they provide important services they also create risks that need… Read More »

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Healthcare ransomware attacks can be difficult to accurately… Read More »

The Office of Inspector General of the U.S. Department of the Interior (DOI OIG) has identified bad password management and enforcement practices at the Department of the Interior that are placing critical IT systems at risk. These basic password errors are all too common in the healthcare industry and make it far too easy for… Read More »

The latest data released by the cybersecurity firm Check Point has confirmed that 2022 was a particularly bad year for cyberattacks, which increased globally by 38% year-over-year fuelled by a sizeable increase in attacks on healthcare organizations. Globally, the healthcare industry had the highest percentage increase in weekly cyberattacks of any industry sector, with an… Read More »

The Hive ransomware-as-a-service (RaasS) operation has claimed responsibility for an attack on Consulate Health Care, a Florida-based chain of 140 U.S. nursing homes. The group claims to have stolen 550 GB of data in the attack and said files were encrypted on December 3, 2022. The group posted on its leak site about the breach… Read More »

Captify Health has recently started notifying users of its Your Patient Advisor online service that their sensitive information has been exposed and obtained by unauthorized individuals. In some cases, credit card information was stolen and misused. Captify Health prepares patients for their colonoscopy procedures by providing the colonoscopy preparation products recommended by doctors through its Your… Read More »

Email accounts have been compromised at Legacy Hospice and Live Oak Surgery Center, and a University of Miami Health employee’s personal data breach also saw their work email account compromised, highlighting the risks of employees storing their work login credentials on personal devices. Legacy Hospice Email Account Breach Affects 21,000 Patients Legacy Operating Company, an… Read More »