Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

Missing drives contained PHI on 950K Centene customers

During an inventory of its IT assets, health insurer Centene discovered that six hard drives containing personal and health information on 950,000 customers had gone missing.

Flint hospital hit with cyber attack after Anonymous threatens action

Flint hospital hit with cyber attack after Anonymous threatens action

Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.

Henry Schein to pay $250K to FTC for misleading encryption claims

Henry Schein to pay $250K to FTC for misleading encryption claims

The Henry Schein Practice Solutions, Inc. agreed to pay a $250,000 fine to the FTC for falsely advertising the level of encryption it used to safeguard patient data.

Asbestos bill would expose victims' personal data, medical histories

Asbestos bill would expose victims' personal data, medical histories

Privacy and public interest organizations are petitioning against a bill that attempts to prevent fraud in asbestos lawsuits.

USB ports pose hidden risk for medical facilities

USB ports pose hidden risk for medical facilities

When visiting a medical facility, it can be tempting to charge a mobile device into a spare USB port, but the free charge may contain an unpleasant after-effect.

HHS, HITRUST, Deloitte 'attack' healthcare orgs to test cyber preparedness

HHS, HITRUST, Deloitte 'attack' healthcare orgs to test cyber preparedness

Mock attacks on 12 healthcare organizations to tested the organizations' capabilities in responding to cyber incidents.

North Carolina DHHS reports second email incident in two months

The North Caroline DHHS has announced a second email incident that affected more than 500 patients.

Health and Human Services CIO will be stepping down

Health and Human Services CIO will be stepping down

HHS CIO Frank Baitman is stepping down from his post at the end of the month.

Three-quarters of industry pros say a breach caused by an IoT device is likely

Three-quarters of industry pros say a breach caused by an IoT device is likely

A new report found that nearly three-quarters of industry professionals believe there is a medium or high likelihood of their organization being hacked as a result of the interconnectivity of Internet of Things.

Equipment containing patient data stolen from Illinois orthopedic provider

A laptop and EMG machine containing personal information were stolen from a Barrington Orthopedic Specialists transport vehicle.

Thousands of medical systems found vulnerable to attack

Thousands of medical systems found vulnerable to attack

Researchers presented findings at Derbycon this past weekend that indicated vulnerabilities in thousands of medical systems.

Members of NJ health insurer had data accessed, used in fraud scheme

Several individuals posed as health care professionals and used member information to submit false claims to Horizon Blue Cross Blue Shield of NJ.

London clinic leaks HIV status of 780 patients in newsletter

London clinic leaks HIV status of 780 patients in newsletter

A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.

American Airlines denies hack, but reinforces security efforts

American Airlines denies hack, but reinforces security efforts

American Airlines denied involvement in an apparent security incident at its one-time subsidiary Sabre, but is redoubling its own security measures as a precaution.

UCLA target of class-action suit after breach

A lawsuit filed in a federal court in California accused UCLA Health System of not adequately protecting the personal data of 4.5 million individuals affected by a 2014 breach.

UPMC Health Plan compromises personal data of 722 patients

University of Pittsburgh Medical Center (UPMC) Health Plan announced its third breach in two years, information of 722 patients compromised.

Health orgs asking third party associates to get CSF certification

Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.

Reports tie together Anthem and OPM data breaches

Evidence seems to indicate that the Anthem data breach and OPM data breaches were carried out by the same Chinese actors.

Medical Information Engineering's network breached; undisclosed number of patients compromised

The personal health information, including Social Security numbers and medical conditions, might have been compromised in a cyber attack in May on Medical Information Engineering.

Researcher who found Hospira drug pump flaws says more models are vulnerable

Researcher who found Hospira drug pump flaws says more models are vulnerable

Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.

Researchers publish developer guidance for medical device security

Researchers publish developer guidance for medical device security

The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.

Three MetroHealth computers infected with malware, patients notified

The Ohio-based health care provider is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware.

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.

Study: Root cause of health care breaches shifts to criminal attacks

Study: Root cause of health care breaches shifts to criminal attacks

An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.

ICS-CERT issues advisory on Hospira infusion pump flaws

ICS-CERT issues advisory on Hospira infusion pump flaws

An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.

Sign on the digital line: Case study

Sign on the digital line: Case study

Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.

Hospitals testing AC monitoring platform to spot malware in medical devices

Two unnamed hospitals have signed on to test the WhatsAppDoc platform developed to detect malware in outdated medical devices by monitoring AC consumption.

RSA 2015: In the healthcare industry, security must innovate with business

RSA 2015: In the healthcare industry, security must innovate with business

Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.

In growing market for genetic data, privacy implications prove lasting

In growing market for genetic data, privacy implications prove lasting

Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.

Researchers investigate link between Axiom spy group, Anthem breach

Researchers investigate link between Axiom spy group, Anthem breach

Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.

Up to 18.8 million non-Anthem members possibly affected in breach

Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.

Think you should just be worried about fines? Think again. And think like an attacker.

Think you should just be worried about fines? Think again. And think like an attacker.

When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.

Report: Anthem may have up to $200M in cyber insurance

A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.

Lawsuits filed against Anthem, phishing scams abound

Lawsuits filed against Anthem, phishing scams abound

Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.

Community debates encryption's value in Anthem incident

Community debates encryption's value in Anthem incident

Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.

Skills in demand: Information security analysts - health care

Skills in demand: Information security analysts - health care

The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.

Eleventh Circuit dismisses LabMD motion questioning FTC authority

LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.

HITRUST, Deloitte slate cyber town halls for health care orgs

The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.

HITRUST forms working group for medical device, health system security

The mission of the working group will be to enhance health information technology (HIT) security.

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey Governor Chris Christie signed the legislation last Friday.

HITRUST adds privacy controls to Common Security Framework

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

Landmark HIPAA settlement confirms push to firm up patching schedules

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.

Health billing co., former CEO settle with FTC over data collection

PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.

Healthcare sector's broad data sets will attract increased attacks in 2015

Healthcare sector's broad data sets will attract increased attacks in 2015

A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Security firm Bitglass analyzed three years worth of HHS breach records for its report.

PHI is more valuable than credit cards: Time to get serious about data security!

News about data breaches in the healthcare sector continues unabated.

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.

Securing critical patient privacy & care: Visibility, control and response for healthcare providers

Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Temple University patients impacted by possible breach

The unencrypted desktop computer was stolen from a university physician's office in July.

Central Utah Clinic notifies over 30K patients of potential HIPAA breach

The clinic is warning patients of a potential breach after an unauthorized party accessed a server.

CMS administrator to testify before committee on HealthCare.gov hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

More than 10K electronic medical records compromised at Houston health system

An employee accessed medical records at Memorial Hermann Health System for nonprofessional purposes.

Healthcare orgs prepare for cyber threat readiness test

More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

Health care breaches continue to rise, over 30M affected

As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.

$4 billion breach suit against Sutter Health dismissed

The ruling comes nearly three years after a computer theft occurred at the organization.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

About 18K doctors may have had Social Security numbers exposed

About 18,000 doctors had Social Security numbers included in rosters provided to the Department of Managed Health Care by Blue Cross of California.

St. Vincent Breast Center mails 63K letters to wrong people

St. Vincent Breast Center mailed more than 63,000 letters containing personal information to the wrong people due to a clerical error.

Most health care vendors earn 'D' in data protection, study finds

Most health care vendors earn 'D' in data protection, study finds

A security intelligence report analyzed 150 health care vendors, both small and large.

Salina Family Healthcare Center email gaffe impacts about 10K patients

A Salina Family Healthcare Center employee inadvertently left patient information in a database that was submitted to the National Commission for Quality Assurance.

Laptop stolen from Calif. hospital stored data on more than 500 patients

Riverside County Regional Medical Center has notified 563 patients that their data was on a laptop stolen from a hospital procedure room.

Employee accesses nearly 100K patient files in NRAD Medical Associates breach

A former employee radiologist accessed and acquired data on as many as 97,000 current and former patients of NRAD Medical Associates.

San Diego hospital breach investigation reveals second incident, both human error

An investigation into a Rady Children's Hospital breach involving more than 14,000 patients revealed a separate incident involving more than 6,000 patients.

Penn State Hershey employee takes data home, puts 1,801 patients at risk

A clinical laboratory technician took patient data home, outside the secured Penn State Hershey Medical Center system.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Former employee accessed Bay Park Hospital patient data for a year

An employee of Bay Park Hospital in Ohio accessed information on about 600 patients over the course of a year.

Four computers containing patient data stolen in New Hampshire

More than 1,200 patients of Elliot Hospital in New Hampshire are being notified that their personal information was on four computers that were stolen from an employee's vehicle.

Unencrypted USB drive stolen, 3,000 Humana members in Atlanta impacted

In Georgia, an encrypted laptop and unencrypted USB drive containing information on nearly 3,000 members of health care provider Humana were stolen from an associate's vehicle.

Keylogger malware found on three UC Irvine health center computers

Student and non-student data may have been compromised after keylogger malware was discovered on three computers in the University of California, Irvine, Student Health Center.

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

The agreement marks the largest HIPAA settlement to date.

SSNs on postcards sent to 5,000 former Molina Healthcare members

Social Security numbers may have been printed on postcards sent to more than 5,000 former members of New Mexico-based Molina Healthcare.

Insider breach affects about 2,400 UMass Memorial Medical patients

A former UMass Memorial Medical Center employee accessed patient data, and the information could have been used to open commercial accounts.

Patient data accessible after health staffers act on phishing emails

Unauthorized access may have been gained to the email accounts, which contained patient data, of a small group of Centura Health employees after they responded to phishing emails.

Vendor fired for risking data on 15K Boston Medical Center patients

Boston Medical Center fired a vendor that did not use password protection on a website used by physicians to store patient records.

Humana co. pays HHS $1.7 million after unencrypted laptop breach

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

Anonymous might be culprit behind apparent DDoS attack on children's hospital

No evidence directly links the group to the attacks, but clues hint at Anonymous' signature traits.

Tufts Health Plan data stolen, 8,830 members impacted

Roughly 8,830 current and former members of Tufts Health Plan are being notified that their personal information was stolen.

DDoS attack almost crashes children's hospital website

Officials haven't confirmed a DDoS scheme, but noted the attackers hit the hospital's website with large attacks designed to overwhelm it with traffic.

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Second burglary breach within a month for Coordinated Health

More than 700 Pennsylvania patients have been impacted after Coordinated Health experienced its second burglary-related data breach within a month.

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.

Three laptops stolen from New York podiatry office, 6,475 at risk

Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.

Attack exercise reveals threat-sharing roadblock within health orgs

Attack exercise reveals threat-sharing roadblock within health orgs

In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.

More than 1,400 medical records compromised in Texas breach

More than 1,400 medical records were compromised after unauthorized access was gained to the health records system used by a Texas cardiology clinic.

HHS reveals "high-risk" security issues at Medicaid agencies

HHS reveals "high-risk" security issues at Medicaid agencies

An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.

Medical staffers fall for phishing emails, data on 8,300 compromised

Nearly 20 staffers with Washington-based Franciscan Medical Group were tricked by phishing emails, resulting in a compromise of personal information for 8,300 patients.

Network Rx: Health care security

Network Rx: Health care security

With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.

Devices stolen from Palomar Health staffer, data on 5K patients at risk

An encrypted laptop and two unencrypted flash drives containing personal information on 5,000 patients were stolen from a Palomar Health employee.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US