The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.
During an inventory of its IT assets, health insurer Centene discovered that six hard drives containing personal and health information on 950,000 customers had gone missing.
Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.
The Henry Schein Practice Solutions, Inc. agreed to pay a $250,000 fine to the FTC for falsely advertising the level of encryption it used to safeguard patient data.
Privacy and public interest organizations are petitioning against a bill that attempts to prevent fraud in asbestos lawsuits.
When visiting a medical facility, it can be tempting to charge a mobile device into a spare USB port, but the free charge may contain an unpleasant after-effect.
Mock attacks on 12 healthcare organizations to tested the organizations' capabilities in responding to cyber incidents.
The North Caroline DHHS has announced a second email incident that affected more than 500 patients.
HHS CIO Frank Baitman is stepping down from his post at the end of the month.
A new report found that nearly three-quarters of industry professionals believe there is a medium or high likelihood of their organization being hacked as a result of the interconnectivity of Internet of Things.
A laptop and EMG machine containing personal information were stolen from a Barrington Orthopedic Specialists transport vehicle.
Researchers presented findings at Derbycon this past weekend that indicated vulnerabilities in thousands of medical systems.
Several individuals posed as health care professionals and used member information to submit false claims to Horizon Blue Cross Blue Shield of NJ.
A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.
American Airlines denied involvement in an apparent security incident at its one-time subsidiary Sabre, but is redoubling its own security measures as a precaution.
A lawsuit filed in a federal court in California accused UCLA Health System of not adequately protecting the personal data of 4.5 million individuals affected by a 2014 breach.
University of Pittsburgh Medical Center (UPMC) Health Plan announced its third breach in two years, information of 722 patients compromised.
Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.
Evidence seems to indicate that the Anthem data breach and OPM data breaches were carried out by the same Chinese actors.
The personal health information, including Social Security numbers and medical conditions, might have been compromised in a cyber attack in May on Medical Information Engineering.
Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."
TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.
The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.
The Ohio-based health care provider is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware.
ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.
An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.
An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.
Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.
The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.
Two unnamed hospitals have signed on to test the WhatsAppDoc platform developed to detect malware in outdated medical devices by monitoring AC consumption.
Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.
Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.
Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.
Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.
When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.
A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.
Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.
Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.
Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.
The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.
LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.
The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.
The mission of the working group will be to enhance health information technology (HIT) security.
New Jersey Governor Chris Christie signed the legislation last Friday.
The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.
Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.
PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
Security firm Bitglass analyzed three years worth of HHS breach records for its report.
News about data breaches in the healthcare sector continues unabated.
Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.
A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.
The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.
Cybercriminals are primarily after patient data as it really gets them more money.
Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.
Aventura Hospital and Medical Center has reported a data breach for the third time in two years.
The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.
The unencrypted desktop computer was stolen from a university physician's office in July.
The clinic is warning patients of a potential breach after an unauthorized party accessed a server.
Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.
An employee accessed medical records at Memorial Hermann Health System for nonprofessional purposes.
More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.
Under its new protocol, app developers are prohibited from selling users' personal health information.
GMR Transcription Services in California agreed to settle FTC charges related to its security practices.
Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.
As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.
The ruling comes nearly three years after a computer theft occurred at the organization.
Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.
About 18,000 doctors had Social Security numbers included in rosters provided to the Department of Managed Health Care by Blue Cross of California.
St. Vincent Breast Center mailed more than 63,000 letters containing personal information to the wrong people due to a clerical error.
A security intelligence report analyzed 150 health care vendors, both small and large.
A Salina Family Healthcare Center employee inadvertently left patient information in a database that was submitted to the National Commission for Quality Assurance.
Riverside County Regional Medical Center has notified 563 patients that their data was on a laptop stolen from a hospital procedure room.
A former employee radiologist accessed and acquired data on as many as 97,000 current and former patients of NRAD Medical Associates.
An investigation into a Rady Children's Hospital breach involving more than 14,000 patients revealed a separate incident involving more than 6,000 patients.
A clinical laboratory technician took patient data home, outside the secured Penn State Hershey Medical Center system.
Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.
An employee of Bay Park Hospital in Ohio accessed information on about 600 patients over the course of a year.
More than 1,200 patients of Elliot Hospital in New Hampshire are being notified that their personal information was on four computers that were stolen from an employee's vehicle.
In Georgia, an encrypted laptop and unencrypted USB drive containing information on nearly 3,000 members of health care provider Humana were stolen from an associate's vehicle.
Student and non-student data may have been compromised after keylogger malware was discovered on three computers in the University of California, Irvine, Student Health Center.
The agreement marks the largest HIPAA settlement to date.
Social Security numbers may have been printed on postcards sent to more than 5,000 former members of New Mexico-based Molina Healthcare.
A former UMass Memorial Medical Center employee accessed patient data, and the information could have been used to open commercial accounts.
Unauthorized access may have been gained to the email accounts, which contained patient data, of a small group of Centura Health employees after they responded to phishing emails.
Boston Medical Center fired a vendor that did not use password protection on a website used by physicians to store patient records.
A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.
No evidence directly links the group to the attacks, but clues hint at Anonymous' signature traits.
Roughly 8,830 current and former members of Tufts Health Plan are being notified that their personal information was stolen.
Officials haven't confirmed a DDoS scheme, but noted the attackers hit the hospital's website with large attacks designed to overwhelm it with traffic.
The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.
More than 700 Pennsylvania patients have been impacted after Coordinated Health experienced its second burglary-related data breach within a month.
A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.
Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.
In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.
More than 1,400 medical records were compromised after unauthorized access was gained to the health records system used by a Texas cardiology clinic.
An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.
Nearly 20 staffers with Washington-based Franciscan Medical Group were tricked by phishing emails, resulting in a compromise of personal information for 8,300 patients.
With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.
An encrypted laptop and two unencrypted flash drives containing personal information on 5,000 patients were stolen from a Palomar Health employee.
Sign up to our newsletters
SC Magazine Articles
- Skype targeted by T9000 backdoor trojan
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Student SSNs exposed in University of Central Florida breach
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- Senate, House OK Judicial Redress Act, send to Obama to sign
- Hearthstone gamers who download cheats may be cursed with malware
- Cryptowall has been a cash bonanza for criminals, failure for cops
- IRS hackers try to use stolen SSNs to generate E-file PINs
- Report: Pros urged to roll out IT projects before they are security-ready