Vishing Attack Targets Spectrum Health Patients

Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack. Spectrum Health Vishing Attack Spectrum received reports that patients and [...]

2020-09-18T09:30:27-04:00September 18th, 2020|

2.2 Million Patients Affected by August Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients on their online breach portal known colloquially as the “wall of shame.” In August, 2,219,347 patients were affected by these large-scale breaches (not counting breaches affecting less than 500 patients), with 37 breaches reported. More details on the August healthcare breaches are discussed below. August Healthcare Breaches: [...]

2020-09-17T12:03:23-04:00September 17th, 2020|

OCR Settles Five Privacy Rule Violations

In September of 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that it settled HIPAA Privacy Rule right of access violations with five separate healthcare entities. The total settlement with all five organizations amounts to $136,500. In each instance, the healthcare provider was fined, and ended up settling with OCR, for its failure to provide patients with timely access to [...]

2020-09-16T09:00:53-04:00September 16th, 2020|

When Can You Disclose PHI Without Authorization? Refusal to Disclose COVID Data Results in Nurse Firing

A nurse at Clinton County Health Department claims she was recently fired for refusing to disclose the names and addresses of patients that had tested positive for COVID to the Clinton County Sheriff's Department. The reason the nurse refused to provide the information stemmed from HIPAA law which states that PHI cannot be disclosed outside of treatment, payment, or healthcare operations, without patient authorization. That raises the [...]

2020-09-15T09:49:59-04:00September 15th, 2020|

OCR Issues Guidance for Mobile Health App Developers

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]

2020-09-14T10:03:12-04:00September 14th, 2020|

Employees Involved in Unauthorized Access to Patient Medical Records of George Floyd

Hennepin County Medical Center (HCMC), the facility that treated George Floyd, fired 13 employees for unauthorized access to patient medical records. More details are discussed below. Unauthorized Access to Patient Medical Records: What Happened HCMC recently discovered that the medical records of George Floyd were illegally accessed by employees of the organization. HCMC first discovered the breach during its routine review [...]

2020-09-11T10:46:50-04:00September 11th, 2020|

Can Universities Reveal News of Coronavirus Infections?

College students’ return to campus in the fall of 2020 has been a popular news item. At a number of schools, students have been disciplined, and in some cases, expelled, for violating rules requiring social distancing and prohibiting large gatherings. Coronavirus infections on campus have been traced to parties, social gatherings, and the fact that students and employees of colleges are all in close proximity. Shockingly, [...]

2020-09-10T09:51:58-04:00September 10th, 2020|

Is SendGrid HIPAA Compliant?

SendGrid is a communication platform used for email marketing, voice, text, chat, and video. As a healthcare organization, you may be looking for a communication platform that you can use for communicating patient’s protected health information (PHI). However, before using a software, you must consider whether or not the platform is HIPAA compliant. The question of, is SendGrid HIPAA compliant, is discussed below. [...]

2020-09-09T10:09:35-04:00September 9th, 2020|

Are Search Engines Compromising PHI Security?

It was recently discovered that advancements in search engine capability may pose a risk to PHI security. Researchers from American College of Radiology (ACR), Radiological Society of North America (RSNA), and Society for Imaging Informatics in Medicine (SIIM) warned healthcare professionals and radiologists of the risk of using medical images for educational purposes. How Can Search Engines Identify Medical Images Optical Character [...]

2020-09-08T10:11:45-04:00September 8th, 2020|

215K Patients Affected in Latest Phishing Attacks in Healthcare

Utah Pathology Services and Dynasplint Systems are the latest victims of phishing attacks in healthcare. More details about the incidents are discussed below. Phishing Attacks in Healthcare: Utah Pathology Services Utah Pathology was targeted by hackers who used an employee’s email account to gain access to the healthcare organization’s network. On June 30, they discovered a breach when hackers tried to redirect [...]

2020-09-04T12:50:45-04:00September 4th, 2020|
Load More Posts