Venmo is a popular payment platform that allows users to instantly send payments to other Venmo users. Part of the reason it has become so popular is its ease of use and no fee structure. However, what many people fail to realize is that Venmo is owned by PayPal, and they openly share data between the two platforms. As such, when inquiring as to whether or not Venmo [...]
Phishing attacks have long since plagued the healthcare industry, however, as of late, they have rapidly grown in both frequency and scope. Recent healthcare phishing attacks are discussed below. What are Healthcare Phishing Attacks? Healthcare phishing attacks occur when hackers gain access to an organization’s sensitive data through an employee’s email account. This is accomplished by sending an employee, or multiple employees, emails [...]
There are several aspects of HIPAA compliance that elude most businesses. However, failing to address the full HIPAA requirements puts healthcare businesses at risk of breaches and fines. To provide guidance to healthcare organizations, the most common HIPAA compliance issues, and how to address them are discussed. Failing to Conduct Security Risk Analysis Lack of Adequate Security Controls Inadequate Device Security Protections Failing [...]
The influx of third-party breaches should be of concern for any organization working in healthcare. Hackers often target third-party providers to access the sensitive data that they manage for their clients. This fact is evident by the recently announced Kroger pharmacy breach which stemmed from a vulnerability in their file transfer provider, Accellion. More details about the Kroger pharmacy breach are discussed. What We Know About the Accellion [...]
When you think of a HIPAA email breach, generally the breach occurs as the result of a phishing attack. However, the Campbell County Health breach occurred due to something totally unrelated, human error. How Did the HIPAA Email Breach Occur? Campbell County Health reported that, on February 5, an employee of the organization accidentally sent an email to the wrong recipient. The email sent to the unauthorized individual [...]
The Virginia House of Delegates and Senate have passed legislation known as the Virginia Consumer Data Protection Act (CDPA). The bill is expected to reach the desk of Virginia Governor Ralph Northam, who may sign the legislation by as early as the end of February of 2021. The CDPA is modeled on the California Consumer Privacy Act (CCPA), California’s expansive consumer data privacy protection law, and the European [...]
In late 2015, a cyberattacker accessed 21st Century Oncology’s (21CO) network database. As a result, 21CO was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights. 21CO settled with HHS, however, a class action lawsuit was then filed against them. Details on the settlement and the HIPAA data breach lawsuit are discussed below. 21st Century Oncology and OCR Settlement [...]
In September, Nebraska Medicine reported that it had suffered a cyberattack targeting its electronic health records (EHR) system. More details on the EHR breach are discussed. Nebraska Medicine EHR Breach On September 20, 2020, Nebraska Medicine discovered that its networks and servers had been compromised when patient files were unable to be accessed. It quickly became evident that they had suffered an EHR [...]
A recent study concluded that many popular mobile health apps pose a risk to protected health information (PHI) security. The study analyzed the security of 30 health apps that allow healthcare providers to review patient charts and schedules, and found that all of them are vulnerable to API cyberattacks. More details on the risks of mobile health apps are discussed. Risks of Mobile Health Apps: What Did the [...]
In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]