Each year, IBM Security and Ponemon Institute publish their “Cost of a Data Breach Report” in which they assess the previous year’s data breaches. In the 2021 breach report, it was determined that 2020 healthcare data breaches cost organizations $2 million to $9.42 million per incident. Furthering that ransomware attacks cost an organization an average of $4.62 million per incident. With ransomware attacks accounting for more than half [...]
Orlando Family Physicians announced that it suffered a healthcare data breach, potentially exposing the protected health information (PHI) of 447,426 patients. In a statement posted on their website, OFP cites the cause as a phishing email that allowed unauthorized access to the email accounts of four employees. What Happened? On April 15, 2021, OFP discovered that an unauthorized party gained access to an employee’s email account using the [...]
Although the HHS has long stressed the importance of ePHI security, with the influx of healthcare breaches, it is clear that many organizations have not heeded the warning. With an increase in breaches across all industries, cybersecurity has become the focus of many government agencies including the HHS. Earlier this month the HHS published its “Summer 2021 Cybersecurity Newsletter” further emphasizing the importance of information access [...]
TigerConnect is a communications platform that allows users to send secure messages, photos, videos, notes, and voice recordings through their TigerText service. TigerConnect specifically designed their product with healthcare workers in mind, allowing treating physicians to text patients information regarding their care, but is TigerText HIPAA compliant? Find out below. TigerText and HIPAA Compliant Security Features Assessing a software application’s security features [...]
On July 16, 2021, the Campbell, Conroy & O’Neil law firm published a press release revealing that they had been targeted by a PHI ransomware attack in February 2021. Upon discovering the incident, Campbell contracted a third-party forensic firm to determine the nature and scope of the incident. The investigation determined that an unauthorized party had gained access to Campbell’s sensitive information, [...]
As an MSP with healthcare clients, it is important to understand how HIPAA applies to you and your clients. As your clients’ trusted advisor, your clients will rely on you to help them comply with HIPAA. To help you understand your HIPAA obligations, and how to carry them over to your clients, MSP HIPAA compliance tips are discussed below. MSP HIPAA Compliance Tips You [...]
ProtonMail is an email encryption service that is designed with businesses in mind, enabling users to send and receive secure emails. But when you work with protected health information, you must consider more than a software’s security, you must also look at whether or not it is HIPAA compliant. Is ProtonMail HIPAA compliant? Find out by reading below. ProtonMail HIPAA Compliant Email Encryption [...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients on their online breach portal. Each month, we review those breaches to determine what the leading cause behind the previous month’s breaches are. June 2021 healthcare breaches affected 1,039,442 patients, and were predominantly the result of hacking incidents, representing 90.37% of patients affected by June’s breaches. [...]
Zapier is an automation tool that enables software applications to be integrated, allowing products that don’t normally communicate with each other to do so. Being able to integrate, say your CRM with your email service provider, allows you to work more efficiently. However, as an organization working in the healthcare field, you have to be careful when choosing which software to use, and how your organization uses the [...]
Former healthcare worker was discovered to have been improperly accessing patient files through an EHR platform for 12 years. Over this time period they accessed 7,000 patients’ files without the need to do so. More details on the EHR HIPAA violation are discussed below. Aultman Health Foundation in Ohio Insider Breach Aultman Health Foundation in Ohio, the organization where the healthcare worker [...]