OCR Settles 5 HIPAA Right of Access Complaints

On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]

2021-12-03T12:46:32-05:00December 3rd, 2021|

HHS Increases Civil Monetary Penalties for HIPAA Violations

Under federal government logic, when the cost of living goes up, the amounts of monetary penalties for violations of certain federal laws must go up too. So, in November of 2021, the Department of Health and Human Services announced that it was raising the civil monetary penalties for each of the four tiers of HIPAA violations. The new dollar values are discussed below. [...]

2021-12-02T16:37:39-05:00December 1st, 2021|

Top 4 Healthcare Cybersecurity Challenges

There are many cybersecurity challenges that face healthcare organizations, particularly as they’ve become more of a target for hackers. This is for several reasons such as the value of protected health information, technological risks, and lack of awareness. To provide guidance, top healthcare cybersecurity challenges are discussed. Healthcare Cybersecurity Challenges Hackers target healthcare data for its value The introduction of new technology [...]

2021-12-02T16:37:41-05:00November 24th, 2021|

Healthcare Ransomware Attack Affects 1.5 Million

An Indiana hospital recently announced that it suffered a healthcare ransomware attack that potentially affected 1.5 million patients. Eskenazi Health began notifying affected individuals on Nov 11, 2021 of the incident after concluding their investigation. What Do We Know About the Healthcare Ransomware Attack? According to a press release published by Eskenazi Health, their security team became aware of suspicious activity on [...]

2021-11-22T14:54:29-05:00November 22nd, 2021|

Completing Your Annual HIPAA Risk Assessment Before the Deadline

You must complete a HIPAA risk assessment each year, and now is the time to do so. Conducting an annual HIPAA risk assessment is an important part of compliance, as well being integral to protecting your business against breaches. This is because risk assessments reveal vulnerabilities, threats, and risks to protected health information (PHI) thus uncovering deficiencies in your current security practices. [...]

2021-11-19T15:59:58-05:00November 19th, 2021|

Medical Device Security Risks Exposed in MRI Machines

The Cybersecurity & Infrastructure Security Agency (CISA) recently released a statement in which they warned of vulnerabilities in Philips MRI 1.5T: Version 5.x.x. and MRI 3T: Version 5.x.x. These medical device security risks have the potential to allow unauthorized access to patient information, and the potential to modify system configurations. What Vulnerabilities Were Uncovered? There were three medical device security vulnerabilities uncovered [...]

2021-11-17T17:38:49-05:00November 17th, 2021|

$130K State HIPAA Settlement Announced

Two printing companies settled with New Jersey over an incident that exposed protected medical and client information. Under the state HIPAA settlement, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI) agreed to pay a $130,000 fine and implement more robust security policies. Why Were They Fined? The incident that led up to the state HIPAA settlement occurred when the [...]

2021-11-15T11:17:19-05:00November 12th, 2021|

2.8 Million Patients Affected by 2021 October Healthcare Breaches

October was Cybersecurity Awareness Month, but that didn’t stop healthcare breaches from surging with 2,817,162 patients affected by breaches last month. The vast majority of 2021 October healthcare breaches were hacking incidents targeting healthcare providers. There were a total of 49 healthcare breaches listed on the OCR breach portal in October: Type of entity breached 37 healthcare providers reported incidents (2,261,319 patients, 80.27% of total patients affected) 6 [...]

2021-11-09T14:28:41-05:00November 9th, 2021|

Cyber Threats in Healthcare and FIN12 Ransomware

Cyber threats in healthcare are constantly evolving and becoming more complex. A recent report released by Mandiant Intelligence uncovered the very real threat FIN12 ransomware poses to the healthcare sector. According to the report, 20% of FIN12 ransomware attacks target the healthcare sector. Healthcare organizations in North America in particular have cause for concern, with 85% of FIN12 ransomware attacks targeting victims in North America. [...]

2021-11-03T16:58:35-04:00November 3rd, 2021|

Is MyFax HIPAA Compliant?

MyFax offers internet fax solutions, allowing users to send faxes online, by email, or from their phones. There are many benefits to using services such as MyFax rather than using traditional faxes, mainly privacy and security. However, as a business working in healthcare, you must consider whether or not a service is HIPAA compliant before choosing which electronic fax provider to use. So, is MyFax HIPAA [...]

2021-10-29T16:33:31-04:00October 29th, 2021|