Email common link in many large HIPAA breaches

Several recent large data breaches involving email mishaps serve as a reminder of precautions that healthcare entities must take with protected health information contained in digital communications that are sent or received by their organizations.

Recent incidents listed on the HHS “wall of shame” include two incidents at the North Carolina Dept. of Health and Human Services. Another reported incident, not yet publicly posted on the HHS website, occurred at the University of Cincinnati Health.

Read More

Are you prepared in the event of a HIPAA breach?

HIPAA is not a new issue for healthcare providers; however, the ever changing threat landscape along with the OCR’s renewed commitment to compliance and enforcement, reinforces the need for healthcare providers to ensure that they are focused on preparing for privacy or security issues that are increasingly occurring.

Read More

Individuals Affected by Identity Theft in 2015 Continues to Multiply

As the healthcare industry continues to digitize patient records, that data is a growing target for cybercriminals intent on committing medical identity theft and fraud.

The number of individuals affected by medical identity theft in the U.S. increased 22 percent in 2014 compared to the previous year—an increase of nearly half a million victims.

Read More

Boston Hospital Fined $218,000

St. Elizabeth’s Medical Center in Massachusetts has been hit with a $218,000 HIPAA penalty. This penalty is the result of an investigation stemming from two security incidents.

The first incident involved staff members using an Internet site to share documents containing patient data without first assessing risks. The second involved the theft of a worker’s personally owned unencrypted laptop and storage device.

Read More

Business Associate Breaches: Are you secure?

Recent health data breaches once again have business associates (BAs) grabbing headlines, which reinforces the importance of scrutinizing third-parties handling PHI.

Recently North Shore-LIJ Health System reported that they did not learn about a breach at one of their BA’s until eight months later. Shortly thereafter, Medical Informatics Engineering, which offers a Web-hosted electronic health record system as well as personal health records, disclosed that they were the target of a breach that affected its clients and their patients.

Read More

Phishing attack the cause of security breach

Beacon Health System of Indiana, which includes two hospitals: Elkhart General Hospital, Elkhart, and Memorial Hospital, South Bend, recently had to notify patients about a security breach. The breach was caused by a phishing attack targeting employee emails. An investigation showed that some of the emails were compromised as early as 2013 and the breach was not discovered until March 2015. Among the information accessed were names, Social Security numbers, birth dates, and drivers license numbers.

Read More

Hackers Increasing Their Attacks on Healthcare Organizations

The Department of Health and Human Services count of major health data breaches shows the healthcare sector to be a growing target for hackers, particularly for hackers using phishing attacks.

As of April 29, the HHS’s website that displays breaches that affected at least 500 people shows 1,213 incidents affecting more than 133.2 million individuals since the HIPAA breach notification rule went into effect in September 2009. The recent attack against Anthem, accounts for 78.8 million of those victims.

Read More

29 Million Health Records Compromised, Hacking Doubled from 2010-2013

A recent study published in JAMA demonstrates the continuing threat posed to patients and healthcare providers by data breaches. Between 2010 and 2013 they found that there were 949 breaches reported to the HHS that each affected more than 500 people. In total there were over 29 million health records exposed by data breaches during that time.

The study also found that breaches resulting from hacking nearly doubled during the period the study covered. This trend is likely to continue without increased vigilance on the part of covered entities everywhere.

Read More

Phishing Continues To Present New Threats

The cyber-attack against Anthem Inc., which the insurer says may have started with a spear-phishing campaign targeting five of its employees, is a warning sign of the kinds of sophisticated schemes that may be common in the year ahead.   If the Anthem breach is a result of phishing it’s emblematic of what many security experts are expecting to see in the evolution of attacks against companies and their employees.   Risks From Social...

Read More