New Jersey state regulators have smacked two vendors with a hefty financial settlement and corrective action plan for their involvement in a 2016 printing and mailing mishap that compromised the health information of nearly 56,000 residents.
Two recently reported hacking incidents - each affecting tens of thousands of individuals - serve as contrasting examples of the wide range of time and difficulty it takes for some entities to determine and report protected health information breaches.
A recent large hacking incident and a separate vulnerability disclosure involving two different vendors' products related to electronic health records serve as reminders of the potential risks these systems can pose to patients' protected health information.
Ransomware incidents are becoming a major cause of health data breaches affecting millions of individuals that have been reported so far in 2021, according to the latest additions to the federal tally. What else is topping the list?
A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals. Meanwhile, Las Vegas Cancer Center reportedly fell victim to a ransomware attack during Labor Day weekend.
Federal regulators are reminding healthcare organizations about the critical importance of addressing security risks involving legacy systems and devices - including specialty software and gear - that are often difficult for entities to replace. What steps should entities take?
Massachusetts-based UMass Memorial Health is the latest large healthcare network to report an email phishing incident that potentially compromised hundreds of thousands of individuals' protected health information. The unauthorized email access lasted about seven months.
A ransomware attack on a medical practice management services firm that included the possible "removal" of files containing patient information is among the latest security incidents involving similar third-party vendors.
Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.
Chronic disease management firm Omada Health has been changing its approach to cloud intrusion prevention and detection, which is reducing time spent on investigating false positives, says the company's information security leader, Bill Dougherty.
The Professional Dental Alliance is notifying more than 170,000 individuals in about a dozen states of a phishing breach involving an affiliated vendor that provides nonclinical management services to dental practices owned by PDA. Why is breach notification so complicated?
The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the notification delay.
A flurry of hacking incidents and other recent breach developments highlight the cyberthreats and risks facing fertility healthcare and other related specialty providers that handle sensitive patient information.
A federal law signed earlier this year amending the HITECH Act could help incentivize many healthcare sector entities to bolster their cybersecurity programs, says federal adviser Erik Decker, CISO of Intermountain Health, who suggest other incentives, as well.
The expanded recall of insulin pump devices due to vulnerabilities that pose the risk of injury or death to patients and a recent malpractice lawsuit alleging that the effects of a ransomware attack led to a baby's death are the latest warnings of dangers posed by security issues in medical gear.