All Posts in Category: HIPAA Breach

hospitals hit with ransomware

2 More Hospitals Hit With Ransomware

Hospitals and healthcare providers are increasingly falling victim to crypto-ransomware attacks. While attacks over the past few months have not been highly targeted thus far, they have caused a great deal of disruption. And disruptions at hospitals can have a much more dire impact than at most other organizations vulnerable to malware-based extortion.

Read More
northwell health hipaa settlement

Northwell Health HIPAA Settlement-Agrees To Pay $3.9M

The Feinstein Institute for Medical Research has agreed to settle potential HIPAA violations with a $3.9 million payment and a substantial corrective action plan.

Feinstein is a biomedical research institute based in Manhasset, N.Y., that falls under the Great Neck, N.Y.-based Northwell Health enterprise. In 2012, Feinstein reported a data breach after a computer containing the electronic protected health information of nearly 13,000 patients and research participants was stolen from an employee’s car. Information stored on the laptop included names, birth dates, addresses, Social Security numbers, diagnoses, laboratory results, medications and other medical information.

Northwell Health HIPAA Settlement

HHS’ Office of Civil Rights launched an investigation into the breach and determined Feinstein’s security management processes to be incomplete and insufficient to address potential risks and vulnerabilities of electronic PHI, including failure to restrict access to unauthorized users and a lack of policies and procedures to govern the removal of laptops out of its facilities.

“Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

Read More
CAM HIPAA Solutions for HIPAA Consulting in Los Angeles


Three data breaches have been reported by pharmacy stores in the past two months, resulting in the PHI of almost 13,000 pharmacy customers being exposed or disclosed to unauthorized individuals.

Walmart Reports Breach of 4,800 Patients’ Data


Walmart stores recently announced that some of its online pharmacy customers may have had their names, addresses, date of births, and prescription histories exposed as a result of a coding error that was made while the company was migrating data between servers.

Between February 15 and February 18, 2015, online customers who logged into the company’s online pharmacy may have been able to view the data of other customers who logged in at the exact same time. No Social Security numbers or financial data were exposed as a result of the coding error.

Dan Toporek, a spokesperson for Walmart, said a few thousand individuals had been affected, although this is a small percentage of the number of individuals who used the company’s online pharmacy during the four-day stretch.

The data breach has now been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), with the breach report indicating 4,800 patients were affected. Toporek said there is no reason to believe that any data have been used inappropriately, although all customers who had their data exposed as a result of the error would be individually notified and offered identity protection services.

Hard Drive Containing 3000 Customers’ PHI Stolen in Roark’s Pharmacy Burglary


A burglary at Roark’s Pharmacy in Oneida, TN., in January has impacted 3,000 of the store’s customers. A hard drive containing customer prescription information and personal data was stolen by thieves who broke in to the pharmacy in the early hours of January 13. The break-in and theft was discovered four hours later when pharmacy owner, Terry Roark, arrived to open the store at 6:30am.

The thieves had taken all of the pharmacy’s narcotics, $400 in cash, and a computer hard drive containing the data of 3,000 customers. The thieves are understood to have broken in in order to steal narcotics, and took other items of value, including the hard drive. The thieves gained access to the building by sawing through the door and removing it from its hinges. While law enforcement officers have investigated the burglary and obtained CCTV footage from the service station next door, the DVR system linked to the pharmacy’s CCTV cameras was also stolen in the break-in. No suspects have been arrested.

5,000 Customers Affected by Locust Fork Pharmacy Data Breach


Locust Fork Pharmacy in Alabama has reported a security incident to the Office for Civil Rights that has affected 5,000 of its customers. The incident is listed as an “unauthorized access/disclosure”, although no further information has been made available about the incident.

Read More
montana va privacy violations

Missing Box of Records Among Montana VA Privacy Violations

FORT HARRISON – A recent report shows a pattern of patient privacy violations at the Veterans Affairs medical system. And the VA Montana at Fort Harrison has not been immune — with dozens of violations since 2011, including the apparent disappearance of a box containing the records of 171 patients.

Online news organization ProPublica obtained the data from the U.S. Department of Veterans Affairs and the U.S. Department of Health and Human Services Office of Civil Rights, which track violations of the the nation’s main privacy law — the Health Insurance Portability and Accountability Act, or HIPAA.

The report shows 59 HIPAA violations in Montana reported in 2011 or thereafter — 44 of them involving VA Montana (including two violations at the VA’s Denver office that involved Montana patients).

Nearly all of the HIPAA violations involved mistakenly sending information, bills or lab results to the wrong veteran.

But one violation stands out: Back in 2010, the VA in Sheridan, Wyoming sent a box with the records of 171 veterans to the wrong location — a VA warehouse at Fort Harrison, where a VA worker signed for it, according to a letter uncovered by ProPublica.

“Following receipt at the VA’s warehouse, the box was lost and never found,” the regional director of the USHHS Office of Civil Rights recounted in a letter to the VA in November 2011. The letter says it’s possible warehouse personnel forwarded the papers to the correct recipient, the Network Authorization Office. But the NAO was unable to confirm it ever got them. The VA revised its mail procedures as a result of the breach, the letter says, and instituted a new software system to the allow the NAO access to scanned records to perform its audits.

In another case, an unauthorized VA staffer found a patient’s cell phone number in medical records. In all cases, the VA provided credit monitoring services for those affected.

In an email a VA Montana spokesman noted that the most common violation — information mailed to the wrong veteran — occurred in just 18 of the more than 500,000 mailing VA Montana sent in Fiscal Year 2015. “Despite the incredibly low incidence of missed mailings, VA Montana has worked diligently to reduce them entirely by implementing strict staff procedures that emphasize quality and accountability,” the spokesman, Mike Garcia, wrote.

The VA requires annual privacy and information security training for all its employees and contractors, he said, and they are required to report all violations. In addition to the 44 violations connected to the VA, the ProPublica data shows 15 violations at health care providers and others in Montana.

Available details on most of those violations are sparse, but the incidents include the 2014 hack of data at the Montana Department of Public Health and Human Services, in which hundreds of thousands of pieces of sensitive information may have been vulnerable.

Original Content by KBZK

Read More
Dangers of Unsecure Texting HIPAA

Minimizing Mobile Risks in Healthcare

Minimizing emerging threats to mobile devices and applications should be a top health data breach prevention priority for 2016!

“What we’re seeing from the new [threat] vector perspective is that a lot of mobile is coming to the spotlight,” says Bowen, chief privacy and security officer and founder of the security firm ClearDATA.

“We’ve seen this trend for the last few years where we can use a mobile device in an incredibly effective way to enable healthcare to deliver amazing patient care,” he says in an interview with Information Security Media Group. “Some of the greatest innovations happen that way. Unfortunately, at times, the mobile device has been enabled with great software that doesn’t necessarily consider the entire ecosystem from a hardening perspective.”

The only way to stay ahead of emerging threats is to “employ a security-first strategy, make sure you’re doing vendor diligence, and make sure you’re implementing a defense-in-depth strategy that considers every layer of security,” he says.

For instance, healthcare organizations need to realize that mobile software may be storing logs that could contain personally identifiable information for a patient. Also, “you may be incorporating data flows from inside and outside that application that may not be hardened,” he notes.

Additionally, mobile data is at risk “because people are still lugging laptops around without encryption,” he notes.

In fact, about one-third of incidents listed on the Department of Health and Human Services “wall of shame” website of major health data breaches affecting 500 or more individuals since September 2009 involve unencrypted lost or stolen laptops or other portable electronic devices.

It’s also important to vet technology suppliers, he stresses. “We see new entrants into the healthcare market – and sometimes that’s a great thing, and other times it’s shocking how lax the security can be, even from security vendors who really claim to embrace a security-in-depth strategy.”

Other Threats

In developing strategies to fight against hacker attacks, which were pervasive in 2015, organizations need to take steps to make sure social engineering tactics fail, he says. “Hackers are really going after the easiest targets first,” he points out. “It’s not about stealing a database of credentials. It’s more about stealing credentials one phishing email or keystroke logger at a time.”

In the interview, Bowen also discusses:

  • Other security weaknesses that make healthcare organization easy targets for cyberattacks, and what those entities can do to bolster security;
  • How healthcare entities can better prevent and detect breaches involving insiders, including members of their workforce as well as business associates;
  • Three lessons that can be learned from the top healthcare breaches in 2015.

Bowen is the chief privacy and security officer and founder of security firm ClearDATA. He manages the risks and business impacts faced by global healthcare organizations, with a specific focus on cyberthreats, privacy violations, security incidents, social engineering attempts and data breaches. Bowen is a Certified Information Privacy Professional,Certified Information Privacy Technologist and Certified Information Systems Security Professional.

Full interview here

Read More

Think 2015 HIPAA breaches were bad, 2016 will be worse

Without a doubt, 2015 was the year of the healthcare mega-breach and a major turning point for the sector.

Some 56 major hacker attacks affecting a total of nearly 112 million individuals occurred in 2015, according to the Department of Health and Human Services. The largest of these cyber-attacks hit health insurer Anthem, affecting nearly 79 million individuals, making it the biggest healthcare breach ever reported to HHS.

“2015 was a blaring wake-up call to healthcare entities and their business associates that protected health information of their patients is a bulls-eye for fraudsters and other cyber-criminals as well as nation states eager to steal IDs,” HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee

In the blog, McGee:

  • Reviews major healthcare breaches in 2015;
  • Analyzes the severity of healthcare breaches in 2015 compared with previous years’ incidents; and
  • Advises organizations to pay close attention to the breach pain their peers suffered in 2015.

“Watch your back, and especially your databases, networks, email systems and medical devices in 2016,” McGee says, “because clearly hackers are watching them, too, waiting for an easy way in.”

In 2016 expect to see an surge in cyber-attacks and breaches on both the national and local scale. Implementing some basic preventative measures can pay off in big ways in the near future.

  • System monitoring and patch management
  • Redundant disaster recovery plans
  • Both hardware and software network protection
  • Full Disk Encryption
  • Current Anti Virus protection
  • Proper employee education  on Policies and Procedures

Take the steps today to secure your patients information tomorrow. Give us a call at CAM to help with these measures and more 888-959-0220.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website