phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

Security

HIPAA & Cybersecurity Updates

  • ZDNet magazine now reports that 50% of hacking attacks on healthcare industry involve ransomware.
  • The federal government announced that the year 2020 set a record for number of breaches in the U.S. healthcare industry.
  • Socialarks, a social media management company, exposed 400 gigabytes of personal info from 214 million users due to an unsecure online database.
  • President Donald Trump officially signed HR 7898 into law on January 5, 2021
    • The HIPAA Safe Harbor bill amends the HITECH act to require the Department of Health and Human Services to incentivize best practice cybersecurity for meeting HIPAA requirements.
    • The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.
    • requires that HHS take cybersecurity into consideration when calculating fines related to security incidents
    • required to decrease the extent and length of an audit, if it’s determined the impacted entity has indeed met industry-standard best practice security requirements.
    • “this provision serves as a positive incentive for health providers to increase investment in cybersecurity for the benefit of regulatory compliance and, ultimately, patient safety,”
  • A global law enforcement operation has taken down DarkMarket, which Europol describes as the world’s largest underground marketplace of illegal goods on the dark web.
    • DarkMarket has generated $170.2 million in revenue by selling drugs, malware, credit cards and more
    • arrested a 34-year-old Australian alleged to have operated DarkMarket
    • also shuttered 20 servers used to host the illicit market located in Moldova and Ukraine
    • DarkMarket had more than 500,000 users, including 2,400 actively selling content, resulting in more than 320,000 transactions
  • Rogue malware that can hack into an Android-based smartphone is up for sale on the Dark Web for as little as $29.99
  • Leon Medical Centers of Florida notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Promutuel Insurance company notified 630,000 customers that their info was exposed after being posted online by a ransomware hacker.
  • Banner Health, headquartered in Phoenix, AZ, announced it has agreed to pay $200,000 to settle allegations of not providing patients with timely access to their PHI.
  • Check Point Cybersecurity announced that its research shows that 43% of all email phishing attempts are attempting to pass themselves off as messages from
  • Wall Street Journal reported that the TikTok app is exploiting a loophole to collect unique identifiers from millions of Android-based smartphone users and provide to Chinese government.
  • Ring, the video doorbell company, notified an unknown number of customers that their info was exposed after a security flaw was discovered.
  • Clearfield County government of Pennsylvania notified an unknown number of citizens that their info may have been exposed after ransomware attack.
  • Beebe Medical Foundation of Lewes, Delaware notified an unknown number of patients that their PHI was exposed after a ransomware attack.
  • Stormont Vail Health of Topeka, Kansas notified an unknown number of patients that their PHI may have been exposed after an employee illegally shared website access to outsiders.
  • The Puget Sound Educational Service District notified an unknown number of students in King and Pierce counties of Washington, that their info may have been exposed after ransomware attack.
  • Clark Hill Law Firm, headquartered in Detroit, MI, notified an unknown number of clients that their info may have been exposed after cyberattack.
  • United Nations Environmental Program notified 100,000 people that their info may  have been exposed after cybersecurity incident.
  • Start Skydiving of Middletown, Ohio notified an unknown number of employees and customers that their info may have been exposed after being illegally accessed by a former employee.
  • Galstan & Ward Family and Cosmetic Dentistry of Suwanee, GA notified 10,759 patients that their PHI was exposed after ransomware attack.
  • Gastroenterology Consultants Ltd. of Nevada notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Golden Gate Regional Center of San Francisco, CA notified 11,315 patients that their PHI was exposed after ransomware attack.
  • Taylor Made Diagnostics of Virginia notified 3,464 patients that their PHI was exposed after ransomware attack.
  • Warren-Washington-Albany ARC of New York notified 1,000 patients that their PHI was exposed after ransomware attack.
  • New Jersey Dental Hygienists’ Association notified 160,000 patients that their PHI was exposed after ransomware attack.
  • Reconstructive Orthopedic Center of Houston, TX, notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Paramount Dental Studio of Huntington Beach, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Coldwater Orthodontics of Michigan notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Delta Dental Plans Association of Illinois notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • All About potential Family Chiropractic of South Dakota notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Crozer-Keystone Health System of Pennsylvania notified 6,863 patients that their PHI was exposed after ransomware attack.
  • Capcom Video Games notified “thousands” of customers that their info was exposed after ransomware attack.
  • Pitkin County government in Colorado notified an unknown number of citizens that their info was exposed after cybersecurity incident.
  • Ronald McDonald House Charities, headquartered in Chicago, IL, notified 18,000 guests that their info was exposed after ransomware attack.
  • Excellus Health Plan, Inc., headquartered in Rochester, NY, has agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over 9.3 million people.
  • Gainwell Technologies, headquartered in Conway, Arkansas, announced that someone may have gained unauthorized access to 1,200 participants’ information in Wisconsin’s Medicaid program.
Share this post