phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

Security in Healthcare?

HIPAA & Cybersecurity Update

  • 16 healthcare privacy incidents reported by Becker’s Hospital Reviewin November:
    • TennCare notified 43,847 members of breach
    • Children’s Minnesota notified 37,942 patients
    • InterMed of Portland, Maine notified 30,000 patients
    • Sweetser of Saco, Maine notified 22,000 patients
    • Utah Valley Eye Center notified 20,000 patients
    • The University of North Carolina Chapel Hill School of Medicine notified 3,716 patients
    • Select Health Network of Mishawaka, IN notified 3,582 patients
    • Florida Blue notified less than 1 percent of its members
    • Saint Francis Healthcare System of Cape Girardeau, MO notified an unknown number of patients
    • Starling Physicians of Rocky Hill, CT notified an unknown number of patients
    • Main Street Clinical Associates of Durham, NC notified an unknown number of patients
    • Solara Medical Supplies notified an unknown number of patients
    • Salem Health of Oregon notified an unknown number of patients
    • Veritas Genetics notified an unknown number of patients
    • Washington University School of Medicine notified an unknown number of patients
    • Brooklyn Hospital Center of New York notified an undisclosed number of patients
    • (when a healthcare facility has a breach, it is good time to contact them to discuss a HIPAA Risk Assessment from AllCovered, audit trail management solution, i.e. bizhub SECURE Alert, and secure print release, i.e. Output Mgr)
  • Tex-Mex restaurant chain On The Border has informed customers this week that their payment card information may have been stolen by hackers.
    • incident impacts restaurants in 27 states, including Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas and Virginia.
  • T-Systems, maker of urgent care software, reported a ransomware attack on its servers
    • temporarily affected the availability of its Advanced Coding System (ACS) services
  • A recent FBI report warned smart TV users that hackers can also take control of your unsecured TV.
    • “At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you,” explained the FBI.
    • found recent Samsung, TCL Roku TV, Vizio, and LG TVs are still watching every second of what you’re viewing.
  • Kaspersky researchers say that Network Attached Storage (NAS) devices are now also under direct threat from malware operators.
    • To begin an attack chain, operators will first perform a scan of a range of IP addresses to find NAS devices that are accessible via the Internet. Exploits of unpatched vulnerabilities are then attempted, and if successful, Trojans will be deployed and data encryption of all devices connected to the NAS drive begins.
  • US District Court in Pittsburgh, PA has indicted Maksim Yakubets and Igor Turashev of Russia as the main figures in a group which inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities.
    • “Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever
    • Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer.
  • More than 261,300 documents belonged to AT&T, Verizon and T-Mobile subscribers that show names, addresses, phone numbers and call histories were inadvertently made publicly accessible on an unprotected website by a Sprint contractor, according to TechCrunch magazine
    • Bank statements were also found in the bucket, in addition to usernames, passwords and PINS – allowing anyone to access these accounts.
  • Hackensack Meridian Health of New Jersey said its “core clinical systems” were back online after disruptions impacted computers at the state’s largest hospital network for much of the week.
  • Baker County Middle School of Jacksonville, FL reported that a 12 year old student hacked into system.
  • Maine Administrative School District #6 in Bonny Eagle, Maine reported ransomware attack which exposed info on an unknown number of students.
  • Heritage Valley Health Systems of Pittsburgh, PA filed suit against Nuance Inc. after a malware attack on Nuance’s Dragon cloud system also impacted the hospital’s network.
  • IvyRehab notified an unknown number of patients that their PHI was exposed after hacking incident. The firm has locations in Indiana, Connecticut, Michigan, New Jersey, New York, North Carolina, South Carolina, Pennsylvania and Virgina.
  • Loudoun Medical Group dba Comprehensive Sleep Care Center of Leesburg, VA notified an unknown number of patients that their PHI was exposed after email phishing attack.
  • Nebraska Medical Center notified an unknown number of patients that their PHI was exposed after it was illegally accessed by employee.
  • CyrusOne, one of the biggest data center providers in the U.S., has suffered a ransomware attack, according to ZDNet.
  • Sycamore School District 427 of Dekalb, Illinois notified an unknown number of students that their info was exposed after ransomware attack.
  • Youth Development Inc. of Albuquerque, NM notified an unknown number of patients that their PHI may have been exposed after email phishing attack.
Share this post