phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

Security & lack thereof

HIPAA & Cybersecurity Update

  • Experian published results of HIPAA survey:
    • 73% of patients expect to be notified about a breach within 24 hours of the breach being discovered
    • 90% of respondents said they would be somewhat forgiving if they knew that the breached organization had a plan in place for communicating with patients in the event of a data breach
    • 34% of breach response plans do not include customer notification
    • 52% of companies have a data breach crisis or communications plan in place
    • 84% of businesses did not include forensic analysis in their breach response plans which can lead to delays in issuing notifications
    • 66% of respondents said slow breach notification and poor communication would likely see them stop doing business with the breached entity
    • 45% of respondents would not only seek an alternative service provider, they would also instruct their friends and family members to do the same.
  • Little Rock Plastic Surgery of Arkansas notified an unknown number of patients that their PHI was exposed after a former employee illegally accessed the info.
  • Marquette University of Milwaukee, WI notified an unknown number of students that their info may have been exposed after an employee was victim to an email phishing attack.
  • Souderton Area School District of Pennsylvania notified an unknown number of students that their info may have been exposed after a ransomware attack.
  • Wakulla County School District of Crawfordville, FL notified an unknown number of students that their info was exposed after a ransomware attack.
  • Irdeto Software survey shows that 82% of healthcare providers that have implemented Internet-of-Things (IoT) devices have experienced a cyberattack on at least one of those devices.
    • 39% are afraid of vulnerability causing theft of PHI
  • Evan Koulikov and Eric Williams of New York were arrested for allegedly stealing the personal info of 50 police officers in New Jersey, and posting it online.
  • com, an online recruitment site, reports that it inadvertently exposed a web server storing resumes, so that it was available to the public without a password.
  • Becton Dickinson announced it found a security vulnerability in its Pyxis drug dispensing cabinets, and released a patch.
  • Bayfront Health of St. Petersburg, FL received a HIPAA fine for $85,000 for violating the HIPAA patient right to access their info provision.
  • UNICEF notified an unknown number of people that their personal info was exposed after its website was hacked.
  • Andrew Harris of Philadelphia, PA pleaded guilty to attempting to hack into the IRS to gain copies of tax returns belong to President Trump.
  • The U.S. Treasury Department announced it has identified 3 groups of hackers in North Korea that have attacked businesses in the U.S. with ransomware, in order to assist in funding North Korea’s nuclear missile program.
  • SecureWorks Research announced it has identified a hacking group in Iran with attempting to steal information from U.S. universities.
  • Trend Micro published results of research that shows hackers are now trying to attack Internet-connected gas pumps, to grab credit card info.
  • Samantha Jo Rogers was sentenced to prison in Iowa for using her position as a licensed occupational therapist to steal PHI of 1900 patients which working at an Iowa hospital.
  • Alive Hospice of Nashville, TN notified an unknown number of patients that their PHI was exposed due to mailing error.
  • Andy Fran Services of Orange, CA notified an unknown number of customers that their info may have been exposed after laptop computer was stolen.
  • Community Psychiatric Clinic of Seattle, WA notified 15,537 patients that their PHI was exposed after email phishing attack.
  • Flagstaff Unified School District of Arizona notified an unknown number of students that their info was exposed after ransomware attack.
  • Meridian Community College of Meridian, MS notified an unknown number of students that their personal info was exposed during recent email phishing attack.
  • Metro Mobility of Minnesota notified 15,000 patients that their PHI was exposed after email phishing attack.
  • Oklahoma Law Enforcement Retirement System notified FBI that hackers stole $4.2 million from pension system.
  • Premier Family Medicine of Utah notified 320,000 patients that their PHI was exposed after ransomware attack.
  • City of Unalaska in Alaska announced it has recovered $2.3 million that was stolen from its account by hackers using email phishing attack.
  • The Boy Scouts of America announced that 2.3 million children may have had their info exposed during recent hacking incident at its vendor, Trails End of Wilmington, NC.
Share this post