Malware Attack Closes Alabama Hospitals

Not one but THREE hospitals in the DCH Health System in Alabama are unable to accept new patients today due to ransomware: DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport, and Fayette Medical Center.  Cybercriminals have demanded an undisclosed amount of money for the unlock code. “A criminal is limiting our ability to use our computer systems …

Business Associate Agreements & HIPAA

The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the protected health information it receives …

Access Control/Governance Improves HIPAA Security

With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place.  According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best place to begin with readiness …

Misconfigured Server Exposes Nearly 1 Million Patient Records

Over 974,000 people are being notified by The University of Washington Medicine. For a three-week period in December, their information was exposed on the internet. A misconfigured server on the UW Medicine database was the cause of the breach. A patient discovered the leaked information while doing a Google search on themselves and contacted the hospital. Exposed data included highly …

Cost of Inaccurate Medical Records? $1 Billion.

When you go to the hospital, you have faith that you can rely on your medical records, right? That wasn’t the case for Stjepan Tot. Tot died of cancer and, as a lawsuit filed by his estate, wasn’t able to determine when his symptoms first appeared because “his medical records failed to accurately display his medical history on progress notes.” …

The Most Disturbing Trend in Healthcare?

In 2013, individuals at Presence Health lost operating room schedules that had the private medical information of patients on them. They discovered the problem and reported the incident to the Department of Health and Human Services’ Office of Civil Rights (OCR) like you are required to do, but they made a huge mistake because they delivered their report 40 days …

Would You Let a Stranger Watch Your Children?

If you’re a parent, then you know how important choosing a babysitter is. Even though we usually just trust a neighbor and relative to do it, we are handing over the safety of our children to another person, and what’s more important than that? Money certainly isn’t, but protecting the company that employs you and provides the money that feeds …

Cary, NC Company Fined for Vermont Health Data Breach

Vermont attorney general TJ Donovan has announced he will fine the Cary, North Carolina-based company SAManage USA Inc. $264,000 as part of a settlement agreement with the data management company stemming from a breach involving the state’s Healthcare Insurance Exchange. The Social Security numbers of 660 users of Health Connect, Vermont’s healthcare exchange, were exposed in a 2016 data breach. The …

New HIPAA Czar Says Small Providers Will Not Get Off Easy

The OCR has a new enforcement czar, Roger Severino, and he’s out for blood. The chief of the agency that enforces HIPAA told the audience of the 10th annual “Safeguarding Health Information” HIPAA conference that his top priority will be to find a “big, juicy, egregious” breach case to use as an example from which others can learn. But, he …

Social Media’s Growing Threat to Healthcare

It seems like we can’t go a day without hearing about something on social media. Whether it’s a viral video or President Trump venting, we are more and more reliant on social media for news and entertainment every passing day. We connect with family and friends, we have discussions, we post pictures, and Facebook pages are turning into pseudo online …

Experience a Hospital Cyberattack

Stolen credit card data can go for up to 15¢. Stolen medical records can net anywhere from $30 to $500, and that’s why you’re going to see more and more cyberattacks on medical facilities. Eerie County Medical Center was recently hit with ransomware. Instead of paying the requested $44,000, they unplugged for six weeks. CBS did an in-depth story on …

Ransomware Data Breach at Cleveland Medical Associates

Cleveland Medical Associates was hit with ransomware back in April and has ordered identity protection service for the roughly 22,000 patients whose identities were at risk. “Wait a second,” you might be saying. “They need to order identity protection service because of ransomware?” Possibly. Regulators are starting to classify ransomware as a data breach, particularly in the healthcare industry where …

Mistakes Will Happen, But They Don’t Have to Be Disasters

Jason Pierre-Paul had it good. He was drafted by the New York Giants in the first round of the NFL draft and agreed to a 5 year $20.5 million deal. He lived up to his expectations and was a key player for the Giants until 2015. Pierre –Paul plays defensive end, which means he uses his hand to balance himself …

But Wait, There’s More!

Just yesterday we reported on the $155 million fine eClinicalWorks was given for skirting certification criteria. If you look at the fine print though, there’s more to their punishment than money, and it could be even worse. The first stipulation is that eCW has to have an independent review organization. Their job will be to make sure eClinicalWorks is building …

Frightening Medical Device Testing Numbers

Despite an overall lack of confidence in the security of medical devices, less than 10 percent of manufacturers and only five percent of users actually test the security of their devices each year.  And even though both the providers and the manufacturers voice concern over this issue, it does not appear that an increase in security spending will be seen… …

Completely Unsecured Patient Records

We trust that healthcare companies take every precaution to make sure patient files are as secure as they can be. In fact, not doing so can lead to big fines and other trouble. It’s surprising, then, that a Fortune 500 healthcare company would leave their patient records almost completely unprotected. Security reporter Michael Krebs reported on his blog that he …

Are Healthcare Providers Putting All Their Eggs In One Basket?

Want to know why databases are dangerous? It’s as simple as putting all your eggs in one basket. If something happens to that basket, you’re out of eggs. But when it comes to databases, those eggs are people’s information. Email addresses, phone numbers, and full names are stored in a database and also happen to be quick profits for hackers …

Big Penalties for Little HIPAA Slips

Don’t let even a little HIPAA slip go unnoticed.  Presence Health of Chicago was recently fined nearly half a million dollars for failing to alert patients about some missing information. The incident goes back to a paper operating room schedule that went missing in 2013.  The schedule had the names, birthdates and other health information of over 800 patients.  After …