Tagged With "PHI"
Topic
Cybersecurity Update
Torrey Pines High School of California announced that its network was hacked. o was hacked to alter student grades and transcripts - United Healthcare notified unknown number of patients in South Carolina that their PHI may have been exposed in a data breach that happened last year - Hackers are hijacking smart door/building access control systems, which they are using to launch DDoS attacks, according to firewall company SonicWall. - Beaumont Health of Michigan notified 1,200 patients that...
Topic
Cybersecurity Update
Cybersecurity Update - IBM report on security states: o Average total cost of a data breach is now $3.92 million Average cost of lost revenue is $1.42 million Healthcare industry average total cost is $6.45 million or $429 per record o Average size of breach involves 25,575 records o Average cost per record of $150 o Average time to discover breach is 279 days o 49% of breaches caused by internal employees Includes accidental and malicious incidents (Konica Minolta offers the bizhub...
Topic
Cybersecurity Update
Cybersecurity Update - Aurora Medical Center Bay Area of Marinette, WI notified an unknown number of patients that their PHI was exposed after an email phishing attack. - Beaumont Health of Detroit, MI notified 112,000 patients that their PHI was exposed after an email phishing attack. - Brandywine Counseling of Wilmington, DE, notified an unknown number of patients that their PHI was exposed after ransomware attack. - The Horst Gortz Institute reports it found security vulnerability in...
Topic
DocuWare Meets U.S. HIPAA Standards
For Immediate Release DocuWare Meets U.S. HIPAA Standards Leading ECM Provider Ensures Privacy, Security of Health Information New Windsor NY, December 1, 2016 – As a global software company, DocuWare regularly confirms that it adheres to national data laws in many countries where its products are sold. Since DocuWare is a large ECM provider in the U.S., it recently went through the process of having its current controls verified and audited to ensure compliance with HIPAA regulations. What...
Topic
Auxilio, Inc. Announces Managed "NO PRINT" Services Poised to Be News at AHRMM16
Auxilio, Inc. Announces Managed "NO PRINT" Services Poised to Be News at AHRMM16 Questioning the Healthcare Industry - Why and What Users Print MISSION VIEJO, CA--(Marketwired - Jul 28, 2016) - Auxilio, Inc. ( OTCQB : AUXO ), a leading provider of Managed Print Services (MPS) and IT Security for the healthcare industry, today announces the roll out of its new MPS methodology to include a NO PRINT strategy at AHRMM16 Conference, to held on August 1-2, 2016 at the San Diego Convention Center.
Topic
ClearDATA Launches Next-Gen Security, Privacy and Compliance Platform to Protect Healthcare ...
AUSTIN, Texas--( BUSINESS WIRE )-- ClearDATA ®, the leader in healthcare public cloud security, compliance and privacy, today announced its next-generation multi-cloud offering, the ClearDATA Healthcare Security and Compliance Platform™, comprised of software, managed services and professional services. The new platform empowers healthcare organizations to scale their operations in the public cloud by providing direct access to the latest cloud-based apps, services and APIs while protecting...
Topic
Cybersecurity Update
- Tessian Security published research report showing that there is a 47% increase in breach incidents over the last 2 years caused by insiders (existing employees) o Includes both accidental data loss as well as deliberate data exfiltration by negligent or disgruntled employees o Amtrak, headquartered in Washington D.C., informed an unknown number of customers that their info was exposed after hacking incident. - Advanced Intelligence LLC is reporting that operators of NetWalker ransomware...
Topic
Cybersecurity News
Cybersecurity Update - Check Point Security published report warning that hackers are spoofing Medical Leave forms in email phishing campaigns that have embedded malware. - VT San Antonia Aerospace of Texas notified the federal government that 1.5 terabytes of sensitive data was stolen as result of a Maze ransomware attack. - Kaspersky Software published report warning that a hacking group named “Cycidek” is sending out phishing emails that are embedded with USBCulprit malware which copies...
Topic
Cybersecurity Update
- UPMC (University of Pittsburgh Medical Center) notified 65,000 patients that their PHI was stolen and placed on Dark Web to be monetized. - Privacy Affairs magazine published results of research of what hackers are selling stolen info on the Dark Web. Examples: o Credit card info = $12 to $20 each o Driver’s license = $70 to $550 each o Auto insurance card = $70 each o Facebook account = $74 each o Instagram account = $55 each o Tick Tok account = $15 each - KIPP SoCal, charter schools in...
Topic
Cybersecurity Update
- Hanger Prosthetics & Orthotics, Inc. of Kirksville, Missouri notified 6,033 patients that their PHI was exposed after two boxes of paper medical records were found in a storage facility. - Domestic violence app supported by Dr. Phil suffers data breach o Aspire News, an app designed to assist domestic violence victims, has suffered a data breach with recordings from victims found on unsecured cloud storage. o included more than 4,000 voice recordings along with victim details, home...
Topic
Cybersecurity Update
Cybersecurity Update - Legacy Community Health Services, headquartered in Houston, TX, is notifying 19,000 patients that their PHI was exposed after email phishing attack. - UnityPoint Health, headquartered in West Des Moines, Iowa, announced it agreed to pay $2.8 million to settle a class action lawsuit regarding a recent breach that exposed PHI of 1.4 million patients. - Bleeping Computer magazine is reporting that a hacker group has posted the databases from 14 different companies and...
Topic
Cybersecurity Update
Cybersecurity Update Bill Gates, Barack Obama, Jeff Bezos, Joe Biden, Kanye West, Elon Musk and many other high profile people had their Twitter accounts hacked. o All their followers received a tweet trying to convince users to send in $1000 in bitcoin - The US National Security Agency is warning hospitals, universities and pharmaceutical companies that Russian hackers are attempting to steal COVID-19 research using email phishing and malware attacks. - Wells Fargo ordered all of its...
Topic
Cybersecurity Update
Cybersecurity Update - Fortified Health Security reports that malicious attackers caused 60% of healthcare data breaches so far this year. - Children’s Hospital of Colorado, located in Aurora, notified 2,553 patients that their PHI was exposed after an email phishing attack. - Interpol reports that from January to April, it detected the following tied to COVID-19 topics: o 907,000 spam messages o 737 malware incidents o 48,000 malicious URLs - Becker’s Health IT magazine reports that...
Topic
Cybersecurity News
Cybersecurity Updates The Foundation Surgical Hospital of San Antonio, TX notified an unknown number of patients that their PHI was exposed after it was inadvertently made accessible on a public website. - The federal government is warning healthcare organizations of a new fraud attempt where facilities are receiving bogus postcards with info about a mandatory HIPAA compliance risk assessment o Postcards direct people to a fake website in attempt to steal info - Premier Health of Ohio...
Topic
Cybersecurity Updates
Cybersecurity Updates Fortinet Security published report on healthcare cybersecurity: o 87% of healthcare providers use IoT devices o 79% are making cloud adoption a strategic priority o 59% of breaches are carried out by internal threats o 60% increase in cyber attacks in past year o 41% of breaches are caused by email o 51% fail to comply with HIPAA Right to Access 83% recognize that HIPAA compliance is not enough to address cyber threats 72% on average comply with HIPAA Security Rule...
Topic
Cyber Security News
Cybersecurity NEWS - Adobe Corp. notified customers that it has fixed 5 critical flaws that would allow hackers to run JavaScript in browers o Would allow hackers to steal info, and move laterally through network - Microsoft notified users that specially crafted Windows 10 themes and theme packs could be used in “Pass-the-Hash” hacking incidents o Could steal Windows account credentials from unsuspecting users - IBM is warning users of new Raccoon malware, which can attack TLS 1.0, 1.1 and...
Topic
Cybersecurity Update
HIPAA & Cybersecurity Updates - The federal Office for Civil Rights (under Department of Health & Human Services) announced following settlements based on HIPAA violation investigations: o $15,000 = All Inclusive Medical Services of California o $70,000 = Northeast Behavioral Health, part of Beth Israel Lahey Health of Massachusetts o $3500 = Dr. Patricia King Psychiatric Clinic of Chesapeake, VA o $10,000 = Wise Psychiatry of Centennial, CA o $38,000 = Housing Works Health of New...
Topic
Cybersecurity Update
Department of Health & Human Services’ Office for Civil Rights (OCR) stated that so far in 2020, the PHI (protected health information) of 13.7 million patients hasbeen affected by data breaches. Causes: 66% = hacking 21% = unauthorized access/disclosure 7% = theft3% = improper disposal 3% = loss Premera Blue Cross, headquartered in Mountlake Terrace, Washington, paid the largest HIPAA fine in history, when it agreed to pay the feds $6.85 million in regards to breach that exposed PHI of...
Topic
Cybersecurity Update
US District Attorney announced that Richard Liriano was sentenced to 30 months in prison and a $351,850.25 fine for illegally accessing the PHI of patients while he worked for the Hospital For Special Surgery in New York. The City of Odessa, Texas notified an unknown number of citizens that their info may have been exposed in recent breach. People of Praise, located in South Bend, IN, notified an unknown number of members that their info was exposed after hacking incident. The University...
Topic
Cybersecurity Update
Cybersecurity Update HIPAA & Cybersecurity Updates - Ballad Health of Johnson City, TN, reported that an employee, without patient’s permission, posted photo of a surgery, where surgeon was wearing a racing helmet. - The City of Atlanta, GA admitted that after it was hit by ransomware, the first month of recovery cost almost $3 million. The ransom demand from hackers, which was not paid, was $50,000. - Clearwater River Casino & Lodge in Lewiston, Idaho notified an unknown number of...
Topic
Cybersecurity Update
Cybersecurity Update WeWork revealed that an employee discovered that if users entered “9999” on the network, they could print out other people’s jobs, while www.thinkarcoa.com using free office WiFi account. This has since been corrected. The FBI is reporting that a Eastern European hacking group named “UNC1878” aks Wizard Spider, is using Ryuk ransomware to target hospitals in the U.S.NBC *News is reporting that 20 hospitals have been struck so far. Wakefern Food Corp., headquartered in...
Topic
Cybersecurity Updates
Cybersecurity Updates Cyber consulting firms are getting dragged into post-breach lawsuits, according to article published by Bloomberg Law. o Accenture Plc’s unit was compelled to provide info during recent suit filed against Marriott International o Was forced to turn over cybersecurity firm Mandiant’s report on a cloud hack in another case. o Class action lawyers claim it could provide “a vivid trail for liability” The feds report that in the month of October, 2020, over 2.1 million...
Topic
Cybersecurity Updates
Cybersecurity Updates CyberSecurity HIPAA & Cybersecurity Updates - Top three actions over next 2 years for Healthcare CIOs regarding security survey: 50% = identify opportunities for performance improvements and cost savings 42% = providing training for staff 39% = developing and hiring the correct skill sets The North Dakota Department of Health and Cavalier County Health notified 35,316 patients that their PHI was exposed after email phishing attack Tri-State Specialists of Iowa,...
Topic
Cybersecurity Updates
HIPAA & Cybersecurity Updates First Impressions Orthodontics/Professional Dental Alliance of Connecticut, notified 23,000 patients that their PHI was exposed after ransomware attack. The Connecticut Department of Social Services notified 37,000 patients that their PHI was exposed after an email phishing attack. The federal government is proposing a new law named “The Internet of Things Cybersecurity Improvement Act”, to increase awareness and standards regarding security of these devices...
Topic
Cybersecurity Update
Cybersecurity Updates University of Vermont (UVM) Health claims that the total cost of recent ransomware attack will exceed $63 million. Cedar Springs Hospital of Colorado Springs, Colorado, notified an unknown number of patients that their PHI was exposed after an external drive was stolen. Dental Care Alliance, headquartered in Sarasota, Florida, notified over 1 million patients that their PHI was exposed after a ransomware attack. Dyras Dental Clinic of Lansing, Michigan notified an...
Topic
Cybersecurity Update
The federal Cybersecurity and Infrastructure Security Agency (CISA) reported a large scale hacking incident involving government agencies and organizations that use SolarWinds supply chain software. “grave risk” to federal, state and local government networks Symantec has identified infections on over 2,000 computers at more than 100 of its customers Attackers delivered malware to possibly thousands of organizations in the U.S. The FBI is reporting that the Wizard Spider hacking group of...
Topic
Cybersecurity Update
Proliance Surgeons of Seattle, WA notified an unknown number of patients that their PHI may have been exposed after a cybersecurity incident. Elite Primary Care, aka Dr. Peter Wrobel Clinic, of Waycross, Georgia, was ordered to pay $36,000 to settle HIPAA violation regarding failure to respond to patient’s request for their PHI. University of Vermont Medical Center gave more details on October ransomware attack: Did not pay ransom Attack deposited malware on all servers, 5,000 computers and...
Topic
Cybersecurity Updates
The FBI is reporting that pranksters are hacking into smart devices in the home, accessing the audio and video feeds from the devise (i.e. Alexa, smart TVs, etc.) and then contacting local law enforcement to report a fake crime Hacker than watches the live footage of police response This is called “swatting” Ticketmaster Corp. of New York agreed to pay $10 million to resolve charges stemming from insider-caused breach. Former employee Zeehsan Zaidi pled guilty to the incident T-Mobile Corp.,...
Topic
Cybersecurity Update
ZDNet magazine now reports that 50% of hacking attacks on healthcare industry involve ransomware. The federal government announced that the year 2020 set a record for number of breaches in the U.S. healthcare industry. Socialarks, a social media management company, exposed 400 gigabytes of personal info from 214 million users due to an unsecure online database. President Donald Trump officially signed HR 7898 into law on January 5, 2021The HIPAA Safe Harbor bill amends the HITECH act to...
Topic
Cybersecurity Updates
Cybersecurity Updates Froedtert Health of Milwaukee, Wisconsin, notified 760 patients that their PHI was exposed after being illegally accessed by a former employee. Hendrick Health of Abilene, TX notified 640,436 patients that their PHI was exposed after ransomware attack. Salem Clinic of Oregon notified 20,000 patients that their PHI was exposed after ransomware attack hit Metro Presort, which processes the clinic’s mail. The Center for Alternative Sentencing and Employment Services...
Topic
Cybersecurity Updates
Wall Street Journal published report called “Hospital Suffer New Wave of Hacking Attempts” Great Plains Health of Nebraska’s Christopher Stroud admitted that up to 70,000 attempts per day from hackers trying to get into the hospital’s network Hackers give interview with Cisco researcher: Identified as “Aleks”, and lives in Siberia, Russia In his early 30s Has university level education Uses Mimikatz and PowerShell as tools Is part of the Lockbit ransomware gang Healthcare is his favorite...
Topic
Cybersecurity Updates
Cybersecurity Updates With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices as reported by Malwarebytes Lavabird Ltd.'s QR code barcode scanner was an Android app that had been available on Google's official app repository for years accounting for over 10 million installs ESET Cybersecurity is reporting that there is a 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020 detected 29...
Topic
Cybersecurity Notes
Cybersecurity The federal government, via Department of Health & Human Services’ Office For Civil Rights, is reminding all healthcare facilities that they have until 3/1/2021 to report any breaches that exposed PHI of fewer than 500 patients. Crowdstrike published report warning the healthcare industry of increased cyberattacks from state sponsored hacking gangs located in: North Korea Vietnam Iran Russia China ZDNet is warning of a sharp rise in hacking attacks aimed at colleges and...
Topic
Cybersecurity Update
IBM published results of new research on the average total cost of a breach by vertical market: $7.13 million = healthcare $6.39 million = energy $5.85 million = finance $5.06 million = pharma $5.04 million = tech $3.9 million = education Average amount of days before breach is discovered: 329 days = healthcare 324 days = government 283 days = education Security Week magazine reports on ransomware: Ransomware gangs earned at least $350 million in 2020 311% increase YoY $154,000.00 = average...
Topic
Cybersecurity Notes
FBI published results of research: Total losses from internet crime exceeded $4.2 billion in 2020 In 2019, losses were only $3.5 billion FBI published warning to school systems in the U.S., that they are being targeted by PYSA ransomware, aka Mespinoza. Jean Francois Eap, CEO of Sky Global, was indicted for allegedly participating in a hacking and illegal narcotic distribution ring Sky Global is a provider of custom handsets and a subscription-based end-to- end encrypted messaging app Check...
Topic
Cybersecurity Update
Spectra Logic of Boulder, CO notified an unknown number of customers that their info may have been exposed after ransomware attack. - The University of Pittsburgh Medical Center (UPMC) and Charles Hilton & Associates Law Firm have been sued related to a breach that exposed the PHI of 36,000 patients. - Proofpoint published report on Insider Caused Breaches: o $3.86 million is average total cost of an insider caused data breach o 30% of breaches a involve internal threat actoss 62% =...
Topic
Cybersecurity Updates
Cybersecurity Updates Mandiant Security Software published results of 2020 breaches 25% increase in ransomware attacks 78% of ransomware attacks had dwell time of 30 days or less 1% had dwell time of 700 days or more 59% were detected internally Tenable Research published report More than 18,000 common vulnerabilities and exposures (CVEs) were reported in 2020, up 6% (this includes Ripple20 and others than impact some brands of printers and MFPs) 46% of breaches in healthcare were from...
Topic
Cybersecurity Update
HIPAA & Cybersecurity Updates - In an internal memo, the US Department of Justice outlined the creation of a new initiative to "pursue and disrupt" ransomware operations. include the takedown of command-and-control (C2) servers used to manage ransomware campaigns legal seizure of "ill-gotten gains" generated by such schemes. The American College of Emergency Physicians, headquartered in Irving, TX notified an unknown number of patients that their PHI may have been exposed after...
Topic
Cybersecurity Notes
The average ransom payment to ransomware operators is now $220,298, up 43% YoY, according to Coveware Security Reverb Inc. headquartered in Chicago, IL, notified an unknown number of users for its musical instrument marketplace website that their info may have been exposed during recent data breach. Sapphire Community Health of Hamilton, MT notified 4,000 patients that their PHI was stolen during recent ransomware attack. Centennial School District of Portland, Oregon notified 6,100 students...
Topic
Cybersecurity Notes
Colonial Pipeline Company, headquartered in Alpharetta, Georgia, was hit by ransomware and forced to shut down its fuel pipeline operation that spans 5,500 miles from Houston, TX to Linden, NJ. This may cause a further spike in gasoline cost. Judge Eldon E. Fallon sentenced Edward Tolliver of New Orleans, LA to 124 months in federal prison for making and selling fake credit cards using stolen identities he acquired from Dark Web sites. SmileDirectClub, headquartered in Nashville, TN,...
Topic
Cybersecurity News
Colonial Pipeline, headquartered in Alpharetta, Georgia suffered possible the most publicized ransomware attack in history: Pipeline was shutdown, causing gas prices to soar and gas stations to run out of gas in AL, AR, DC, DE, FL, GA, KY, LA, MD, MS, NJ, NY, NC, PA, SC, TN, TX and VA Company admitted it paid the hackers $5 million to get password to de-encrypt the network The DarkSide hacking group in Russia was responsible Brownsville Community Health Center of Brownsville, TX notified an...
Topic
Cybersecurity Updates
Cybersecurity Updates The federal Office for Civil Rights reports that it is aware of 34.4 million patient records that have been breaches in the past 12 months. The FBI announced that it has received more than 1 million cybercrime complaints over the past 14 months. Ascension Standish Hospital of Michigan notified an unknown number of patients that their PHI was exposed during a recent breach. Ascension St. Joseph Hospital of Tawas City, Michigan notified an unknown number of patients that...
Topic
Cybersecurity Updates
Cybersecurity Updates Bose Corp. of Framingham, Massachusetts, notified an unknown number of customers that their info was exposed after ransomware attack. $1.37 billion of transactions for stolen information were made in 2020 using the Russian dark web Hydra marketplace, according to Flashpoint Security. Trinity Health System of Logan, West Virginia notified “thousands” of patients that their PHI was exposed after security breach. Clover Park School District of Washington notified an...
Topic
Cybersecurity Updates
Cybersecurity Updates CVS Health, headquartered in Woonsocket, Rhode Island, may have inadvertently exposed over a billion PHI, impacting an unknown number of patients. Apparently left a online database on Internet without password protection exposing 204GB of medical data OSF HealthCare, headquartered in Peoria, Illinois, notified an unknown number of patients that their PHI apparently has been posted on Dark Web after being hit by the Xing ransomware hacking group. Coastal Family Health...
Topic
Cybersecurity Updates
Cybersecurity Updates Kaseya Software, headquartered in Ireland, with US headquarters in Miami, Florida, notified 1,500 companies that use its software, and it was attacked by ransomware o a result of an attack on its remote device management software o the REvil hacking group in Russia is asking for $70 million in ransom in exchange for a universal decryption tool Practicefirst Medical Management Solutions notified 1.2 million patients that their PHI was exposed after ransomware attack...
Topic
Cybersecurity Notes
Deep Dive published results of healthcare survey: 75% of hospitals, doctors and health systems are unprepared for cyberattacks that could compromise PHI of 500 patients or more 96% = believe hackers are trouncing security measures in place $134 billion will be spent on cybersecurity solutions in the U.S. healthcare industry over next 5 years $18 billion to be spent in 2021 82% do not believe that money is being spent effectively Funds destined for cybersecurity are routinely spent after the...
Topic
Cybersecurity Updates
Cybersecurity Updates Jefferson Health of Philadelphia, PA notified an unknown number of patients that their PHI was exposed after ransomware attack. Hawaii Independent Physicians Association of Honolulu notified 18,770 patients that their PHI was exposed after email phishing attack. Multiplan Insurance of New York City, NY notified 214,956 patients that their PHI was exposed after email phishing attack. PeopleGIS, headquartered in Woburn, Massachusetts, notified 100 US cities, who are...
Topic
Cybersecurity Notes
IBM reports on average cost of a data breach by Vertical Market: $9.23 million = Healthcare $5.72 million = Finance $5.04 million = Pharma $4.88 million = Tech $3.79 million = Education $4.24 million = Manufacturing Average cost for a malicious insider caused breach = $4.61 million Average time to identify and contain a data breach = 287 days Coveware reports on ransomware: Average ransom payment is now $137,000 REvil is most common ransomware Number of attacks that included a threat to leak...
Topic
Cybersecurity Notes
Microsoft is warning of a new hacking technique where email phishing attacks have Morse code dashes and dots embedded in MS Excel files, to bypass email filter systems and launch attack. Intsights Cybersecurity published a report: 37% of those surveyed who are victims of ransomware are located in the U.S. $9640 is average price to buy a stolen network access from the Dark Web Most common features offered for sale by hackers are RDP and VPN credentials Hacker named “hardknocklife” is selling...
Topic
Cybersecurity Notes
Total Testing Solutions, a COVID-19 testing organization headquartered in Los Angeles, CA, notified 60,000 patients that their PHI was exposed after it was inadvertently made available on a publicly assessable website. Willdan Group Inc., headquartered in Anaheim, CA, notified an unknown number of customers that their info was exposed after a ransomware attack. Rockwood School District of Eureka, Missouri, notified an unknown number of students that their info was exposed after a ransomware...