Healthcare Data Privacy

The HIPAA minimum necessary rule standard applies to uses and disclosures of PHI that are permitted under the HIPAA Privacy...

DNA Diagnostics Center (DDC), one of the largest private DNA testing laboratories in the United States, has been fined a...

Covered entities under HIPAA are individuals or entities that transmit protected health information electronically for transactions that the Department of...

HIPAA certification is defined as either a point in time accreditation demonstrating an organization has passed a HIPAA compliance audit,...

In a healthcare environment, you are likely to hear health information referred to as protected health information or PHI, but...

Two Democratic U.S. Senators – Michael Bennett (D-CO) and Mazie Hirono (D-HI) – have introduced a bill that seeks to...

A bipartisan group of senators has written to three telehealth companies demanding answers about the use of third-party tracking technologies...

A HIPAA violation can be grounds for termination depending on the nature of the violation, the consequences of the violation,...

The acronym HIPAA stands for Health Insurance Portability and Accountability Act of 1996 and that led to the development of...

A lawsuit has been filed against Cedars-Sinai Medical Center alleging impermissible disclosures of patient data to Google, Meta, and other...

One of the key goals of compliance officers is to prevent HIPAA compliance violations whenever possible. To achieve this goal,...

The most common HIPAA violations that have resulted in financial penalties are: Snooping on Healthcare Records Failure to Perform an...

The Federal Trade Commission’s Health Breach Notification Rule requires vendors of personal health records and related entities to issue notifications...

Healthcare organizations and their business associates that want to share protected health information in a HIPAA-compliant way must do so...

A limited data set under HIPAA is a set of identifiable healthcare information that the HIPAA Privacy Rule permits covered...

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state...

HIPAA is important because, due to the passage of the Health Insurance Portability and Accountability Act, the Department of Health...

What happens if a nurse violates HIPAA depends on the nature of the violation, the consequences of the violation, the...

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it...

Earlier this month, a lawsuit was filed against The Christ Hospital in Cincinnati, OH, alleging third-party tracking code had been...

For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the...

What is individually identifiable health information and what must HIPAA-covered entities do to the information before it can be shared...

Just a few weeks after LastPass confirmed hackers had stolen a copy of users’ encrypted password vaults comes the news...

The topic of AI in healthcare often gets mixed reactions. While some people are firm believers in the benefits of...

The number of reported healthcare data breaches declined for the second successive month, with 40 data breaches of 500 or...

The Office of Inspector General of the U.S. Department of the Interior (DOI OIG) has identified bad password management and...

The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information...

HIPAA applies to employers in certain circumstances. It is important for employers to understand what these circumstances are – not...

One of the questions we are sometimes asked is how to report a HIPAA violation anonymously. This is because, in...

Can a patient sue for a HIPAA violation? There is no private cause of action in HIPAA, so it is...

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August 1996 and led to the development...

Plaintiffs in a consolidated class action lawsuit against Meta recently sought an injunction to stop the company from collecting and...

HIPAA-covered entities must ensure protected health information (PHI) transmitted by email is secured to prevent unauthorized individuals from intercepting messages,...

November was a relatively quiet month for healthcare data breaches with 31% fewer breaches reported than the previous month. November’s...

The Health Insurance Portability and Accountability Act of 1996 is one of the most important pieces of legislation to affect...

Passwords can provide a good level of security, but all too often users choose weak passwords that present no challenge...

The private information of visitors to telehealth websites is being shared with big tech companies without user consent due to...

Developers of mobile health apps may be required to comply with certain federal laws such as the FTC Act, FTC...

The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites,...

The Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued...

An alarming number of websites used to deliver opioid addiction treatment and recovery services contain data sharing and privacy risks,...

A group of 10 state Attorney Generals recently wrote to Apple CEO, Tim Cook, urging the company to implement stronger...

October was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more...

Can a nurse be fired for a HIPAA violation? Certainly. Violate HIPAA Rules and having your employment contract terminated may...

Many healthcare organizations are unsure whether Hotmail is HIPAA compliant and whether sending protected health information via a Hotmail account...

Healthcare providers need to be prepared to deal with a HIPAA privacy complaint from a patient. In order for an...

All employees must receive training on HIPAA Rules, but when should you promote HIPAA awareness? How often should HIPAA retraining...

Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...

Two class action lawsuits have been filed on behalf of patients whose protected health information (PHI) was impermissibly disclosed to...

Is G Suite HIPAA compliant? Can G Suite be used by HIPAA-covered entities without violating HIPAA Rules? Google has developed...

The Health Insurance Portability and Accountability Act (HIPAA) requires HIPAA-covered entities and their business associates to implement safeguards to ensure...

Is AWS HIPAA compliant? Amazon Web Services has all the protections to satisfy the HIPAA Security Rule and Amazon will...

Passwords are an inexpensive and convenient form of authentication. While passwords can provide a high degree of protection, in practice...

The College of Healthcare Information Management Executives (CHIME) has recently provided feedback to the Federal Trade Commission (FTC) on its...

Meta is facing further scrutiny of its privacy practices related to its Meta Pixel JavaScript code, which has been added...

WakeMed Health and Hospitals, a health system with multiple healthcare facilities in metropolitan Raleigh, NC, has recently notified around 495,000...

63 data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights in September, bringing...

Another health system has announced that patient data has been impermissibly passed to Meta (Facebook) as a result of the...

Healthcare providers, health plans, healthcare clearinghouses, and business associates of those organizations must comply with the Health Insurance Portability and...

On October 3, 2022, CommonSpirit Health experienced a data security incident that forced it to take systems offline, including its...

When WhatsApp announced it was introducing end-to-end encryption, it opened up the prospect of healthcare organizations using the platform as...

California has taken further steps to improve protections for individuals seeking abortion care and birth control. A package of bills...

HIPAA stands for the Health Insurance Portability and Accountability Act – an Act passed by Congress in 1996 with the...

Many covered entities want to take advantage of cloud storage services, but can Microsoft OneDrive be used? Is OneDrive HIPAA...

The Government Accountability Office (GAO) recently conducted a review of Medicare telehealth services provided during the COVID-19 pandemic, when a...

For the third successive month, the number of healthcare data breaches reported to the Department of Health and Human Services’...

A group of 30 senators is urging the Department of Health and Human Services to update the Health Insurance Portability...

Emerging technologies have the potential to revolutionize the healthcare industry. While there are many potential benefits, these technologies can introduce...

Democrats from the Committee on Energy and Commerce wrote to the Meta CEO, Mark Zuckerberg, on August 31, 2022, to...

The Californian legislature has passed a bill (AB-1242) that prohibits companies in the state from complying with warrants from other...

Sensitive information is being shared with data brokers and advertisers for the purpose of serving targeted advertisements, and not just...

In July 2022, 66 healthcare data breaches of 500 or more records were reported to the Department of Health and...

Healthcare data breaches are being reported in record numbers with tens of millions of patients having their healthcare data exposed...

A lawsuit has been filed against the Federal Trade Commission by an Idaho-based digital marketing and analytics company, which is...

Novant Health has recently notified 1,362,296 patients about a breach of their protected health information due to the incorrect configuration of...

The Health Insurance Portability and Accountability Act was a landmark piece of legislation that was originally intended to simplify the...

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare...

One of the obstacles to the adoption of enterprise password managers is ensuring personal password privacy in shared-vault environments. This...

Many business password managers offer the capability to apply enterprise password policies. This capability allows administrators to stipulate the minimum...

Meta is facing another class action lawsuit over the unlawful collection and sharing of health data without content. The lawsuit...

June 2022 saw 70 HIPAA compliance data breaches of 500 or more records reported to the Department of Health and...

The Department of Health and Human Services’ Office for Civil Rights enforces the HIPAA Rules, which restrict uses and disclosures...

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced that Oklahoma State University –...

On Friday, the House Committee on Oversight and Reform announced that a probe has been initiated to determine how data...

President Biden has signed an executive order that aims to protect access to reproductive healthcare services following the SCOTUS ruling...

The HHS’ Office for Civil Rights has recently issued guidance to healthcare organizations following the overturning of Roe v. Wade...

Google has announced that it will be taking steps to improve privacy protections for users of its services. Google has...

Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) have written to two leading mental health app providers...

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to...

Google Voice is a popular telephony service, but is Google Voice HIPAA compliant or can it be used in a...

Earlier this month, a draft bipartisan bill was introduced that seeks federal data privacy and protection regulations, which would replace...

A lawsuit has been filed against Meta that alleges the social media giant has been knowingly collecting patient data from...

May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500...

A new bill has been introduced by Sen. Elizabeth Warren (D-MA) that seeks to ban data brokers from selling the...

An analysis of hospitals’ websites has revealed one-third of the top 100 hospitals in the United States are sending patient...

A recent study by Source Defense examined the risks associated with the use of third- and fourth-party code on websites...

For the past 15 years, Verizon has been publishing annual Data Breach Investigation Reports (DBIR), with this year’s report confirming...

HIPAA compliance for self-insured group health plans – or self-administered health group plans – is a complicated areas of HIPAA...

After four successive months of declining numbers of data breaches, there was a 30.2% increase in reported data breaches. In...

The tactics, techniques, and procedures (TTPs) used by ransomware and other cyber threat actors are constantly evolving to evade detection...

Connecticut has joined California, Colorado, Utah, and Virginia in passing a comprehensive new data privacy law that establishes responsibilities for...

The American College of Physicians (ACP), American Telemedicine Association (ATA), and the Organization for the Review of Care and Health...

On Thursday, the National Institute of Standards and Technology (NIST) published updated cybersecurity supply chain risk management (C-SCRM) guidance to...

HIPAA compliance for home health care workers can be difficult due to unique challenges healthcare workers encounter in the community...

An audit of the Department of Health and Human Services conducted for the HHS’ Office of Inspector General (OIG) to...

Healthcare data breaches are occurring in record numbers, but not all privacy and security threats come from outside the organization....

For the fourth successive month, the number of reported healthcare data breaches has fallen. In March 2022, 43 HIPAA compliance...

Immediate intervention following an instance of unauthorized access to protected health information (PHI) by a healthcare employee is 95% effective...

The law firm BakerHostetler has published its 8th Annual Data Security Incident Response (DSIR) Report, which provides insights based on...

An audit of Connecticut’s Health Insurance Exchange, Access Health CT, by the state auditor has revealed Access Health CT suffered...

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an important legislative Act that requires healthcare organizations that...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first financial penalties of 2022...

Healthcare workers access electronic Protected Health Information (ePHI) on a daily basis – most often via the use of password-protected...

For the third successive month, the number of data breaches reported to the HHS’ Office for Civil Rights (OCR) has...

Arkansas Attorney General Leslie Rutledge announced this week that legal action is being taken against Country Medical Services Inc., the...

Healthcare hacking incidents have been steadily rising for a number of years. There was a 45% increase in hacking/IT incidents...

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory...

The U.S. Department of Justice (DOJ) has announced a settlement has been reached with the Cape Canaveral, FL-based healthcare services...

Protenus has released its 2022 Breach Barometer Report which confirms 2021 was a particularly bad year for healthcare industry data...

7 vulnerabilities dubbed Access:7 have been identified in the web-based technologies PTC Axeda and Axeda Desktop Server, which are used...

The HHS’ Health Sector Cybersecurity Coordination Center has released a new report – Health Sector Cybersecurity: 2021 – Retrospective and 2022...

There have been calls for healthcare organizations to take steps to improve security due to a major rise in hacking...

The terms covered entity and business associate are used widely through HIPAA legislation, but what are the differences between a...

In a recent blog post, Director of the HHS’ Office for Civil Rights, Lisa J. Pino, urged HIPAA-regulated entities to...

Who Does HIPAA Apply To? Confusion sometimes exists over the question of who does HIPAA apply to because the requirement...

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST guidance on Securing Telehealth Remote Patient...

50 healthcare data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights (OCR) in...

Healthcare privacy laws in the United States are due an update to bring them into the modern age to ensure...

The Rhode Island Attorney General is investigating UnitedHealthcare and the Rhode Island Public Transit Authority (RIPTA) over a cyberattack and...

A new report from Kaspersky shows the massive increase in telehealth has placed healthcare data at risk. Vulnerabilities have been...

You can make your email HIPAA compliant by following three easy steps. First, if you are communicating ePHI to a...

A misconfiguration of an internal website portal used by a Florida county drug screening lab exposed sensitive information online for...

The first settlement of 2022 to resolve a healthcare data breach has been announced by New York Attorney General Letitia...

A recent study by the healthcare IoT security platform provider Cynerio has revealed 53% of connected medical devices and other...

The Department of Health and Human Services’ Office of the National Coordinator for Health IT has released the final version...

Some 56 HIPAA compliance data breaches of 500 or more healthcare records were reported to the HHS’ Office for Civil...

The Department of Health and Human Services’ Office for Civil Rights (OCR) settled 19 HIPAA compliance violation cases in 2020....

A recent survey has revealed password reuse is rife, even amongst IT leaders who should know better. 92% of IT...

The Healthcare Supply Chain Association (HSCA) has issued guidance for healthcare delivery organizations, medical device manufacturers, and service suppliers on...

The number of reported healthcare data breaches has increased for the third successive month, with November seeing 68 data breaches...

In 2019, it was alarming that healthcare data breaches were being reported at a rate of more than 1 a...

The New Jersey Division of Consumer Affairs has agreed to settle a data breach investigation that uncovered violations of the...

The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an...

The Department of Health and Human Services has launched a new website that offers advice and resources to help the...

An Ohio-based DNA testing company has recently disclosed a hacking incident that involved the sensitive data of 2,102,436 individuals. DNA...

October saw 59 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’...

A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity...

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief for the healthcare industry warning about the...

Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of...

B. Braun has released software updates to fix five vulnerabilities in its Infusomat Space and Perfusor Space Infusion Pumps. The...

The hacker who gained access to the databases of University of Pittsburgh Medical Center (UPMC) and stole the personally identifiable...

There was a 23.7% month-over-month increase in reported healthcare data breaches in September, which saw 47 data breaches of 500...

Approximately 27,500 individuals are being notified that some of their personal information was stolen in a cyberattack on the American...

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures...

According to the Verizon Data Breach Investigations Report, phishing accounted for around 80% of all reported phishing attacks in 2019...

Public and private sector organizations have a new tool to help them assess their level of vulnerability to insider threats....

October is National Cybersecurity Awareness Month. Throughout October, the importance of cybersecurity is highlighted and resources are made available to...

Lisa J. Pino has been named Director of the Department of Health and Human Services’ Office for Civil Rights (OCR)...

A recent study conducted on more than 1,000 Americans has revealed one in three Americans have attempted to guess someone...

There was a 44% month-over-month decrease in the number of reported healthcare data breaches in August 2021. 38 healthcare data...

Developers of health apps and wearable devices such as fitness trackers that collect health data have been warned by the...

The personal data of individuals who took a COVID-19 test at a Walgreens pharmacy has been exposed over the Internet...

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the...

High numbers of healthcare data breaches continued to be reported by HIPAA-covered entities and their business associates. In July, there...

The Health Insurance Portability and Accountability Act is now 25 years old. How effective has this healthcare law been and...

Ransomware attacks on hospitals can cause huge financial losses, as the Ryuk ransomware attack on Universal Health Services showed. UHS...

An overwhelming majority of employees are aware what constitutes a strong password, but 53% of employees do not always set...

The UK’s NCSC password recommendations have been updated and a new strategy is being promoted that meets password strength requirements...

Data breaches declined by 24% globally in the first 6 months of 2021, although breaches in the United States increased...

2020 was a particularly bad year for the healthcare industry with record numbers of data breaches reported. Ransomware was a...

For the third consecutive month, the number of reported healthcare data breaches of 500 or more records increased. June saw...

One of the easiest ways for hackers to gain access to accounts is to simply guess passwords. Hackers use lists...

Security researchers have discovered the random password generator of the Kaspersky Password Manager (KPM) was generating passwords that were susceptible...

A Kaseya KSA supply chain attack has affected dozens of its managed service provider (MSP) clients and saw REvil ransomware...

A recent survey conducted by researchers at Skynet Softtech has revealed most adults are guilty of poor password practices that...

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published a new resource that lists cybersecurity bad practices that are...

A database belonging to CVS Pharmacy that included approximately 1 billion search records has been exposed online. The database included...

May was the worst month of 2021 to date for healthcare data breaches. There were 63 breaches of 500 or...

In this post we explore some of the leading solutions to find the best password manager for the healthcare industry...

Because of the many different roles in the healthcare industry, there is no one-size-fits-all compliance training for medical staff. Furthermore,...

Following on from the DarkSide ransomware attack on Colonial Pipeline, several ransomware threat actors have ceased activity or have implemented...

April was another particularly bad month for healthcare data breaches with 62 reported breaches of 500 or – the same...

2020 was certainly not a typical year. The pandemic placed huge pressures on IT security teams and businesses were forced...

Several healthcare groups have expressed concern about the HIPAA Privacy Rule changes proposed by the Department of Health and Human...

In 2010, the Office of the National Coordinator for Health Information Technology (ONC) – a branch of Department for Health...

Network intrusion incidents have overtaken phishing as the leading cause of healthcare data security incidents, which has been the main...

There was a 38.8% increase in reported healthcare data breaches in March. 62 breaches of 500 or more records reported...

While data on the practice of password sharing in healthcare is limited, one survey suggests the practice of sharing EHR...

Security firm Proofpoint reports that the Advanced Persistent Threat (APT) group Charming Kitten was behind a spear phishing campaign in...

There was a 40.63% increase in reported data breaches of 500 or more healthcare records in February 2021. 45 data...

2021 was a challenging year for healthcare organizations. Not only was the industry on the frontline in the fight against...

A hacking collective has gained access to the systems of the Californian security camera startup Verkada Inc. and viewed live...

A coalition of 41 state Attorneys General has agreed to settle an investigation into Retrieval-Masters Creditors Bureau dba American Medical...

Changes to the HIPAA Rules are infrequent, so when updates are proposed they tend to include a slew of new...

On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Bonnie Watson Coleman (D-New Jersey) and Mikie Sherrill (D-New...

Most Americans have heard of HIPAA and know that the legislation applies to healthcare organizations, but many do not understand...

The Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity authorities Australia, New Zealand, Singapore, and the United Kingdom have issued...

January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from...

The personally identifiable health information of millions of individuals is being exposed through the Application Programming Interfaces (APIs) used by...

A woman who worked in a medical research lab at the Nationwide Children’s Hospital in Columbus, OH has been jailed...

On January 28, 2021, Democratic senators introduced the Public Health Emergency Privacy Act to protect the privacy of Americans and...

A lawsuit has been filed against Burr Ridge, IL-based Easy Healthcare Corp. over the alleged sharing of sensitive user data...

Two members of the Department of Veteran Affairs’ (VA) information technology staff are alleged to have made false representations about...

Philly Fighting COVID, a company tasked with distributing COVID-19 vaccinations to the city of Philadelphia, has had its contract with...

In May 2020, the cloud software company Blackbaud suffered a ransomware attack. As is common in human operated ransomware attacks,...

More large healthcare data breaches were reported in 2020 than in any other year since the HITECH Act called for...

2020 ended with healthcare data breaches being reported at a rate of 2 per day, which is twice the rate...

The Department of Health and Human Services’ Office for Civil Rights has announced the health insurer Excellus Health Plan has...

In December, the European Medicines Agency (EMA) suffered a cyberattack and hackers gained access to third party documents. Some of...

The penalties for HIPAA violations by employees can be severe, especially those involving the theft of protected health information. HIPAA violations by employees...

2020 was the worst ever year for healthcare industry HIPAA compliance data breaches. Some 616 data breaches of 500 or...

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released final guidance...

The Department of Health and Human Services’ Office for Civil Rights has published new guidance on the Health Insurance Portability...

The Department of Health and Human Services’ Office for Civil Rights has published its 2016-2017 HIPAA Audits Industry Report, highlighting...

Three serious vulnerabilities have been identified in Medtronic MyCareLink (MCL) Smart Patient Readers, which could potentially be exploited to gain...

The Department of Health and Human Services has issued a notice of proposed rulemaking detailing multiple HIPAA Privacy Rule changes...

President-elect Joe Biden has named California Attorney General Xavier Becerra as Secretary of the Department of Health and Human Services....

The American Medical Association has warned hospitals, health systems, and medical practices about the increase in cyber risks targeting the...

It can be hard to remember a time before the Health Insurance Portability and Accountability Act, known as HIPAA, was...

September has been a bad month for data breaches. 95 data breaches of 500 or more records were reported by...

Comparitech security researcher Bob Diachenko has discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications...

Franklin, TN-based Community Health Systems and its subsidiary CHSPCS LLC have settled a multi-state action with 28 state attorneys general...

37 healthcare HIPAA compliance data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights...

On September 14, 2020, the U.S. Department of Veteran Affairs announced it had suffered a data breach that had impacted...

A recent study published in JAMA found almost all websites offering information on COVID-19 have third-party tracking code that poses...

Health insurers are collecting online data about consumers and using the information to predict an individual’s likely healthcare costs. Consumer-generated...

September 2020 is the second annual National Insider Threat Awareness Month (NITAM). Throughout the month, resources are being made available...

The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) recently released a draft consumer privacy...

The Department of Health and Human Services’ Office for Civil Rights has announced it has published additional resources for mobile...

A bill (SB-980) that establishes the Genetic Information Privacy Act has been passed by the California Senate and now awaits...

The American College of Radiology, the Society for Imaging Informatics in Medicine, and the Radiological Society of North America have...

A new study conducted by IRONSCALES shows there has been a major increase in credential theft via spoofed websites. This...

The Houston, TX-based web developer Netsential had its web servers hacked and almost 270 gigabytes of data were stolen and...

A team of researchers at Harvard University has investigated COVID-19 home monitoring technologies, which have been developed to decrease interpersonal...

July saw a major fall in the number of reported data breaches of 500 or more healthcare records, dropping below...

A new report has revealed the personal and protected health information of patients and other sensitive data are being exposed...

A database containing the personal information of more than 3.1 million patients has been exposed online and was subsequently deleted...

The House of Representatives has voted to lift the ban on the Department of Health and Human Services using federal...

The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and...

University of California San Francisco has paid a $1.14 million ransom to the operators of NetWalker ransomware to resolve an...

May 2020 saw a marked fall in the number of reported healthcare data breaches compared to April, with 28 data...

On June 16, 2020, The National Association of Attorneys General (NAAG) wrote to Google and Apple to express concern about...

A UK-based chatbot and telehealth startup has suffered an embarrassing privacy breach this week. Babylon Health has developed a telehealth...

A joint alert issued has been issued by the IRS, DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the Department...

There were 37 healthcare data breaches of 500 or more records reported in April 2020, up one from the 36...

Two privacy bills have been introduced relating to COVID-19 contact tracing apps that are now being considered by Congress. The...

The American Medical Association (AMA) has published a set of privacy principles for non-HIPAA-covered entities to help ensure that the...

Zoom has reached an agreement with the New York Attorney General’s office and has made a commitment to implement better...

The U.S. Federal Trade Commission (FTC) is seeking comment on its breach notification requirements for non-HIPAA-covered entities that collect personally...

The contact tracing technology being developed by Apple and Google to help track people who have come into close contact...

March 2020 saw a 7.69% month-over-month decrease in the number of reported healthcare data breaches and a 45.88% reduction in...

One measure that can be used in the fight against COVID-19 that has been attracting a great deal of worldwide...

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which...

Following on from the announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to...

There have been several reported cases of cyberattacks on healthcare organizations that are currently working round the clock to ensure...

HIPAA covered entities – healthcare providers, health plans, healthcare clearinghouses – and business associates of covered entities no doubt have...

The University of Kentucky (UK) has been battling to remove malware that was downloaded on its network in February 2020....

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses Report from Keeper Security shows approximately two thirds of...

The Protecting Jessica Grubbs Legacy Act (S. 3374) has been reintroduced by Senators Joe Manchin (D-W.V.) and Shelley Moore Capito...

Following the revelation that a considerable volume of patient data had been shared with Google by the Catholic health system...

An audit of the National Institutes of Health (NIH) conducted by the Department of Health and Human Services’ Office of...

Healthcare organizations are confident they are protecting regulated data and are controlling data sharing, but that confidence appear to be...

In January, healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’...

Senator Kirsten Gillibrand has introduced a new Senate bill – the Data Protection Act – to create new standards for...

An audit conducted by the Department of Health and Human Services’ Office of Inspector General (OIG) has revealed many pharmacies...

The eHealth Initiative (eHI) and the Center for Democracy & Technology (CDT) have joined forces to develop a new consumer...

Patients want easy access to their health data and for their health information to be presented in a concise, easy...

Critical vulnerabilities have been identified in GE Healthcare patient monitoring products by a security researcher at CyberMDX. Elad Luz, Head...

The operators of Maze ransomware are following through on their threats to publish stolen data if victims do not pay...

On January 16, 2020, the National Institute of Standards and Technology (NIST) issued version 1.0 of its Privacy Framework. The...

On January 1, 2020, the California Consumer Privacy Act (CCPA) came into effect. CCPA enhanced privacy protections for state residents...

Microsoft is stopping free support for Windows 7, Windows Server 2008, and Windows Server 2008 R2 on January 14, 2020,...

The U.S. Department of Justice (DOJ) has announced that a former employee of a New York City hospital has pleaded...

Figures from the Department of Health and Human Services’ Office for Civil Rights breach portal show a major increase in...

It has been another year of heavy enforcement of HIPAA compliance. HIPAA enforcement in 2019 by the Department of Health...

A discussion draft of a new bipartisan data privacy bill has been released by the House Energy and Commerce Committee....

The Department of Education and the Department of Health and Human Services’ Office for Civil Rights have issued updated guidance...

In November 2019, 33 healthcare data breaches of 500 or more records were reported to the Department of Health and...

A major data breach has been reported by one of Canada’s largest medical testing and diagnostics companies. Toronto-based LifeLabs said...

Blue Cross Blue Shield of Minnesota, the largest health insurer in the state, is now taking steps to fix around...

Pressure is continuing to be applied on Google and its parent company Alphabet to disclose information about how the protected...

Senator Roger Wicker (R-Miss), Chair of the Commerce Committee, has released a draft copy of the United States Consumer Data...

Cyberattacks on healthcare organizations have increased in frequency and severity in the past year, according to recently published research from...

A federal law giving U.S. citizens new rights over their personal data has been introduced by U.S. Sen. Maria Cantwell...

There was a 44.44% month-over-month increase in healthcare data breaches in October. 52 breaches were reported to the HHS’ Office...

Virtual Care Provider Inc. (VCP), a Wisconsin-based provider of internet and email services, data storage, cybersecurity, and other IT services,...

Two government watchdog agencies have recently published reports of reviews of privacy and security safeguards at the U.S. Department of...

The Stop Marketing And Revealing The Wearables And Trackers Consumer Health (Smartwatch) Data Act, has been introduced by Sens. Bill...

Leaders of the House Committee on Energy and Commerce are seeking answers from Google and Ascension on Project Nightingale. The...

It has been 60 days since Greenbone Networks reported on the mass exposure of medical images on unsecured Picture Archiving...

TigerConnect has released its 2019 State of Healthcare Communications Report, which shows that continuing reliance on decades-old, inefficient communications technology...

Following a report in the Wall Street Journal, Google has confirmed it is collaborating with one of the largest healthcare...

U.S. Senator, Mark. R. Warner (D-VA) has written to the Director of the HHS’ Office for Civil Rights, Roger Severino,...

The U.S Department of Health and Human Services has increased the civil monetary penalties for HIPAA compliance violations in accordance...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $1.6 million civil monetary penalty...

The University of Rochester Medical Center (URMC) has paid a $3 million HIPAA penalty for the failure to encrypt mobile...

The Department of Health and Human Services’ Office for Civil Rights has imposed a $2.15 million civil monetary penalty against...

A recent survey conducted by the Ponemon Institute on behalf of Keeper Security has revealed 76% of small and medium...

September saw 36 healthcare data breaches of more than 500 records reported to the Department of Health and Human Services’...

Internal Department of Veteran Affairs (VA) communications, disability claims, and the health information of thousands of veterans have been exposed...