
New York Governor to Investigate Facebook Health Data Practices
A recent Wall Street Journal report found that several applications share sensitive data with the social media platform -- often without user consent. New York Governor Andrew Cuomo calls it “an outrageous abuse of privacy.” Facebook can receive this data from certain apps even if the user does not have a Facebook account, according to the Journal. Among the apps sending information to Facebook are a period-tracking app and a heart-rate monitoring app, the Journal says. For e

Ransomware Attack on Connecticut Optometrist Impacts 24,000 Patients
Connecticut-based optometrists Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates recently began notifying about 23,578 patients that their personal data was potentially breached during a ransomware attack, according to an article in HealthITSecurity. On November 29, 2018 the eye specialist discovered a ransomware attack on its servers. Officials said they immediately acted to stop the cyberattack from proliferating. Further, they were able to restore the network using clea

Telemedicine: 6 Ways You Might Be Violating HIPAA
A common misconception of telehealth and security may be this: using HIPAA-compliant telehealth software will protect you from HIPAA violations. Of course, using telehealth software that adheres to the clear technical and physical safeguards laid out in HIPAA is a key part of building a HIPAA-compliant telehealth care program. But it’s only one piece of the larger puzzle in maintaining the security of your protected health information (PHI). According to Telemedicine Magazine

Modifying HIPAA Rules to Foster Improvements to Coordinated Care
This past December, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Request for Information (RFI) seeking comments on potential modifications to the HIPAA Rules focused on improving care coordination and aligning with the agency’s emphasis on value-based care. As part of HHS’s declared “Regulatory Sprint to Coordinated Care,” the RFI complements two earlier 2018 RFIs related to reforming regulations promulgated pursuant to the St

LifeBridge Health Sued over Data Breach of Half Million Patients
A class-action lawsuit was recently filed against Baltimore-based LifeBridge Health over its 2016 health data breach, discovered and disclosed to the public in May 2018. This Baltimore provider discovered malware on its EHR server, but the initial cyberattack began in September 2016, as reported by HealthITSecurity. The lawsuit alleges officials should have known sooner. According to the release, law firm Murphy, Falcon and Murphy filed the statewide suit in Maryland on behal

Phishing Attack on Verity Health Breaches Patient Data
Two recent phishing attacks gave a hacker access to three employee web email accounts, including attachments with personal data. Verity Health System and Verity Medical Foundation are notifying patients that their data was potentially breached by these attacks, which occurred in November 2018 and in January 2019, as reported by HealthITSecurity. Upon discovery, access to these accounts was terminated within hours by the Verity IT team. The email accounts were also disabled, a