
Despite HIPAA Risks, Many Health Care Organizations Still Not in Compliance
In a recent press release, the federal Office for Civil Rights (OCR) announced it concluded 2018 with a record of $28.7 million from the settlement of 10 cases and the winning of a judgment in another regarding HIPAA compliance violations. The amount was 22% greater than its previous high of $23.5 million in 2016. These numbers reflect a few things. First, HIPAA is now fully enforced and the government is no longer using kid gloves in calling out infractions. Second, once OCR

ENT to Close in Wake of Ransomware Attack
The decision to shutter Brookside ENT and Hearing Services, based in Battle Creek, Michigan in the aftermath of the attack appears extreme. But it's an example of the distress many healthcare entities -- especially small and mid-sized providers -- are facing as ransomware attacks continue and hackers become more sophisticated. As reported by GovInfoSecurity, the two-doctor practice lost access to patient medical records, billing, scheduling and other critical data after ranso

Small Medical Practices Targeted by Ransomware Attacks in 2018
About 70 percent of ransomware attacks in 2018 targeted small businesses, with an average ransom demand of $116,000, according to a recent report from Beazley Breach Response Services. The healthcare sector was the hardest hit by ransomware, according to the report, with small to medium sized practices being the primary targets, as they typically spend less on security than their larger counterparts. As a result, it’s much easier for hackers to compromise their systems. As a

350,000 Patients, 2 Million Emails Exposed in Oregon DHS Phishing Attack
Nine employees of the Oregon Department of Human Services fell victim to a targeted phishing attack, breaching the personal and medical data via 2 million compromised emails, according to HealthITSecurity. On January 28, Oregon DHS’ Enterprise Security Office Cyber Security team determined the email accounts were breached, according to officials. A third-party security team was hired to investigate the incident and determine what information was exposed in the cyberattack. Of

How to Avoid a HIPAA Audit
The Office of Civil Rights (OCR) has continued its stringent HIPAA audit process in recent years, with 2018 being a record enforcement year; a strong, A robust security program is the key to avoiding -- or surviving -- an audit. HIPAA compliance is a pinnacle part of any privacy and security program, despite being written well before the digital age. While many have pointed out the holes in the HIPAA rule and may want to see an update, the regulation is here into the near fut

Study Confirms Healthcare Employees Are Susceptible to Phishing Attacks
The healthcare industry is being targeted by cybercriminals and phishing is one of the most common ways to gain access to healthcare networks and sensitive data. The number of successful phishing attacks on healthcare institutions is a serious concern. Dr. William Gordon of Boston’s Brigham and Women’s Hospital and Harvard Medical School and his team conducted a study to determine the susceptibility of healthcare employees to phishing attacks. For the study, Gordon and his te