State regulators have fined health plan Kaiser Permanente $450,000 for a mailing mishap that sent private health plan records to the outdated addresses of 167,095 patients. The erroneous mailing was triggered by a technical update of the health plan's electronic health records system.
Major healthcare industry associations are urging federal regulators to finalize proposed changes to the HIPAA privacy rule that would bolster protections over reproductive healthcare data. In some cases, the groups are suggesting that regulators go even further in stretching privacy safeguards.
In the latest weekly update, ISMG editors discuss how cyber risk is becoming more closely tied to the economic health of nations, why a rural U.S. healthcare provider is closing due in part to ransomware attack woes, and why some cybersecurity companies have laid off staff this month.
A commercial real estate company that operates more than a dozen addiction recovery centers and other medical facilities in several states is notifying 319,500 employees and patients of a recent ransomware incident that compromised their personal and health information.
Federal regulators have hit Washington state-based Yakima Valley Memorial Hospital with a $240,000 HIPAA fine and correction action plan following a 2018 breach involving 23 hospital security guards who snooped into the electronic medical records of 419 patients.
A former employee of an Arizona hospital has been sentenced to federal prison and ordered to pay restitution to victims after pleading guilty to criminal HIPAA violations and his participation in an identity theft scam that compromised the data of nearly 500 patients.
At the EU cybersecurity agency ENISA's recent conference on the cybersecurity upsides and downsides of AI chatbots, presenters urged "preparedness," recommending that cybersecurity professionals track the "warp speed" evolution of chatbots to target emerging risks as well as opportunities.
Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review. Manasa Health Center will pay $30,000 and implement a corrective action plan, HHS said.
The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.
A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.
Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.
The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.
A practice management software firm has agreed to pay a $550,000 fine and implement a comprehensive data security program to settle an enforcement action by New York state regulators after a 2020 ransomware attack that affected 1.2 million individuals nationwide, including 428,000 New Yorkers.
Home healthcare equipment firm Apria Healthcare is notifying nearly 1.9 million individuals of a hacking incident discovered in September 2021 that affected information dating back to mid-2019. The company says the breach was related to an attempt to fraudulently obtain funds from Apria.
Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.