SecurityWeek
CISA, HHS Release Cybersecurity Healthcare Toolkit
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
SecurityWeek
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
DataBreaches
HHS Health Center Cybersecurity Center (HC3) has published a new informational handout and guidance on multi-factor authentication (MFA) and smishing. It...
CyberSecurity Dive
A mental healthcare provider didn’t have sufficient protections in place before a ransomware attack exposed the protected health information of more than 14,000 people, according to the HHS’ Office for Civil Rights.
DataBreaches
From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a...
DataBreaches
HHS Cybersecurity Program has released a new threat brief on lessons learned from the HSE cyberattack. DataBreaches.net covered the incident and aftermath in...
DataBreaches
It appears that Peachtree Orthopaedic Clinic in Georgia reported a breach to HHS on January 3 that impacted 53,686 patients. They reported the breach as...
The Cyber Express
Following a cybersecurity incident dubbed as an indirect ‘HHS data breach’, and theft of funds, the U.S. Department of Health
DataBreaches
The HHS Cybersecurity Program has issued a new brief this week: Log4J Vulnerabilities and the Health Sector You can access it at https://www.hhs...
DataBreaches
HHS has published a new cybersecurity threat brief, available for download on their site. The topics include: • What Is an EMR, and How Is It Used in...
Security Affairs
The US Department of Health and Human Services (HHS) warns healthcare organizations of Royal ransomware attacks. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. The Health and Human Services (HHS) is aware of attacks against the Healthcare and Public Healthcare (HPH) […]
DataBreaches
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of...
CyberSecurity Dive
In a Thursday letter, the American Hospital Association urged the HHS’ Office of Civil Rights to reduce “duplicative” breach notifications from the cyberattack.
SecurityWeek
Guidance on secure use of AI, HHS grant money stolen by hackers, CISA director Jen Easterly target of swatting.
DataBreaches
HHS recently issued an alert about a known vulnerability allowing access to some picture archiving communications systems (PACS). The vulnerability had been...
DataBreaches
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a...
Security Affairs
The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.
The Record
The U.S. Department of Health and Human Services (HHS) agreed to a settlement of $480,000 with Louisiana-based medical group Lafourche Medical Group following a 2021 cyberattack that exposed the sensitive information of nearly 35,000 people.
Bleeping Computer
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack.
The Record
The United States Department of Health and Human Services (HHS) said it is planning to take a range of actions in an effort to better address cyberattacks on hospitals, which have caused dozens of outages across the country in recent months.
The Record
Doctors’ Management Services — which provides medical billing and payer credentialing services — was attacked by the now-defunct GandCrab ransomware gang in April 2017. The settlement with HHS is the first for the agency over a ransomware attack.
DataBreaches
The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class...
DataBreaches
January 24 Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), is...
DataBreaches
From HHS, resolution of a complaint they received in 2017: The Office for Civil Rights (OCR) has settled with B. Brandon Au, DDS, Inc., d/b/a New Vision Dental...
DataBreaches
HHS issued two reports or advisories this past week. The first was a 67-page report on Royal & BlackCat Ransomware and the threat that they pose to the...
DataBreaches
On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address...
DataBreaches
HHS OCR has announced a second enforcement settlement in a ransomware case. The 2019 breach involving Green Ridge Behavioral Health managed to fly mostly under...
Infosecurity News
Office of Inspector General slams department’s security program four years running
DataBreaches
HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident...
DataBreaches
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the...
CyberSecurity Dive
The Office for Civil Rights will focus on whether protected health information was breached and if UnitedHealth complied with privacy and security requirements.
SC Magazine
The probe will establish whether HIPAA privacy, security and beach notification met compliance rules.
DataBreaches
Frank Konkel reports: The Government Accountability Office is recommending the Department of Health and Human Services establish a feedback mechanism to...
DataBreaches
Revelations contained in an affidavit by an FBI agent and a press release by the Department of Justice about the arrest of the owner of a popular hacking forum...
CyberSecurity Dive
The nonprofit will pay $4.75 million to settle allegations that data security failures allowed an employee to steal and sell the protected health information of thousands of patients.
CyberSecurity Dive
The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly.
Infosecurity News
Threat actors are socially engineering healthcare IT helpdesk staff to steal money, the government has warned
DataBreaches
Mike Miliard reports: The U.S. Department of Health and Human Services is warning hospitals and health systems that a security vulnerability in picture archive...
CyberSecurity Dive
The program will invest more than $50 million to create a software suite that can automatically find potential vulnerabilities that hackers could exploit and deploy fixes.
The Record
The program run by the Advanced Research Projects Agency for Health seeks to create a vulnerability mitigation software platform and a system for auto-detecting vulnerabilities.
The Record
The Department of Health and Human Services' Office for Civil Rights (OCR) said it would look into the incident “given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers.”
DarkReading
The initiative is meant to provide more resources and better strategies for healthcare entities that face an increasing amount of cybersecurity challenges.
The Record
The rules will bar doctors, insurers and other health-care groups from making health information available to state officials investigating, prosecuting, or filing a lawsuit against a patient or provider.
CyberSecurity Dive
More than 50 provider groups are asking the federal government to publicly state that UnitedHealth should handle data breach reporting stemming from the cyberattack on its subsidiary.
CyberSecurity Dive
The American Hospital Association and the American Medical Association pushed the federal government to offer more financial support as the Change outage limits providers’ ability to receive payment.
DataBreaches
TLP: White Report: 202203101700 March 10, 2022 Conti Ransomware (Update) Executive Summary Conti is a ransomware group that has aggressively targeted...
The Record
Republican Sen. Bill Cassidy wants details from the department in response to a report from earlier this year about a scam involving a grant program.
The Record
The department had received pushback against a previously released FAQ page that said every organization affected by the hack of Change Healthcare would have to file their own breach notices with federal and state regulators.
DataBreaches
Louisiana Medical Group settles after investigation reveals large cybersecurity breach affecting nearly 35,000 patients Today, the U.S. Department of Health...
The Record
Legislators wrote to the Department of Health and Human Services to demand that regulations for protect health information (PHI) treat it the same way the law covers a person's location data, texts and phone calls.
The Cyber Express
In a coordinated effort to address the escalating threat landscape of ransomware, the Cybersecurity and Infrastructure Security Agency (CISA), in
The Cyber Express
In a coordinated effort to address the escalating threat landscape of ransomware, the Cybersecurity and Infrastructure Security Agency (CISA), in
The Cyber Express
The hacking group ALPHV/BlackCat has resurfaced, once again targeting healthcare companies and threatening to report them to the U.S. Department
The Record
Third-party tracking technologies like the Meta/Facebook Pixel and Google Analytics could cause healthcare institutions to be in violation of privacy laws, the agencies said in a letter to 130 organizations.
DataBreaches
An undated message on the Tennessee Orthopaedic Clinics website states that TOC recently responded to a security incident. They don’t say when they...
DataBreaches
Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints...
Infosecurity News
Healthcare organizations told they could be targeted by cyber-attacks linked to Russian invasion of Ukraine
DataBreaches
Jordan Robertson and Riley Griffin report: On March 15, 2020, just days after the US declared a national emergency because of the Covid-19 pandemic, the...
DataBreaches
On September 1, a listing on a dark web site by a group calling themselves Don#t_Leaks named MonarchNC as a victim. The listing did not appear for long. The...
The Record
The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as “Citrix Bleed” that is being used in attacks by ransomware gangs.
DataBreaches
On March 25, 2022, Lutheran Social Services of Illinois (LSSI) notified HHS of a breach affecting 1,000 people. The incident, still under investigation by HHS,...
DataBreaches
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination...
DataBreaches
Updating some HHS reports: First Choice Community Health Care reported its ransomware attack to HHS on August 1 as impacting 101,541 patients. BHG Holdings...
DataBreaches
Two breaches that were first reported to HHS in November have now been more fully disclosed. Both of the following breaches were first reported to HHS in...
DataBreaches
New Jersey psychiatry practice pays $30,000 to settle complaint about impermissible disclosure of protected health information by disclosing this information...
DataBreaches
From their report: Summary OCR received 609 notifications of breaches affecting 500 or more individuals, representing a decrease of 7% from the number of...
SC Magazine
Hackers are using a sophisticated social engineering ruse targeting IT help desk staff to gain initial access to healthcare organizations.
DataBreaches
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office...
DataBreaches
In August 2020, DataBreaches reported that the Maze ransomware gang had added Ventura Orthopedics to their name-and-shame leak site. At the time, Ventura did...
DataBreaches
The Federal Trade Commission and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) are cautioning hospitals and telehealth...
DataBreaches
Notifications of Enforcement Discretion expire at 11:59 pm on May 11, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights...
SecurityWeek
The HHS is investigating whether protected health information was compromised in the Change Healthcare data breach.
DataBreaches
Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services,...
The Cyber Express
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has settled with Lafourche Medical Group,
DataBreaches
On August 8, Columbia River Mental Health Services (“CRMHS”) in Washington State notified HHS about a data security breach involving some employee email...
The Cyber Express
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Green
The Hacker News
The U.S. Department of Health and Human Services (HHS) has issued a warning about ongoing ransomware attacks targeting healthcare entities.
Bleeping Computer
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations.
DataBreaches
In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501...
Bleeping Computer
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.
DataBreaches
HHS OCR’s October newsletter begins: Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners...
DataBreaches
From the Office of Information Security / HHS and the Health Sector Cybersecurity Coordination Center: Data Exfiltration Trends in Healthcare March 9, 2023
DataBreaches
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the...
DataBreaches
HHS Cybersecurity Program has issued an Alert (TLP: WHITE). Executive Summary Malicious actors use influence operations, including tactics like misinformation,...
DataBreaches
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to...
DataBreaches
The Office of Information Security Securing One HHS and Health Sector Security Coordination Center (HC3) have released slides from: Major Cyber Organizations...
DataBreaches
A whitepaper from the HHS Cybersecurity Program. April 7, 2022 Available online at https://www.hhs.gov/sites/default/files/lapsus-okta-health-sector-tlpwhite...
CyberSecurity Dive
The largest data breach reported to the HHS’ Office for Civil Rights so far this year comes as regulators reconsider healthcare’s use of tracking technologies.
DataBreaches
Jose Fabian provides details on a Sacramento County phishing incident reported to HHS last month: Hundreds of records containing personal information of...
DataBreaches
And as this work week drew to a close, we also learned about these breaches involving patient data that were reported to HHS earlier this month: Dialyze...
DataBreaches
HHS Cybersecurity Program has issued another alert and whitepaper report (202202280900): Executive Summary Leading up to Russia’s unprovoked attack against...
DataBreaches
In November 2021, the Northeast Rehabilitation Hospital Network in New Hampshire notified HHS of a breach. At the time, they indicated 501 patients had been...
DataBreaches
There’s an update to a breach previously reported on this site in 2018. From HHS: Oklahoma State University – Center for Health Sciences (OSU-CHS) has...
DataBreaches
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A...
Cyber Security News
FBI, CISA, and the Department of Health and Human Services (HHS) have issued a joint advisory warning about the ALPHV Blackcat ransomware.
DataBreaches
In November, Marietta Area Health Care Inc. dba Memorial Health System notified HHS of a breach. The number affected was submitted as 501 — a number that...
CyberNews
The US Department of Health and Human Services (HHS) is opening an investigation into the cyberattack on UnitedHealth Group’s health tech subsidiary Change Healthcare.
DataBreaches
Medsurant Health in Pennsylvania recently notified HHS that 45,000 patients were impacted by a breach. The patients are not yet being notified, however,...
DataBreaches
On September 15, Oak Valley Hospital District in California notified the state and HHS of a data security incident that began on April 21 and was first...
DataBreaches
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated...
DataBreaches
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health...
Loading more articles....