The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.
A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.
Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.
The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.
A practice management software firm has agreed to pay a $550,000 fine and implement a comprehensive data security program to settle an enforcement action by New York state regulators after a 2020 ransomware attack that affected 1.2 million individuals nationwide, including 428,000 New Yorkers.
Home healthcare equipment firm Apria Healthcare is notifying nearly 1.9 million individuals of a hacking incident discovered in September 2021 that affected information dating back to mid-2019. The company says the breach was related to an attempt to fraudulently obtain funds from Apria.
Federal regulators fined a practice management software and services vendor $350,000 in the aftermath of an investigation into a 2018 HIPAA breach that involved a file transfer protocol server mishap. The company said the incident was the result of "a singular human error."
A recently proposed federal rule would prohibit healthcare organizations from disclosing to law enforcement patient information related to obtaining or providing an abortion. If enacted, it will address longstanding loopholes in healthcare privacy, said attorney Kathleen McGee.
Two separate proposed class action data privacy lawsuits involving the use of Meta Pixel tracking tools in healthcare entity websites are continuing to proceed with new legal developments this week in a Northern California federal court.
Cloud-based electronic health records vendor NextGen Healthcare is notifying more than 1 million individuals of a data compromise involving stolen credentials. The data breach appears to be at least the second alleged data security incident the company has investigated since January.
The tally of individuals whose sensitive information was compromised by the exploitation of a zero-day vulnerability in Fortra's GoAnyWhere secure file transfer software is growing by millions as more entities report heath data breaches to regulators.
The University of Iowa Health Care is facing a proposed class action lawsuit from a patient who alleges that online tracking tools embedded into the medical center's websites secretly transmitted sensitive personal and health information to Facebook.
Healthcare sector entities' reliance on specialty and legacy equipment, including imaging systems and other gear, continues to present attractive targets for threat actors and a growing risk for medical providers, said Frank Catucci, CTO and head of research at security firm Invicti Security.
Six individuals - including five former employees of a Tennessee healthcare organization - have pleaded guilty to criminal HIPAA violations in an alleged scheme involving the sale of motor vehicle accident patient information to third parties. One of the defendants has been sentenced so far.