HIPAA Journal

MAY 25, 2022

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020. Lifespan Services Suffers Ransomware Attack.

Ransomware 124

Ransomware Fraud HIPAA Licensing 124

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 85

HIPAA Ransomware Health Insurance Fraud 85

HIPAA Journal

NOVEMBER 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.

Ransomware 103

Ransomware Fraud Licensing HIPAA 103

HIPAA Journal

MARCH 13, 2023

Revenetics is facing a class action lawsuit over its December 2022 cyberattack and data breach that affected more than 250,000 individuals. The Royal ransomware group claimed responsibility for the attack and issued a ransom demand to prevent the publication of the 16GB of data allegedly stolen in the attack.

Ransomware 104

Ransomware Fraud HIPAA 104

HIPAA Journal

AUGUST 30, 2022

An unauthorized individual had access to the network of Avamere Health Services between January 19, 2022, and March 17, 2022, and exfiltrated files containing protected health information. The breach was detected on or around March 17, 2022, yet Avamere waited until July 13, 2022, to issue notifications to affected individuals.

Nursing Homes 117

Nursing Homes Fraud Ransomware HIPAA 117

HIPAA Journal

JANUARY 6, 2023

The Chicago, IL-based health system, CommonSpirit Health, is facing a class action lawsuit over its October 2022 ransomware attack. Malicious actors gained access to its IT systems on September 16, 2022, and deployed ransomware on October 2, 2022.

Ransomware 82

Ransomware Fraud Electronic Medical Records Hospitals 82

Compliancy Group

MARCH 30, 2023

The 2022 Internet Crime Report has revealed alarming statistics about the rampant rise in cybercrime, making it more critical than ever to be aware of the dangers and take necessary precautions. In 2022 there were a total of 800,944 complaints, which shows a 5% decrease from 2021, but the potential total loss has increased from $6.9

Ransomware 52

Ransomware Fraud HIPAA Compliance 52

HIPAA Journal

MARCH 24, 2022

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released its 2021 Internet Crime Report , which reveals there were at least 649 ransomware attacks on critical infrastructure organizations from June 2021 to December 2021. Losses to ransomware are difficult to determine.

Ransomware 120

Ransomware Public Health Fraud HIPAA 120

HIPAA Journal

JUNE 5, 2023

Multiple class action lawsuits have been filed against the city of Oakland in California over a ransomware attack and data breach that involved the theft of the personal and protected health information of 13,000 current and former employees. The ransomware attack is understood to have started with phishing emails.

Ransomware 55

Ransomware Fraud HIPAA 55

HIPAA Journal

MARCH 28, 2023

A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000 to the New York Attorney General to resolve alleged violations of New York General Business Law and the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA 99

HIPAA Ransomware Malpractice Health Insurance 99

HIPAA Journal

JANUARY 24, 2023

Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data. An earlier lawsuit was filed in the U.S.

Ransomware 55

Ransomware Fraud HIPAA Hospitals 55

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. Colorado-based Salud Family Health, a Federal Qualified Health Center (FQHC), has recently provided an update on a September 2022 cyberattack and has confirmed that patient data was potentially stolen.

Ransomware 79

Ransomware Health Insurance Hospitals Fraud 79

Health Care Performance

AUGUST 16, 2022

The HIPAA Security Rule requires covered entities and business associates to complete a HIPAA Security Risk Analysis, and to periodically update it. When investigating a breach, the OCR also reviews the organization’s compliance with the HIPAA Security Rule. What’s your HIPAA breach risk tolerance? Keep up the good work.

HIPAA 52

HIPAA Ransomware Compliance Fraud 52

HIPAA Journal

SEPTEMBER 7, 2022

The Morristown, VT-based healthcare provider, Lamoille Health Partners, is facing a class action lawsuit over a June 2022 ransomware attack that affected almost 60,000 of its patients. The attack was detected on June 13, 2022, with the investigation confirming the attackers gained access to its network the previous day.

HIPAA 103

HIPAA Ransomware Fraud Health Insurance 103

Compliancy Group

FEBRUARY 17, 2022

Fiondella, Milone & LaSaracina (FML), of Glastonbury, CT, reported the hacking incident to the Department of Health and Human Services’ Office for Civil Rights on January 14, 2022. Background of CPA HIPAA Breach. Under HIPAA regulations, this CPA HIPAA breach likely contained PHI. × HIPAA for CPAs.

HIPAA 52

HIPAA Compliance Ransomware Fraud 52

HIPAA Journal

MARCH 30, 2023

Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second.

Ransomware 92

Ransomware Fraud Governance Medical Billing 92

HIPAA Journal

FEBRUARY 14, 2023

Another lawsuit has been filed against Connexin Software over its August 2022 ransomware attack and data breach, which affected more than 2.2 On August 26, 2022, Connexin discovered hackers had gained access to its systems and used ransomware to encrypt files. million individuals.

Electronic Medical Records 79

Electronic Medical Records Ransomware HIPAA Fraud 79

HIPAA Journal

AUGUST 2, 2023

Notification letters will be sent to the affected individuals in the coming weeks and credit monitoring, fraud consultation, and identity theft restoration services will be offered. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing 71

Licensing Electronic Medical Records Ransomware Health Insurance 71

HIPAA Journal

JANUARY 17, 2023

The Dallas, TX-based home help service provider, Home Care Providers of Texas (HCPT), has recently announced that unauthorized individuals gained access to its network and used ransomware to encrypt files. The security breach was detected on June 29, 2022, when staff members were prevented from accessing files. million total.

Ransomware 100

Ransomware Fraud HIPAA Licensing 100

HIPAA Journal

FEBRUARY 1, 2023

When a data breach occurs and sensitive information is disclosed, the HIPAA Breach Notification Rule requires affected individuals to be notified. While it was common for ransomware attacks to be reported as such, these are increasingly reported as hacking incidents with no mention of file encryption or data theft.

Fraud 110

Fraud HIPAA Ransomware Compliance 110

HIPAA Journal

MARCH 24, 2022

A representative for the health district said this was not a ransomware attack. Notification letters started to be sent to affected individuals on March 15, 2022. Chelan Douglas Health District said it is unaware of any cases of identity fraud or other misuse of patient data.

Ransomware 122

Ransomware Fraud Hospitals HIPAA 122

HIPAA Journal

AUGUST 11, 2023

A joint research project by Health-ISAC, Finite State, and Securin has revealed exploitable vulnerabilities in medical devices have increased by almost 60% since 2022. The researchers identified almost 1,000 vulnerabilities in 966 medical products, which is a 59% year-over-year increase from 2022.

Electronic Medical Records 70

Electronic Medical Records Ransomware Fraud HIPAA 70

HIPAA Journal

MAY 18, 2023

Larger healthcare providers may temporarily divert ambulances and cancel some appointments following a ransomware attack but do not typically halt operations, but smaller healthcare providers may be left with little alternative. Suspicious network activity was detected on November 7, 2022, and its digital environment was immediately secured.

Ransomware 70

Ransomware Fraud HIPAA Health Insurance 70

HIPAA Journal

SEPTEMBER 28, 2022

At the time of issuing notifications, Wolfe Clinic had not received any reports of identity theft and fraud related to the Eye Care Leaders data breach. Reiter Affiliated Companies Reports June 2022 Cyberattack. The attack was detected on July 4, 2022, when certain systems were made unavailable. million patients.

Electronic Medical Records 73

Electronic Medical Records Ransomware Fraud HIPAA 73

HIPAA Journal

MARCH 25, 2022

Ultimate Care said no reports have been received that indicate there has been any misuse of patient information; however, as a precaution against identity theft and fraud, individuals whose Social Security numbers were impacted have been offered complimentary one-year memberships with a credit monitoring service.

Health Insurance 104

Health Insurance Licensing Ransomware Fraud 104

HIPAA Journal

JULY 27, 2023

Norton Healthcare has only disclosed limited information about the attack; however, the BlackCat ransomware group announced that it was behind the cyberattack and leaked some of the data stolen from Norton Healthcare on its data leak site. The lawsuit also seeks 10 years of credit monitoring services for all victims of the breach.

Ransomware 52

Ransomware Fraud Licensing Health Insurance 52

HIPAA Journal

AUGUST 17, 2022

In April 2020, Musculoskeletal Institute, dba Florida Orthopaedic Institute, discovered an unauthorized third party had gained access to a server that contained patients’ protected health information (PHI) and used ransomware to encrypt files. All claims must be submitted no later than September 16, 2022.

Ransomware 72

Ransomware Fraud HIPAA Health Insurance 72

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance 81

Health Insurance Public Health Ransomware Fraud 81

HIPAA Journal

FEBRUARY 9, 2023

In 2022, 22% of the data breaches investigated by Kroll occurred at healthcare organizations, up from 16% in 2021 – a year-over-year increase of 38%. These lawsuits allege victims face an imminent and increased risk of identity theft and fraud as a result of the theft of their personal and protected health information.

Fraud 52

Fraud Ransomware HIPAA Licensing 52

HIPAA Journal

JANUARY 12, 2023

Cybercriminals have been increasingly attacking healthcare vendors because they are a much less secure part of the supply chain and in 2022, many of the largest healthcare data breaches reported involved vendors. The post Healthcare Organizations Failing to Assess and Mitigate Supply Chain Risks appeared first on HIPAA Journal.

Electronic Medical Records 94

Electronic Medical Records Ransomware Fraud Public Health 94

HIT Consultant

JANUARY 3, 2023

With the advent of ransomware-as-a-service combined with a lack of resources to investigate attacks in-house for healthcare organizations, elaborate and devastating cyber attacks against healthcare, specifically through business communication channels are likely to increase in scale and sophistication. .

Compliance 52

Compliance Ransomware Fraud Regulatory Compliance 52

Hall Render

NOVEMBER 4, 2022

HHS releases video on documenting recognized HIPAA security practices. California physician charged with $53M mail fraud and money laundering scheme. OakBend Medical Center faces lawsuit for ransomware attack that breached 1M patient records. Former Tenet executive asks judge to toss $400M fraud case. CALIFORNIA.

US Department of Health and Human Services 40

US Department of Health and Human Services COVID-19 Nurses Nursing Homes 40

Compliancy Group

MAY 27, 2022

Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches – Facts and Figures. 35% of healthcare breaches involved ransomware attacks, vs. 20% in 2020. The average ransomware payment for healthcare was $875,784, about one-third less than the 2020 payment.

HIPAA 98

HIPAA Ransomware Compliance Hospitals 98

Compliancy Group

JANUARY 25, 2022

With at least six weeks before final numbers are in, the Department of Health and Human Services HIPAA Breach Reporting Tool website is reporting 713 major healthcare data breaches in 2021, an increase of more than 7.5 Trends of Major Healthcare Data Breaches Continue in 2022. Protected health information (PHI) from more than 45.7

HIPAA 98

HIPAA Ransomware Governance Fraud 98

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. The cyberattack was detected on January 27, 2022, and systems were taken offline to contain the attack.

Ransomware 86

Ransomware HIPAA Fraud Hospitals 86

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). million individuals and for delayed breach notifications.

HIPAA 94

HIPAA Compliance Ransomware Hospitals 94

HIPAA Journal

MAY 1, 2024

A federal court judge has recommended a class action lawsuit against CommonSpririt Health over its 2022 data breach should be dismissed due to the failure of the plaintiff to demonstrate that they had been harmed by the data breach. One of those lawsuits, Bonnie Maser v. Leineweber.

Fraud 97

Fraud Ransomware HIPAA Health Insurance 97