HIPAA Clicks https://hipaaclicks.com Daily HIPAA News, HIPAA RSS Feeds, HIPAA Information Mon, 22 Oct 2018 16:53:51 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.8 120316464 CMS Investigating 75,000-Record Breach of Federally Facilitated Exchanges Direct Enrollment System https://www.hipaajournal.com/cms-investigating-75000-record-breach-of-federally-facilitated-exchanges-direct-enrollment-system/ Mon, 22 Oct 2018 16:53:51 +0000 https://www.hipaajournal.com/?p=11504 The Centers for Medicaid & Medicare Services (CMS) has discovered hackers have gained access to a health insurance system that interacts with the HealthCare.gov website and have accessed files containing the sensitive information of approximately 75,000 individuals. On October 13, 2018, CMS staff discovered anomalous activity in the Federally Facilitated Exchanges system and the Direct […]

The post CMS Investigating 75,000-Record Breach of Federally Facilitated Exchanges Direct Enrollment System appeared first on HIPAA Journal.

]]>
The Centers for Medicaid & Medicare Services (CMS) has discovered hackers have gained access to a health insurance system that interacts with the HealthCare.gov website and have accessed files containing the sensitive information of approximately 75,000 individuals.

On October 13, 2018, CMS staff discovered anomalous activity in the Federally Facilitated Exchanges system and the Direct enrollment pathway used by agents and brokers to sign their customers up for health insurance coverage. On October 16, the CMS confirmed there had been a data breach and a public announcement about the cyberattack was made on Friday October 19, 2018.

While the number of files accessed only represents a small fraction of the total number of consumer records stored in the system, it is still a sizable and serious data breach. The files contained information supplied by consumers when they apply for healthcare plans through agents and brokers, including names, telephone numbers, addresses, Social Security numbers, and income details.

While the CMS has confirmed that the files have been accessed by unauthorized individuals, it is currently unclear whether any files were actually stolen by the attackers.

The investigation into the cyberattack is ongoing and the CMS is currently working on implementing new security controls to prevent further attacks. The Direct Enrollment system has been temporarily taken offline to allow the security updates to be applied. The CMS expects the system to be offline for about a week. It will be back online for the upcoming enrollment period that commences on November 1.

“Our number one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS Administrator Seema Verma.

The CMS notes that the attack only affected the system used by agents and brokers. There has not been a breach of the HealthCare.gov website which is used by consumers to personally sign up for health insurance coverage. “I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available,” said Verma.

The CMS will be sending notification letters to all individuals whose personal information has been exposed and will be providing further information on the steps they can take to prevent misuse of their data. The CMS will release further information about the breach as and when it becomes available.

The post CMS Investigating 75,000-Record Breach of Federally Facilitated Exchanges Direct Enrollment System appeared first on HIPAA Journal.

]]>
338838
Webinar: Triaging Healthcare Emergency Preparedness Today https://www.hipaajournal.com/webinar-triaging-healthcare-emergency-preparedness-today/ Mon, 22 Oct 2018 15:19:41 +0000 https://www.hipaajournal.com/?p=11497 In September, more than 200 healthcare professionals responded to a HIPAA Journal request to participate in an Emergency Preparedness and Security in Healthcare survey by Rave Mobile Security. The study identified the biggest safety concerns in healthcare, the most common types of emergencies experienced by healthcare providers over the past two years, and the methods […]

The post Webinar: Triaging Healthcare Emergency Preparedness Today appeared first on HIPAA Journal.

]]>
In September, more than 200 healthcare professionals responded to a HIPAA Journal request to participate in an Emergency Preparedness and Security in Healthcare survey by Rave Mobile Security.

The study identified the biggest safety concerns in healthcare, the most common types of emergencies experienced by healthcare providers over the past two years, and the methods used by healthcare providers to communicate with employees during those emergency situations.

Rave Mobile Security Chief Operating Officer, Todd Miller, will be discussing the key findings of the survey in a free webinar – Triaging Healthcare Emergency Preparedness Today – taking place on Thursday October 25 (2pm-3pm ET).

Click here to register for the webinar

The expert panel will feature:

Kevin McGinty, Safety & Emergency Management Coordinator, Middlesex Hospital

Kevin has over 10 years of experience in healthcare safety, environment of care, security and emergency management. At Middlesex Hospital, Kevin handles all aspects of safety and emergency management and is actively involved with all-hazards planning. He chairs life safety, hazardous materials and emergency management committees. Kevin has a bachelor’s degree in criminology. He is a member of the American College of Healthcare Executives and is active in the Connecticut Hospital Association. He has certifications as a healthcare environmental manager.

Patrick J. Turek, MPA, CEM, System Director of Emergency Management, Hartford HealthCare
Patrick has nine years of experience in emergency management. His mission at Hartford Healthcare is to create a more prepared, response-ready and resilient healthcare system to ensure the continuity of care for patients and to support its clinical and nonclinical team members during emergencies. He holds a Bachelor of Art in Criminology from Central Connecticut State University and a Master of Public Administration from the University of Connecticut. Patrick is a Certified Emergency Manager from the International Association of Emergency Managers.

Note: This is not a HIPAA Journal-sponsored event. HIPAA Journal has no commercial relationship with Rave Mobile Safety. HIPAA Journal is promoting industry events that might be of interest to readers. HIPAA Journal welcomes suggestions for further events that might be of interest to our readers.

The post Webinar: Triaging Healthcare Emergency Preparedness Today appeared first on HIPAA Journal.

]]>
338834
Ransomware Attack Impacts 16,000 National Ambulatory Hernia Institute Patients https://www.hipaajournal.com/ransomware-attack-impacts-16000-national-ambulatory-hernia-institute-patients/ Mon, 22 Oct 2018 14:59:03 +0000 https://www.hipaajournal.com/?p=11494 On September 13, 2018, the National Ambulatory Hernia Institute in California experienced a ransomware attack that resulted in certain files on its network being encrypted. According to the breach notice uploaded to the healthcare provider’s website, the attackers were potentially able to gain access to demographic data of patients recorded prior to July 19, 2018. […]

The post Ransomware Attack Impacts 16,000 National Ambulatory Hernia Institute Patients appeared first on HIPAA Journal.

]]>
On September 13, 2018, the National Ambulatory Hernia Institute in California experienced a ransomware attack that resulted in certain files on its network being encrypted.

According to the breach notice uploaded to the healthcare provider’s website, the attackers were potentially able to gain access to demographic data of patients recorded prior to July 19, 2018.

In total, 15,974 patients have had some of their protected health information exposed as a result of the attack. The information potentially accessed by the attackers was limited to names, addresses, birth dates, diagnoses, appointment dates and times, and Social Security numbers. Patients who visited National Ambulatory Hernia Institute facilities for the first time after July 19, 2018 were unaffected by the breach.

Due to the sensitive nature of the exposed information, the National Ambulatory Hernia Institute has advised affected patients to obtain identity monitoring services for a period of at least one year. The breach notice does not state whether those services are being provided to patients free of charge.

The National Ambulatory Hernia Institute explained that all data have now been transferred to an off-site server and additional controls have been purchased and implemented to prevent further attacks, including a more robust firewall and antivirus software solutions. The investigation into the breach is ongoing.

The National Ambulatory Hernia Institute did not state what type of ransomware was used in the attack, only that “the attack was tied to an email address glynnaddey@aol.com.”

That email address has previously been associated with a variant of CrySiS/Dharma ransomware called gamma. Gamma ransomware ransoms are not fixed and are not stated on the ransom demands. Victims must email the attackers to find out how much it will cost for the keys to unlock files. No mention was made about whether the ransom demand was paid to regain access to data.

The post Ransomware Attack Impacts 16,000 National Ambulatory Hernia Institute Patients appeared first on HIPAA Journal.

]]>
338835
HIPAA-Compliant Messaging Services Market: Trends, Growth, Forecast with (Type, End User) – The Future Gadgets http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNEtxJmqxKpOXz2pISYzpKiFipuR6A&clid=c3a7d30bb8a4878e06b80cf16b898331&ei=_t7NW7jDG9OtqgLy_4yAAg&url=https://thefuturegadgets.com/40343/hipaa-compliant-messaging-services-market-trends-growth-forecast-with-type-end-user/ Mon, 22 Oct 2018 13:55:22 +0000 http://hipaaclicks.com/?guid=60fcf1d0c26dac8cb2032173d87439c1
The Future Gadgets
HIPAA-Compliant Messaging Services Market: Trends, Growth, Forecast with (Type, End User)
The Future Gadgets
HIPAA (Health Insurance Portability and Accountability Act) Complaint messaging service is a secure messaging solution which enables healthcare system to protect the health information while still allowing communication between users. These services ...

]]>
338832
Anthem in Record $16m HIPAA Settlement – Infosecurity Magazine http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNGYSVuwk2NSYqrSv84avXiAypL-DQ&clid=c3a7d30bb8a4878e06b80cf16b898331&ei=i6LNW-j7A9HdqQLvybWoCQ&url=https://www.infosecurity-magazine.com/news/anthem-in-record-16m-hipaa/ Mon, 22 Oct 2018 08:45:00 +0000 http://hipaaclicks.com/?guid=8e33e0c6c169335c4f77cf78cd38ee1b
Infosecurity Magazine
Anthem in Record $16m HIPAA Settlement
Infosecurity Magazine
Healthcare insurance giant Anthem has agreed to pay a record $16m settlement to the US government after a major 2015 breach affecting nearly 79 million customers. The Blue Cross and Blue Shield Association licensee is one of the biggest providers in ...

]]>
338829
Anthem Hit with $16M Judgement in Record HIPAA Settlement – http://totalsecuritydailyadvisor.blr.com/ (press release) (blog) http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNGjU1NEEZQKOWeJMdiEclsyHo3g6g&clid=c3a7d30bb8a4878e06b80cf16b898331&ei=nrrJW9DQFNHdqQLvybWoCQ&url=https://totalsecuritydailyadvisor.blr.com/cybersecurity/anthem-hit-with-16m-judgement-in-record-hipaa-settlement/ Fri, 19 Oct 2018 09:46:43 +0000 http://hipaaclicks.com/?guid=fd8e79403ae4f01bea2836d5b50478f6
http://totalsecuritydailyadvisor.blr.com/ (press release) (blog)
Anthem Hit with $16M Judgement in Record HIPAA Settlement
http://totalsecuritydailyadvisor.blr.com/ (press release) (blog)
Anthem Inc. has agreed to pay $16 million to settle HIPAA allegations related to the historic data breach the insurer suffered in 2015. The record amount of the resolution agreement, announced October 15 by the U.S. Department of Health and Human ...

]]>
338827
Multiple Expert Speakers and Learning Credits for Professionals at HIPAA Privacy and Security Summit November 8 … – Markets Insider http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNHTKUpKUd9ftc16Xaqfjef1dXrtRw&clid=c3a7d30bb8a4878e06b80cf16b898331&cid=52780070912323&ei=T3zJW9DbOtHdqQLvybWoCQ&url=https://markets.businessinsider.com/news/stocks/multiple-expert-speakers-and-learning-credits-for-professionals-at-hipaa-privacy-and-security-summit-november-8-2018-1027632541 Fri, 19 Oct 2018 06:25:09 +0000 http://hipaaclicks.com/?guid=8604edd582fe7662e412d923d524c4e3
Multiple Expert Speakers and Learning Credits for Professionals at HIPAA Privacy and Security Summit November 8 ...
Markets Insider
WILMINGTON, Del., Oct. 19, 2018 /PRNewswire-PRWeb/ -- The HIPAA Privacy and Security Summit is a joint effort of Delaware Law School and First Healthcare Compliance to provide resources for professionals facing the challenges of HIPAA compliance.

and more »
]]>
338825
ERI’s John Shegerian Calls Anthem’s Record HIPAA Settlement a ‘Warning for the Entire Healthcare Industry’ – Associated Press (press release) (blog) http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNHsOU4CoDKEQ3CHZCZ7JkD_Qsz4uQ&clid=c3a7d30bb8a4878e06b80cf16b898331&ei=_9fIW4gno9vMBreqkIgG&url=https://www.apnews.com/3cb257c38f58475b90b108b999a64b0e Thu, 18 Oct 2018 18:49:07 +0000 http://hipaaclicks.com/?guid=c543603b2b4d629a38108e023698e9e3
ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry'
Associated Press (press release) (blog)
Federal regulators hit health insurer Anthem Inc. with a record $16 million HIPAA settlement as a result of a cyberattack revealed in 2015, which impacted nearly 79 million people. In announcing the record HIPAA fine, regulators noted the insurer ...

]]>
ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry'
Associated Press (press release) (blog)
Federal regulators hit health insurer Anthem Inc. with a record $16 million HIPAA settlement as a result of a cyberattack revealed in 2015, which impacted nearly 79 million people. In announcing the record HIPAA fine, regulators noted the insurer ...

]]>
338819
ERI’s John Shegerian Calls Anthem’s Record HIPAA Settlement a ‘Warning for the Entire Healthcare Industry’ – Business Wire (press release) http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNGjWAAPn6fB0s9PBK0JVxfzQ7XPsQ&clid=c3a7d30bb8a4878e06b80cf16b898331&cid=52780070538306&ei=HebIW7CoF7WUqgLzu6eQBw&url=https://www.businesswire.com/news/home/20181018005841/en/ERI%25E2%2580%2599s-John-Shegerian-Calls-Anthem%25E2%2580%2599s-Record-HIPAA Thu, 18 Oct 2018 18:37:00 +0000 http://hipaaclicks.com/?guid=efacf27ca9aa5b51ddc209b856be0fe4
ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry'
Business Wire (press release)
Federal regulators hit health insurer Anthem Inc. with a record $16 million HIPAA settlement as a result of a cyberattack revealed in 2015, which impacted nearly 79 million people. In announcing the record HIPAA fine, regulators noted the insurer ...

and more »
]]>
ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry'
Business Wire (press release)
Federal regulators hit health insurer Anthem Inc. with a record $16 million HIPAA settlement as a result of a cyberattack revealed in 2015, which impacted nearly 79 million people. In announcing the record HIPAA fine, regulators noted the insurer ...

and more »
]]>
338821
Anthem to Pay $16 Million in Largest Ever OCR HIPAA Settlement – JD Supra (press release) http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNFEaekYmhaO4J3RZnrTEVshfXiBJw&clid=c3a7d30bb8a4878e06b80cf16b898331&ei=HebIW7CoF7WUqgLzu6eQBw&url=https://www.jdsupra.com/legalnews/anthem-to-pay-16-million-in-largest-57440/ Thu, 18 Oct 2018 16:29:30 +0000 http://hipaaclicks.com/?guid=33b61f67ac0518f9bc6017ba2664a402
Anthem to Pay $16 Million in Largest Ever OCR HIPAA Settlement
JD Supra (press release)
On October 15, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Anthem, Inc. (Anthem) agreed to pay $16 million to settle allegations relating to HIPAA violations following a 2015 data breach ...

]]>
338822