Drug Testing Lab Portal Incident Exposed Data for 4 Years

How Can Other Entities Avoid Similar Misconfiguration Mishaps? … “Because portals, by definition, are externally facing, they are accessible via the internet, which automatically means they are more likely to be targets for attackers,” says Tom Walsh, founder of privacy and security consultancy tw-Security. … Portals “tend to be about one person obtaining data about themselves […]

Read More

Record Number of Major Health Data Breaches in 2021

Analysis: Federal Tally Shows Breaches Climbing Annually, Hacks Dominating … “Breaches will increase as businesses continue to automate more. Data is the new currency in the cyber world,” says Tom Walsh, founder of privacy and security consultancy tw-Security. … Hacking incidents in particular will continue to plague the healthcare sector, Walsh says. “Hackers have stepped […]

Read More

Vendor: Data Breach Involved Security Product Vulnerability

Clinical Review Firm: Nearly 135,000 Individuals, Dozens of Health Plans Affected … Tom Walsh, founder of privacy and security consultancy tw-Security, says that vulnerabilities can also arise in how a user organization configures a product, such as one provided by SonicWall or any other vendor. “The organization using the product/tool – in this case SonicWall […]

Read More

A national unique patient identifier faces an uncertain, bumpy road

Recent legislative action may clear the path for developing a uniform, accurate and effective way to tie data to patients, but challenges are looming. … There’s also the question of rollout. Initially, a UPI would be added into patient records as patients engage in the healthcare system, says Susan Lucci, senior privacy/security consultant with tw-Security […]

Read More

Ransomware Incidents Among Largest Breaches on Federal Tally

Analysis of Latest Health Data Breaches on the HHS OCR ‘Wall of Shame’ … While many organizations are improving their practices to be better prepared for potential ransomware attacks involving encryption of data, “it doesn’t matter how good your data backup and recovery procedures are. That doesn’t help in a data exfiltration,” says Tom Walsh, president […]

Read More

Former Executive Accessed PHI of Nearly 38,000 Individuals

Accountable Care Organization Says It’s Investigating 2020 Incident … Organizations should also take steps to ensure the return of company-owned mobile computing and storage devices, or the deletion of sensitive data at the end of a worker’s employment, experts note. “We recommend that HR and/or IT uses a checklist to ensure assets are returned and any […]

Read More

Ransomware, Vendor Breaches Spike on Federal Tally

Analysis of Latest Major Health Data Breaches Posted to HHS OCR Website … “Vendor data breaches in healthcare are running higher in 2021 than we’ve seen in previous years,” says Susan Lucci, who tracks breach trends as a senior privacy and security consultant at consultancy tw-Security. “In the second quarter of 2021, nearly 70% of all the […]

Read More

Researchers: 61M Health IoT Device User Records Exposed

Database Belonged to a Firm That Apparently Just Shut Down … Internet-exposed database breaches usually occur due to several common reasons, says Keith Fricke, a principle consultant at privacy and security consultancy tw-Security. Sometimes IT makes changes to these systems and afterwards the security is not checked, he says. “In other cases, these systems have vulnerabilities that criminals […]

Read More