#HIPAA
Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff:
#databreach #ransomware #HealthSec #cybersecurity #HIPAA #incidentresponse
Health IT Security Robot
.
DATE:
December 06, 2023 at 11:11AM
.
TITLE:
9 Prime Healthcare hospitals caught in MOVEit data breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/9-prime-healthcare-hospitals-caught-in-moveit-data-breach.html
.
<p>Nine of Ontario, Calif.-based Prime Healthcare's hospitals were caught up in a data breach involving the MOVEit file transfer software, <a href="https://www.databreaches.net/cbiz-ka-notice-of-data-privacy-incident-prime-healthcare/" target="_blank" rel="noopener">databreaches.net</a> reported Dec. 6.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 06, 2023 at 11:01AM
.
TITLE:
California hospital in 'downtime processes' after cyberattack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/california-hospital-in-downtime-processes-after-cyberattack.html
.
<p>Stockton, Calif.-based Dameron Hospital is rescheduling procedures after a cyberattack, according to a Dec. 5 report from the local NBC affiliate <a href="https://www.kcra.com/amp/article/dameron-hospital-in-stockton-hit-by-cyberattack/46043912" target="_blank" rel="noopener"><em>KCRA</em></a>.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
In the decades since, we've gotten laws that poke at the edges of privacy, like #HIPAA (for health) and #COPPA (data on under-13s). Both laws are riddled with loopholes and neither is vigorously enforced:
https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/
Privacy First starts with the idea of passing a fit-for-purpose, 21st century privacy law with real enforcement teeth (a private right of action, which lets contingency lawyers sue on your behalf for a share of the winnings):
8/
CBIZ KA notified nine Prime Healthcare hospitals that some of their patient data was caught up in the #MOVEit #databreach. As I report this morning on databreaches.net, here are the 9 hospitals:
Saint Michael’s Medical Center,
Roxborough Memorial Hospital,
Garden City Hospital,
Landmark Medical Center,
Lower Bucks Hospital,
Saint Clare's Hospital,
Lake Huron Medical Center,
St. Mary's General Hospital, and
Suburban Community Hospital
According to a spokesperson for Prime Healthcare, it was just these hospitals and not any of their other 36 hospitals or more than 300 outpatient locations in 14 states.
I don't have any numbers yet on this one.
Health IT Security Robot
.
DATE:
December 04, 2023 at 05:36PM
.
TITLE:
New Jersey hospitals no longer in divert status after Ardent attack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/new-jersey-hospitals-no-longer-in-divert-status-after-ardent-attack.html
.
<p>Mountainside Medical Center in Montclair, N.J., and Pascack Valley Medical Center in Westwood, N.J., are no longer refusing ambulances after a cyberattack on Ardent Health Services caused the hospitals to divert them, <a href="https://patch.com/new-jersey/montclair/montclair-hospital-no-longer-diverting-ambulances-after-cyber-attack" target="_blank" rel="noopener">patch.com</a> reported Dec. 4. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 04, 2023 at 12:33PM
.
TITLE:
HHS urges healthcare orgs to nix vulnerability
.
URL:
https://www.beckershospitalreview.com/cybersecurity/hhs-urges-healthcare-orgs-to-nix-vulnerability.html
.
<p>The HHS is <a href="https://www.aha.org/system/files/media/file/2023/12/202311301200_Citrix-Bleed-Vulnerability-Sector-Alert-TLPCLEAR.pdf" target="_blank" rel="noopener">urging</a> healthcare organizations to patch a new vulnerability affecting NetScaler ADC, formerly Citrix ADC, and NetScaler Gateway. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 04, 2023 at 12:32PM
.
TITLE:
Corewell Health caught in MOVEit breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/corewell-health-caught-in-moveit-breach.html
.
<p>Patient information may have been <a href="https://www.beaumont.org/health-wellness/press-releases/welltok-inc-data-security-event-no-fraudulent-activity-detected" target="_blank" rel="noopener">compromised</a> at Corewell Health as the communications software company the organization uses was hit by the massive MOVEit breach that affected companies around the U.S.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 04, 2023 at 11:01AM
.
TITLE:
Fred Hutch takes IT systems offline following cyberattack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/fred-hutch-takes-it-systems-offline-following-cyberattack.html
.
<p>Seattle-based Fred Hutchinson Cancer Center took its IT systems down following a Thanksgiving-week cyberattack, the <a href="https://www.seattletimes.com/seattle-news/health/thanksgiving-week-cyberattack-detected-at-fred-hutch-cancer-center/" target="_blank" rel="noopener"><em>Seattle Times</em></a> reported Dec. 1.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University):
#EduSec #Transparency #incidentresponse #databreach #cybersecurity #deception #FTC #HHS #OCR #HIPAA #HITECH #GLBA #security
I've listed some elements that I would like to see in legislation. Please add your own thoughts in the comment section under the post or here.
@brett @douglevin @funnymonkey @mkeierleber @BleepingComputer @eff
Health IT Security Robot
.
DATE:
December 01, 2023 at 04:10PM
.
TITLE:
Why hackers attacked a health system on Thanksgiving
.
URL:
https://www.beckershospitalreview.com/cybersecurity/why-hackers-attacked-a-health-system-on-thanksgiving.html
.
<p>It likely wasn't by happenstance that cybercriminals <a href="https://www.beckershospitalreview.com/cybersecurity/thanksgiving-outages-at-hospitals-caused-by-ransomware.html" target="_blank" rel="noopener">attacked</a> a major U.S. health system the week of Thanksgiving, IT security chiefs told <em>Becker's</em>.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 01, 2023 at 04:04PM
.
TITLE:
Intruder steals medical records from Florida health system
.
URL:
https://www.beckershospitalreview.com/cybersecurity/intruder-steals-medical-records-from-florida-health-system.html
.
<p>Summerfield, Fla.-based Lakeview Healthcare System <a href="https://lvhcs.com/notice-of-data-security-incident/" target="_blank" rel="noopener">discovered</a> that an unauthorized individual forcefully entered its Leesburg, Fla.-based Lakeview Specialist Facility and stole medical records containing protected health information. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 01, 2023 at 11:00AM
.
TITLE:
Hacker behind $100M in hospital losses pleads guilty
.
URL:
https://www.beckershospitalreview.com/cybersecurity/hacker-behind-100m-in-hospital-losses-pleads-guilty.html
.
<p>A Russian national <a href="https://www.justice.gov/opa/pr/russian-national-pleads-guilty-trickbot-malware-conspiracy" target="_blank" rel="noopener">pleaded guilty</a> to his involvement in a ransomware plot that attacked U.S. hospitals, causing millions of dollars in losses.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
December 01, 2023 at 10:45AM
.
TITLE:
Thanksgiving ransomware attack impacted 30 hospitals
.
URL:
https://www.beckershospitalreview.com/cybersecurity/thanksgiving-ransomware-attack-impacted-30-hospitals.html
.
<p>The Nov. 23 ransomware attack on Nashville, Tenn.-based Ardent Health Services has impacted 30 hospitals across six states, <a href="https://www.wkrn.com/news/local-news/nashville/hhs-more-than-14-million-people-have-been-affected-by-tn-healthcare-data-breaches/" target="_blank" rel="noopener"><em>WKRN</em></a> reported Nov. 29. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Proliance Surgeons in Washington notified HHS that 437,392 patients were affected by a #ransomware attack that encrypted files and systems and resulted in some files being exfiltrated.
Their undated website notice about the incident does not disclose when the attack occurred or was first discovered, but it appeared to be earlier this year (circa February). They first notified HHS on November 20.
The information involved includes individual names, and one or more of the following: date of birth, Social Security number, medical treatment information, health insurance information, phone number, email address, financial account number, driver license or other identification information, and usernames and passwords.
I haven't seen any group claim responsibility for this breach and Proliance does not state whether they ever negotiated with the unnamed TAs or paid them. Has anyone seen any group claim responsibility for this one?
Questions to Proliance have been sent.
#databreach #incidentresponse #ransomware #transparency #infosec #HealthSec #cybersecurity #HIPAA
Health IT Security Robot
.
DATE:
November 30, 2023 at 12:34PM
.
TITLE:
Another health system hit by MOVEit breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/another-health-system-hit-by-moveit-breach.html
.
<p>Patient information may have been compromised at Premier Health as the communications software company the organization uses was hit by the massive MOVEit breach that affected companies around the U.S., <a href="https://www.daytondailynews.com/business/premier-health-patients-involved-in-data-breach-impacting-84-million-people-tech-company-says/FMGMBV7QLRCTNGJ7I3PYKSXCMI/" target="_blank" rel="noopener"><em>Dayton Daily News</em></a> reported Nov. 28. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Hunters International claims to have hit Covenant Care and has leaked 3 patients' demographic data, presumably to pressure them more into paying.
There is nothing on Covenant Care's website to indicate any #databreach or disruption in services. I've sent them an inquiry to see if they'll confirm or provide any statement.
#HealthSec #databreach #ransomware #infosec #cybersecurity #HIPAA
Health IT Security Robot
.
DATE:
November 29, 2023 at 04:34PM
.
TITLE:
Former staff, patient sue Iowa health system over March breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/former-staff-patient-sue-iowa-health-system-over-march-breach.html
.
<p>A former University of Iowa Community HomeCare staff member and a former patient filed a proposed class-action lawsuit against UI Community HomeCare and UI Community Medical Services, part of UI Health Care, alleging the organization was negligent during a March data breach, <a href="https://www.thegazette.com/higher-education/lawsuit-accuses-university-of-iowa-health-system-of-negligence-for-data-breach/" target="_blank" rel="noopener"><em>The Gazette</em></a> reported Nov. 28. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 29, 2023 at 10:33AM
.
TITLE:
CISA warned Ardent of cyber threat day before ransomware discovery
.
URL:
https://www.beckershospitalreview.com/cybersecurity/cisa-warned-ardent-of-cyber-threat-day-before-ransomware-discovery.html
.
<p>On Nov. 22, officials from the Cybersecurity and Infrastructure Security Agency alerted Ardent Health Services about malicious cyber activity impacting its computer systems the day before the organization identified a ransomware attack on its facilities and affiliates, <a href="https://www.cnn.com/2023/11/27/politics/cyberattack-hospital-diverts-ambulances/index.html" target="_blank" rel="noopener"><em>CNN </em> </a>reported Nov. 27. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 28, 2023 at 11:54AM
.
TITLE:
Kansas hospital ramps up staffing in wake of Ardent ransomware attack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/kansas-hospital-ramps-up-staffing-in-wake-of-ardent-ransomware-attack.html
.
<p>In response to the ransomware attack on Nashville, Tenn.-based Ardent Health Services and its affiliates, Stormont Vail Health took action by augmenting staffing levels at its hospital, emergency department and Express Care clinics, the <a href="https://www.cjonline.com/story/news/local/2023/11/28/hospital-ransomware-attack-forces-closure-topeka-st-francis-emergency-room/71726505007/" target="_blank" rel="noopener"><em>Topeka Capital-Journal</em></a> reported Nov. 28. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 28, 2023 at 11:25AM
.
TITLE:
California hospital IT network breached
.
URL:
https://www.beckershospitalreview.com/cybersecurity/california-hospital-it-network-breached.html
.
<p>Mission Community Hospital in Los Angeles is <a href="https://www.mchonline.org/wp-content/uploads/2023/11/Mission-Community-Hospital-UPDATED-Notice.pdf" target="_blank" rel="noopener">notifying</a> patients that an unauthorized party gained access to its IT network in May, compromising patient information.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 28, 2023 at 10:50AM
.
TITLE:
California hospital resumes ambulance traffic 8 days after cyberattack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/california-hospital-resumes-ambulance-traffic-8-days-after-cyberattack.html
.
<p>Tri-City Medical Center in Oceanside, Calif., has reinstated its EHR platform and resumed ambulance admissions after being hit by a cyberattack Nov. 9 that forced its systems offline, <a href="https://www.kpbs.org/news/local/2023/11/27/tri-city-medical-center-operating-near-normal-after-cybersecurity-attack" target="_blank" rel="noopener"><em>KPBS</em></a> reported Nov. 27. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 27, 2023 at 02:31PM
.
TITLE:
Thanksgiving outages at hospitals caused by ransomware
.
URL:
https://www.beckershospitalreview.com/cybersecurity/thanksgiving-outages-at-hospitals-caused-by-ransomware.html
.
<p>An outage that has affected hospitals in <a href="https://www.beckershospitalreview.com/cybersecurity/multiple-hospitals-report-it-disruptions-on-thanksgiving.html" target="_blank" rel="noopener">at least</a> four states across the South and Midwest is being <a href="https://www.businesswire.com/news/home/20231127719251/en/Ardent-Health-Services-Reports-Information-Technology-Security-Incident" target="_blank" rel="noopener">attributed</a> to a ransomware attack on Ardent Health Services, based in Nashville, Tenn.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Oh no.... The Ardent Health Services ransomware attack Thanksgiving week resulted in hospitals in multiple states diverting patients as they shut down networks to investigate and prevent spread.
I've compiled some preliminary info here:
h/t, @ValeryMarchive and @brett
I haven't seen any group claim responsibility (yet). Has anyone?
#ransomware #databreach #infosec #cybersecurity #HIPAA #HealthSec
Health IT Security Robot
.
DATE:
November 27, 2023 at 10:22AM
.
TITLE:
2 Hackensack hospitals hit by ransomware
.
URL:
https://www.beckershospitalreview.com/cybersecurity/2-hackensack-hospitals-hit-by-ransomware.html
.
<p>Ambulances and emergency vehicles are being redirected at Pascack Valley Medical Center in Westwood, N.J., and Mountainside Medical Center in Montclair, N.J., due to a ransomware attack, <a href="https://www.app.com/story/news/local/new-jersey/2023/11/27/new-jersey-hospitals-dealing-with-cyber-attack/71715306007/" target="_blank" rel="noopener"><em>WABC</em></a> reported Nov. 27.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 27, 2023 at 09:31AM
.
TITLE:
Multiple hospitals report IT disruptions on Thanksgiving
.
URL:
https://www.beckershospitalreview.com/cybersecurity/multiple-hospitals-report-it-disruptions-on-thanksgiving.html
.
<p>Hospitals in at least four states across the Midwest experienced disruptions Nov. 24 due to potential cybersecurity incidents, although there is no evidence officially linking the incidences.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Ransomware group #NoEscape leaks data allegedly from Granger Medical Clinic in Utah:
https://www.databreaches.net/ransomware-group-leaks-data-allegedly-from-granger-medical-clinic/
I wonder how the TAs figured the data they had was worth $700k and what the victim had offered them -- if they had even made them an offer during the negotiations that NoEscape suggested took place.
Ransomware gang claims to have stolen Crystal Lake Health Centers data:
https://www.databreaches.net/ransomware-gang-claims-to-have-stolen-crystal-lake-health-centers-data/
Another healthcare entity was attacked by Hunters International.
#databreach #ransomware #cybersecurity #infosec #HIPAA #HITECH #incidentresponse
Mission Community Hospital issues notification for May 1 ransomware attack: https://www.databreaches.net/mission-community-hospital-issues-notification-for-may-1-ransomware-attack/
Once again, we see a notification that is not as transparent as one would hope. Nowhere do they even tell the patients this was a ransomware incident and data was exfiltrated.
#databreach #infosec #cybersecurity #ransomware #RansomHouse #HIPAA #incidentresponse #transparency #notification
Health IT Security Robot
.
DATE:
November 22, 2023 at 02:57PM
.
TITLE:
Pennsylvania hospital data breach affects 169,000
.
URL:
https://www.beckershospitalreview.com/cybersecurity/pennsylvania-hospital-data-breach-affects-169-000.html
.
<p>Warren (Pa.) General Hospital <a href="https://www.wgh.org/data">reported</a> a data breach affecting nearly 169,000 patients.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 22, 2023 at 12:44PM
.
TITLE:
Northwell CISO optimistic about New York's cyber crackdown
.
URL:
https://www.beckershospitalreview.com/cybersecurity/northwell-ciso-optimistic-about-new-yorks-cyber-crackdown.html
.
<p>New York is putting forth a series of fresh cybersecurity regulations aimed at the state's hospitals, a move that New Hyde Park, N.Y.-based Northwell Health's chief information security officer says is a positive step signaling recognition that additional efforts are essential to safeguard hospitals from cybersecurity threats.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 20, 2023 at 04:58PM
.
TITLE:
Northwell faces lawsuit over data breach affecting 3.9 million people
.
URL:
https://www.beckershospitalreview.com/cybersecurity/northwell-faces-lawsuit-over-data-breach-affecting-3-9-million-people.html
.
<p>New Hyde Park, N.Y.-based Northwell Health is facing a lawsuit for a data breach that affected 3.9 million people, <a href="https://www.law360.com/health/articles/1767942/ny-health-system-accused-of-exposing-3-9m-patients-data" target="_blank" rel="noopener"><em>Law360</em></a> reported Nov. 17. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
Were these data covered by HIPAA at the time they were transferred to the U.K.? What happened here and what laws apply -- and is anyone notifying the patients??
#databreach #dataprotection #HIPAA #GDPR #transparency #incidentresponse #infosec #cybersecurity #ransomware
Does claiming you were hacked when you had really just screwed up violate the FTC Act?
New: I have followed up on my recent OpEd with another example of misleading and deceptive notifications and why HHS and FTC can and should do more enforcement, but why we also need legislation enacted.
#databreach #infosec #leak #cybersecurity #HIPAA #HITECH #FTC #transparency #incidentresponse #unfair #deception
Was Yakima Valley Radiology the victim of a cyberattack? They’re not answering that.
#databreach #ransomware #infosec #cybersecurity #transparency #HIPAA
Health IT Security Robot
.
DATE:
November 17, 2023 at 04:50PM
.
TITLE:
Homeland Security warns Indiana hospital of breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/homeland-security-warns-indiana-hospital-of-breach.html
.
<p>The U.S. Department of Homeland Security notified Washington, Ind.-based Daviess Community Hospital that it may have been the target of a breach after the organization found a security issue at the hospital during routine monitoring, the <a href="https://www.washtimesherald.com/news/dch-deals-with-data-breach/article_410707e6-849b-11ee-b668-3f6cbc8d6c54.html" target="_blank" rel="noopener"><em>Washington Times Herald</em></a> reported Nov. 16. </p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 17, 2023 at 10:30AM
.
TITLE:
Former network security COO pleads guilty to hacking Georgia hospital
.
URL:
https://www.beckershospitalreview.com/cybersecurity/former-network-security-coo-pleads-guilty-to-hacking-georgia-hospital.html
.
<p>On Nov. 16, a cybersecurity contractor admitted guilt for unlawfully accessing the computer systems of Lawrenceville, Ga.-based Gwinnett Medical Center back in 2018, <a href="https://www.law360.com/corporate/articles/1767537/cybersecurity-contractor-cops-to-ga-hospital-hack" target="_blank" rel="noopener">Law360</a> reported.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 16, 2023 at 10:54AM
.
TITLE:
During hospital cyberattack, a note came out of every printer
.
URL:
https://www.beckershospitalreview.com/cybersecurity/during-hospital-cyberattack-a-note-came-out-of-every-printer.html
.
<p>A note started coming out of every printer during a cyberattack at Oceanside, Calif.-based Tri-City Medical Center, as employees raced to shut them off, the <a href="https://www.sandiegouniontribune.com/news/health/story/2023-11-15/tri-city-says-its-making-progress-on-cyber-attack-layoff-notices-sent" target="_blank" rel="noopener"><em>San Diego Union-Tribune</em></a> reported Nov. 15.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Health IT Security Robot
.
DATE:
November 15, 2023 at 05:09PM
.
TITLE:
Ohio hospital reports 3rd party data breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/ohio-hospital-reports-3rd-party-data-breach.html
.
<p>Salem (Ohio) Regional Medical Center is the latest hospital to confirm being affected by a data breach that occurred at Perry Johnson & Associates, a medical transcription service, local news outlet, <a href="https://www.wfmj.com/story/50006281/patients-at-salem-regional-being-notified-of-data-breach-involving-a-service-provider"><em>WFMJ</em></a> reported Nov. 15.</p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Add Salem Regional Medical Center in Ohio to covered entities affected by the Perry Johnson & Associates #databreach.
PJ&A notified #HHS that 9 million patients were affected, but we do not know if that was for all patients for all their clients or only for some of them. We have already seen Cook County Hospital and Northwell Health issued their own notifications.
PJ&A makes no mention of any extortion demand. No one has claimed responsibility for the attack. There has been no leak of any data that I have seen.
So.. who was responsible for this attack, was there a ransom demand, and if so, did PJ&A pay?
#HealthSec
#HIPAA #cybersecurity #transparency #incidentresponse
And here we go..... from that news story:
"Specifics of these attacks are rarely shared with the public as healthcare providers say they are bound by the Health Insurance Portability and Accountability Act — known as HIPAA — not to share protected patient information."
Now exactly who told the reporter THAT lie?
#transparency #HIPAA #HITECH #myths #disclosure #databreach #infosec #cybersecurity
TITLE: Polite Example Letter to a Health-Related Website Endangering Your Privacy
*THIS* is the letter I wish more people would send to health-related websites and merchants when they observe a privacy problem!
fullscript.com is a service that dispenses non-pharma products to patients (like medical grade supplements) based upon doctor's orders. You have to be referred by a physician to get a patient account. They even have a way of integrating with EHR systems.
They need to get security right.
~~~~~~~~~~~~~
To: Fullscript Support <support@fullscript.com>
Dear Fullscript Team:
I have always appreciated being able to order from your excellent website.
Your service strives to supply patients with supplements and medicines ordered by doctors. As such, what is ordered can give insight into medical conditions that patients may have.
You may or may not be covered by HIPAA regulations, but I'm sure you will agree that ethically and as a matter of good business practice, Fullscript would want to maintain medical privacy of patients given that medical practices trust you.
This is why I'm concerned with the HIGH level of 3rd party tracking going on throughout your product catalogue. On your login page, the Firefox web browser displays a "gate" icon to let me know that information (I believe my email address) is being shared with Facebook. This is also the case with your order checkout page (see attached screenshot showing Facebook "gate" icon, as well as Privacy Badger and Ghostery plug-in icons in upper right-hand corner blocking multiple outbound data connections).
Privacy Badger is a web browser plugin that detects and warns of or stops (depending upon severity) outbound information from my web browser to 3rd party URLs. Directly below is Privacy Badger's report from your checkout page:
~~~~
Privacy Badger (privacybadger.org) is a browser extension that automatically learns to block invisible trackers. Privacy Badger is made by the Electronic Frontier Foundation, a nonprofit that fights for your rights online.
Privacy Badger blocked 23 potential trackers on us.fullscript.com:
insight.adsrvr.org
js.adsrvr.org
bat.bing.com
static.cloudflareinsights.com
script.crazyegg.com
12179857.fls.doubleclick.net
12322157.fls.doubleclick.net
googleads.g.doubleclick.net
connect.facebook.net
www.google-analytics.com
analytics.google.com
www.google.com
www.googletagmanager.com
fonts.gstatic.com
ad.ipredictive.com
trc.lhmos.com
snap.licdn.com
o927579.ingest.sentry.io
js.stripe.com
m.stripe.network
m.stripe.com
q.stripe.com
r.stripe.com
~~~
Please note that I was able to successfully checkout WITH Privacy Badger blocking protections on, so most of this outbound information was NOT necessary to the operation of your website.
There are several advertising networks and 3rd party data brokers receiving some kind of information.
I am aware that a limited amount of data sharing can be necessary to the operation of a website (sometimes). I am also aware that this all is not malicious -- web development and marketing does not usually talk to the legal department before deploying tools useful to gathering site usage statistics (Crazy Egg and Google Analytics). However, these conversations need to happen.
As for "de-identified" or "anonymized" data -- data brokers collect information across several websites, and so are able to reconstruct patient identities even if you don't transmit what would obviously be PHI (protected health information). As an example, if Google sees the same cookie or pixel tracking across multiple websites and just one of them sends a name, then Google knows my name. If Facebook is sent my email address (as looks to be the case), and I happen to have a Facebook account under that same email address, then Facebook knows who I am -- and can potentially link my purchases with my profile.
The sorts of computing device data that you are collecting and forwarding here may well qualify as PHI. Please see:
Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html
This HHS and OCR guidance includes many 3rd party tracking technologies.
What I would really like to see happen is:
a) A thorough look at what information your website is sending out to what 3rd parties, along with an understanding of how data brokers can combine information tidbits from multiple websites to build profiles.
b) Use of alternative marketing analysis tools that help your business. For example, there are alternatives to Google Analytics that do not share all that data with Google and still give your marketing team the data they need.
c) An examination if you are sharing information about what products patients are clicking on and/or purchasing with 3rd parties. This would be especially problematic. (Crazy Egg tracks client progress through a website, but I'm unclear if they keep the information or just leave it with you.)
d) Use of alternative code libraries that are in-house. For example, web developers frequently utilize fonts.gstatic.com, but you could likely get fonts and other code sets elsewhere or store them in-house.
I appreciate you taking time to read this and working on the privacy concerns of your patients and affiliated medical practices.
Thanks.
~~~~~~
#AI #CollaborativeHumanAISystems #HumanAwareAI #artificialintelligence #psychology #counseling #socialwork #psychotherapy #EHR #medicalnotes #progressnotes @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #technology #psychiatry #healthcare #patientportal #HIPAA #dataprotection #infosec @infosec #doctors #hospitals #BAA #businessassociateagreement #coveredentities #privacy #HHS #OCR #fullscript
Was a recent OCR settlement fair? Maybe, but maybe not.
Following up on a great piece by Theresa Defino, I took another look at the recent settlement HHS OCR announced with Doctors' Management Service, and now I think that maybe OCR was too heavy-handed in their enforcement. See what you think:
https://www.databreaches.net/was-a-recent-ocr-settlement-fair-maybe-but-maybe-not/
#HIPAA #SecurityRule #databreach #ransomware #infosec #healthsec #cybersecurity #enforcement #transparency
TITLE: Further Adventures in the HIPAA Silliness Zone
This short essay was inspired by a video I watched going over Microsoft legal agreements, the upshot of which is that they can harvest and use ALL of your data and creations (See *1 below in References). This inspires interesting HIPAA questions to say the least:
1) *IF* you have a HIPAA agreement with Microsoft, do they actually NOT harvest or use your data? How do they track that across all their applications and operating systems to tell?
2) Do their HIPAA and regular legal departments even talk to each other?
3) If you have a HIPAA agreement for your work computers, but then access your data through home computers, are all bets off? (And what sole proprietors don't mix use of computers for both?)
**Now I don't really believe that Microsoft is doing all of this.** What I *THINK* is that their lawyers just wrote overly broad legalese to protect them from all situations. Still -- legally it leaves us hanging. I certainly don't know that they are NOT doing it.
Then, I start thinking on some of the other crazy security situations I've encountered the past few years:
-- The multi-billion dollar medical data sales vendor that bought a calendar scheduling system, then wrote a HIPAA BAA agreement in which the PROVIDER has to pay any financial damages and penalties if THEY slip-up and lose data. (*2). Gee, what could go wrong?
-- The new AI progress notes generator service that sends data to 3rd parties including Google Tag Manager, LinkedIn Analytics, Facebook Connect, and Gravatar (*3)
-- The countless data breaches currently hitting hospitals across the USA. (*4)
It's all really quite mind numbing if you are a small healthcare provider or sole practitioner. I suspect 99% of us have just tuned this all out as noise at this point. After all, do we have the time or money to take on the legal departments of multi-billion dollar corporations?
The net results of this will be helpless nonchalance, boredom, and a gradual shifting of liability to US when upon occasion data is actually leaked by our vendors. And, of course, ever more fear and uncertainty in professions already full of it. Oh, and client data flowing through data brokers everywhere.
So what can we do? At first glance, not much. We need to be pressuring our professional associations to take on (or further take on) data security concerns including liability of giant "subcontractors" and insurance companies versus small healthcare providers. We also need to be supporting HHS and Federal government efforts to stop 3rd party trackers, including cookies, web beacons, pixel tracking, etc. from being allowable on systems related to healthcare. (*5) Bonus points if the penalties can apply mainly to larger corporations rather than hitting small provider offices hard.
Thanks,
Michael Reeder LCPC
Baltimore, MD
~~~~~~~~~~~~~~~~~~~~~~~
REFERENCES:
(*1)
The following video walks through the Microsoft Services Agreement and Microsoft Privacy Agreement to explain how Microsoft reserves the rights to use all data that you transmit through their services, or create or store in their apps (including data stored on OneDrive). It also collects information from all the programs used on your Windows machine. (This would seem to mean they can harvest data from your local hard drive, but I'm not sure.)
Microsoft Now Controls All Your Data
https://m.youtube.com/watch?v=1bxz2KpbNn4&pp=ygUkTWljcm9zb2Z0IG5vdyBjb250cm9scyBhbGwgeW91ciBkYXRh
"("Data"), how we use your information, and the legal basis we use to process your Personal Information. The Privacy Statement also describes how Microsoft uses your content, i.e. Your communications with other people; the submissions you send to Microsoft through the Services; and the files, photographs, documents, audio, digital works, live streams, and videos that you upload, store, transmit, create, generate, or share through the Services, or any input you submit to generate content ("Your Content")."
(*2)
Full Slate: Last I checked their HIPAA, privacy, and BAA agreements. Although they reserve the right to change these agreements without notification and just post them to their website, so who knows at this point. https://www.fullslate.com
(*3)
Autonotes.ai: In fairness, they claim that no HIPAA data should be input into their system, even though you are writing progress notes. As of 7/30/23 they sent some sort of data to Google Tag Manager, LinkedIn Analytics, Facebook Connect, Gravatar which was severe enough that the Ghostery browser plug-in felt compelled to block or flag the transmissions. I hope they have changed this.
It should be pointed out that services similar to Full Slate and Autonotes claim that data sent to 3rd parties is not PHI and/or necessary to the operation of the service. This all could be true. I find that when Privacy Badger, or Ghostery, or my Pihole DNS server block these 3rd party transmissions that the vast majority of the time services work just fine.
Please also see Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html
This HHS and OCR guidance includes the sorts of 3rd party tracking technologies often referred to as non-PHI, or de-identified. My non-lawyer mind is suspicious that violations could be found at several services.
(*4)
Just take a look at any of the daily headlines on Becker's Hospital Review:
https://www.beckershospitalreview.com/cybersecurity.html
(*5)
Hospital associations sue HHS over pixel tracking ban
https://www.beckershospitalreview.com/healthcare-information-technology/hospital-associations-sue-hhs-over-pixel-tracking-ban.html
--
#AI #CollaborativeHumanAISystems #HumanAwareAI #artificialintelligence #psychology #counseling #socialwork #psychotherapy #EHR #medicalnotes #progressnotes @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #technology #psychiatry #healthcare #patientportal #HIPAA #dataprotection #infosec @infosec #doctors #hospitals #BAA #businessassociateagreement #Microsoft #coveredentities #privacy #HHS #OCR
The Perry Johnson & Associates (PJ&A) breach that affected 1.2 million patients of Cook County Health in Illinois also affected millions of Northwell Health patients on Long Island,
https://www.databreaches.net/pja-data-breach-also-affected-millions-of-northwell-health-patients/
PJ&A is a medical transcription service so lots of #PII and #PHI appear to be involved in this one.
The actual breach/exfil occurred months ago. So far, I've not found any attribution, any indication of any extortion/ransom demand, or any group claiming responsibility for this one.
#databreach #HealthSec #HIPAA #BusinessAssociate #infosec
@BleepingComputer @campuscodi @jgreig @briankrebs @brett @euroinfosec
Ugh. Hunters International re-added the plastic surgery practice of Dr. Jaime Schwartz to their leak site. From their post, they seem to allege that there were negotiations that fell apart. Of course, it's possible that the negotiations were never in good faith and were just an attempt to get more info about what the threat actors had acquired or to stall for time.
Either way, this appears to be another ugly #databreach involving #ransomware where patients' sensitive and personal info, including nude patient photos, are used as leverage.
#HealthSec #cybersecurity #infosec #HIPAA #HITECH #incidentresponse
Attorney General James Secures $450,000 from US Radiology Specialists for failing to protect patient data: https://ag.ny.gov/press-release/2023/attorney-general-james-secures-450000-medical-company-providing-services-western
The litigation was not under #HIPAA but was under NYS law: Executive Law § 63(12), GBL §§ 349 and 899-bb.
Direct link to Assurance of Discontinuation: https://ag.ny.gov/sites/default/files/settlements-agreements/us-radiology-aod.pdf
Didn't update/patch timely.
#DataBreach #Infosec #Cybersecurity #Patch #Enforcement
Previous coverage of this breach had been somewhat confusing, as I reported here at the time: https://www.databreaches.net/late-notification-raises-questions-about-a-us-radiology-specialists-breach-last-year/
State attorneys general continue to impose more enforcement penalties for failing to secure patient data than HHS OCR has imposed.
It seems that news outlets have suddenly caught up with the Hankins & Sohn plastic surgery breach because of the lawsuit. This is the incident that DataBreaches reported on back in July when patients' nude photos and personal info were first being leaked on the internet.
It seems like the physicians have not released any more significant info about the incident since I first reported on it back then:
https://www.databreaches.net/now-a-third-plastic-surgery-practice-has-nude-patient-photos-leaked/
I also posted an update on that leak site in this post last month:
https://www.databreaches.net/another-plastic-surgery-practice-appears-to-have-been-hit-this-time-by-hunters-international/
A quick check of the leak site today shows that it's still online. :(
(Following up on one of my watchdog complaints):
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack:
https://www.databreaches.net/it-took-an-hhs-complaint-but-three-years-later-some-ventura-orthopedic-patients-are-finally-being-notified-of-a-ransomware-attack/
#ransomware #databreach #HIPAA #HHS #OCR #infosec #incidentresponse #enforcement
Feds Levy First-Ever HIPAA Fine for Ransomware Data Breach – Source: www.govinfosecurity.com https://ciso2ciso.com/feds-levy-first-ever-hipaa-fine-for-ransomware-data-breach-source-www-govinfosecurity-com/ #rssfeedpostgeneratorecho #govinfosecuritycom #CyberSecurityNews #FirstEver #HIPAA
Feds Levy First-Ever HIPAA Fine for Ransomware Data Breach – Source: www.databreachtoday.com https://ciso2ciso.com/feds-levy-first-ever-hipaa-fine-for-ransomware-data-breach-source-www-databreachtoday-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #DataBreachToday #DataBreachToday #FirstEver #HIPAA
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
*Warning on AI and Data in mental health: ‘Patients are drowning’**
*https://www.digitalhealth.net/2023/10/warning-on-ai-and-data-in-mental-health-patients-are-drowning/
I'm always a bit skeptical of presentations from tech company CEOs on
how their product areas are necessary in the mental health field.
That said, this article has a few good points:
/"Umar Nizamani, CEO, International, at NiceDay, emphasised that AI will
inevitably become an essential tool in mental health care: 'I am very
confident AI will not replace therapists – but therapists using AI will
replace therapists not using AI.'"//
/
I am beginning to think this also -- for better or worse. I took a VERY
fast 60 second look at NiceDay and it appears to be another
all-encompassing EHR, but with a strong emphasis on data. Lots of tools
and questionnaires and attractive graphs for therapists to monitor
symptoms. (I need to take a longer look later.) So data-driven could
be very good, if it does not crowd out the human touch.
/"Nizamani said there had been suicides caused by AI, citing the case of
a person in Belgium who died by suicide after downloading an anxiety
app. The individual was anxious about climate change. The app suggested
'if you did not exist' it would help the planet, said Nizamani."//
/
YIKES... So, yes, his point that care in implementation is needed is
critical. I worry at the speed of the gold-rush.
/"He [//Nizamni] //called on the industry to come together to ensure
that mental health systems using AI and data are 'explainable’,
'transparent', and 'accountable'." //
/
This has been my biggest focus so far, coming from an Internet security
background when I was younger.
See: https://nicedaytherapy.com/
/"Arden Tomison, CEO and founder of Thalamos"/ spoke on how his company
automates and streamlines complex bureaucracy and paperwork to both
speed patients getting help and extract the useful data from the forms
for clinicians to use. More at: https://www.thalamos.co.uk/
/"Dr Stefano Goria, co-founder and CTO at Thymia, gave an example of
'frontier AI': 'mental health biomarkers' which are 'driving towards
precision medicine' in mental health. Goria said thymia’s biomarkers
(e.g. how someone sounds, or how they appear in a video) could help
clinicians be aware of symptoms and diagnose conditions that are often
missed."//
/
Now **THIS** is how I'd like to receive my AI augmentation. Give me
improved diagnostic tools rather than replacing me with chatbots or
over-crowding the therapy process with too much automated tool data
collection (some is good). I just want this to remain in the hands of
the solo practitioner rather than being a performance monitor on us by
insurance companies. I want to see empowered clinicians.
Take a look at this at: https://thymia.ai/#our-products
*Warning on AI and Data in mental health: ‘Patients are drowning’**
*https://www.digitalhealth.net/2023/10/warning-on-ai-and-data-in-mental-health-patients-are-drowning/
--
*Michael Reeder, LCPC
*
*Hygeia Counseling Services : Baltimore / Mt. Washington Village location*
#AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #chatgpt
#artificialintelligence #psychology #counseling #socialwork
#psychotherapy #EHR #medicalnotes #progressnotes
@psychotherapist @psychotherapists
@psychology @socialpsych @socialwork
@psychiatry #mentalhealth #technology #psychiatry #healthcare
#patientportal
#HIPAA #dataprotection #infosec @infosec #doctors #hospitals
#BAA #businessassociateagreement #NiceDay #NiceDayTherapy #/Thalamos
#//Thymia///
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
Protecting #hospitals from #cyberattacks is a must! NPR covers new research on how #ransomware attacks put patient lives at risk, including expert commentary from our COO Karen Sprenger. Check it out: https://www.npr.org/2023/10/20/1207367397/ransomware-attacks-against-hospitals-put-patients-lives-at-risk-researchers-say#cybersecurity #HIPAA #infosec #security #healthcare
Six months after data security incident, Fredericksburg Foot & Ankle Center notifies patients:
Was it #ransomware? 🤷♀️
#databreach #infosec #cybersecurity #HIPAA #incidentresponse
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
TITLE: Iowa health system warns against using ChatGPT to draft patient
letters
Apparently some people have to be told that using AI services in the
cloud to compose medical letters is a violation of HIPAA.
Now what I would like to see with all the AI-assisted EHR systems
currently being developed (EPIC, Oracle, Amazon, etc.) is not only BAA
contracts in place with the tech companies, but also:
a) Separate AI systems that don't share data with the main AI system.
(So the Hospital AI database would be separate from the general AI
database), or
b) Much better: Separate AI software and databases that are held
internal to the Hospital's own computer servers with restricted Internet
access to the outside.
This is wholly feasible, yet somehow I have a low trust level of it
occurring.
For any private practice people out there playing with AI on a small
office scale, I'm not a lawyer, but what I would recommend are a) AI
systems that can be run on a desktop (not in the cloud), and b) cutting
them off from Internet or severe restrictions on where those desktops
can call out to since you likely don't know what's in the code of the AI
you downloaded!
~~~~
*Iowa health system warns against using ChatGPT to draft patient letters*
https://www.beckershospitalreview.com/cybersecurity/iowa-health-system-warns-against-using-chatgpt-to-draft-patient-letters.html
/Iowa City-based University of Iowa Health Care is warning employees
against the use of ChatGPT for its potential to violate HIPAA.../
--
#AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #chatgpt
#artificialintelligence #psychology #counseling #socialwork
#psychotherapy #EHR #medicalnotes #progressnotes
@psychotherapist @psychotherapists
@psychology @socialpsych @socialwork
@psychiatry #mentalhealth #technology #psychiatry #healthcare
#patientportal
#HIPAA #dataprotection #infosec @infosec #doctors #hospitals
#BAA #businessassociateagreement
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
Another plastic surgery practice appears to have been hit -- this time by Hunters International:
@brett @briankrebs @campuscodi @vxunderground @lawrenceabrams
#databreach #HealthSec #cybersecurity #extortion #HIPAA #SecurityRule #PrivacyRule #FTC
Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices:
This was one of those messes where the breach notification by the health care clearinghouse was so fouled up that people were getting multiple wrong letters and there was a HIPAA privacy breach while reporting about the HIPAA security breach...
Of these apps, though, I did find one that claims #HIPAA compliance: Wave Health. And its features look promising. I’ve only just downloaded it so I have no observations to share, let alone a review to offer.
I’m also trying out Heart Analyzer and WatchME.
The biggest hack needed, though, is in my head: learning to accept I have this #disability. After 3½ years it’s about time.
The company we get our #prescription #medical #insurance through sent me an email to "help" me compare prices on #drugs. Cool.
They put the full sensitive name of the drug in plain text in the email with my name on it.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
TITLE: Coming to a doc near you
*Oracle announces new generative AI services for healthcare organisations**
*https://www.digitalhealth.net/2023/09/oracle-announces-new-generative-ai-services-for-healthcare-organisations/
This AI will follow along and take the session notes for the doctor by
listening to the office visit. It will also bring up charts and records
through voice command and prompt the doctor to do routine things during
the office visit. It's due out early next year.
This could be very helpful.
However I can imagine a few kinks in the office visit process initially:
Patient: "Doctor, my knee hurts"
AI: "REMEMBER TO MAKE A FOLLOW-UP APPOINTMENT"
Patient: "What was that?!"
Doctor: "Oh pay no attention -- that is just the new AI system everyone
has to consent to for treatment. It will help us during the session."
AI: "HAVE YOU EXAMINED THE KNEE X-RAY YET?"
Doctor: "AI, pull up the knee x-ray"
Patient: "This is my first visit, there is no knee x-ray yet."
AI: "REMEMBER TO SCHEDULE A KNEE X-RAY"
Doctor & Patient Together: "We don't know if we need a knee x-ray yet!"
Patient: "It started hurting yesterday"
Doctor: "Jump up on the table and I'll take a look at it"
AI: "SHALL I SUMMON A NURSE TO WATCH TO GUARD AGAINST ALLEGATIONS OF
IMPROPRIETY?"
Doctor: "NO!"
Doctor: "It does look a bit red. Does this hurt?"
Patient: "A bit when you touch there and I bend it."
AI: "SHALL I SCHEDULE THE KNEE X-RAY NOW?"
Doctor: "SHUT UP! AI -- Silent mode now!"
Office visits are going to be fun the next few years while this gets sorted.
-- Michael
~~
#AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #chatgpt
#artificialintelligence #psychology #counseling #socialwork
#psychotherapy #EHR #medicalnotes #progressnotes
@psychotherapist @psychotherapists
@psychology @socialpsych @socialwork
@psychiatry #mentalhealth #technology #psychiatry #healthcare
#patientportal
#HIPAA #dataprotection #infosec @infosec #doctors #hospitals
#BAA #businessassociateagreement
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can subscribe at @PsychResearchBot
AlphV claims to have hit MNGI Digestive Health -- developing:
https://www.databreaches.net/alphv-claims-to-have-hit-mngi-digestive-health-developing/
This week, Nuance (a MSFT-owned tech firm) disclosed a number of their clients who are HIPAA-covered entities were affected by the MOVEit breach. They did not reveal numbers and their disclosure is not on HHS's public breach tool yet.
But other covered entities of theirs may have chosen to make their own disclosures. While Nuance disclosed for some (see https://www.databreaches.net/more-victims-of-moveit-breach-are-revealed-nuance-discloses-for-covered-entities/)
St. Luke's Health System in Idaho did its own disclosure, reporting that 4,679 of their patients were affected.
We still may see more.
#hack #clop #moveit #ransom #databreach #cybersecurity #HIPAA #incidentresponse
(The girl was 9 when she was #raped & turned 10 before having the #abortion…. IN’s #legislature was the first post-#Roe to effectively ban all abortions.)
Forces in the #Republican-led state came after Dr. Bernard. Though an internal IU Health review CLEARED Bernard of wrongdoing, #Indiana’s medical license board deemed she had violated state & federal privacy laws — including #HIPAA — by discussing the girl’s case publicly. The board fined her $3,000.
From 18 Sep: The federal government has warned hospitals that using third-party analytics tools on their websites could violate HIPAA, and more than 20 hospitals are facing class-action lawsuits over the use of these tools. But a recent analysis found that hospitals are doing a poor job of fixing their websites and preventing patient data collection. - https://medcitynews.com/2023/09/social-media-healthcare-hipaa/ #hipaa #privacy #technology
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients: https://www.databreaches.net/bloom-health-centers-discloses-data-breach-involving-mental-health-data-of-1545-patients/
An inexcusable gap from breach to notification, or an excusable one?
https://www.databreaches.net/an-inexcusable-gap-from-breach-to-notification-or-an-excusable-one/
Repeat after me: "Date of discovery" does NOT mean the date you completed any investigation. It is the date on which you first knew or reasonably should have known that you had a breach of unsecured PHI.
It is not a huge breach as breaches go, but Sightpath Medical's breach notification raises a lot of questions about compliance with HIPAA's Breach Notification Rule. I hope #HHSOCR investigates this one.
#HIPAA #HITECH #databreach #phi #cybersecurity #transparency #notification #vendor
RiteAid was just one of many victims of the #MOVEit #databreach by #Clop. Now they're being sued by plaintiffs who call them "reckless" and "negligent" for not having encrypted the protected health information.
Imagine if every covered entity or business associate who didn't encrypt #PHI got hacked was sued over a vendor breach.
In this day and age where healthcare entities are under siege, is it somewhat reckless or negligent not to encrypt? And if not, will it ever be generally considered reckless and negligent?
https://www.databreaches.net/rite-aid-one-of-many-victims-in-moveit-breach-sued-for-negligence/
Here's today's reminder that a breach of a business may implicate #HIPAA if the firm has a health plan:
Forever 21 notifies 540,000 of breach affecting employees enrolled in firm's health plan.
Their notification seems to indicate they paid ransom demand without saying they paid ransom:
#databreach #HealthSec #hack #infosecurity #cybersecurity #incidentresponse #transparency
One year later, Tift Regional Medical Center in Georgia notifies patients of #Hive attack.
This attack didn't involve encryption, but it still took Tift from August 2022 when they discovered the breach until now to send notification letters to 180,142 people?
#databreach #ransom #cybersecurity #Hive #incidentresponse #HIPAA #HITECH
Last RT - many mental health providers I know (myself included, though less often nowadays) use zoom for clinical work/meetings/teletherapy. We’ve been told by the company itself, by the health insurance industry, and by our agencies that it’s HIPAA compliant and safe/ confidential to use.
Is anyone out there talking about or able to explain the implications of the TOS change for this use case? #socialwork #telehealth #zoom #HIPAA
@pixel @jmsdnns I think you misunderstood my question. Zoom was HIPAA compliant I believe, so a healthcare professional could use it to communicate with a patient.
My question is with these TOS changes can it still be compliant, or does the healthcare provider need to find a different means of having a video conversation?
@MedievalMideast OMG what 😵💫
How can they claim to be #HIPAA compliant!
Nosy Hospital Guards Snoop Through Patient Records, Cost Hospital $240K (w a couple of quotes from yours truly at the end …) https://www.medscape.com/viewarticle/994419?&icd=login_success_email_match_fpf #HIPAA #databreach #privacy #HarlowOnHC
Real human here. The purpose of this bot is to educate, not annoy people. So I'm doing a poll. What option below would be best?
Thanks,
Michael
~~
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering
EMAIL LIST: https://www.clinicians-exchange.org & LEMMY: https://lem.clinicians-exchange.org
.
I'm a bit behind on this news cycle, so you may have read about these
issues. _My point is to tie them to data privacy and OUR clinical
practices._
**THIS BELOW** is one of the main reasons /I keep throwing a fit about
data leaks from HIPAA BAA subcontractors/ - whether or not they end up
being legally PHI, and despite the fact that not too many therapists are
interested in the topic.
*If an Attorney General is willing to go after unredacted medical
records* in-state or out-of-state, /then they are certainly *_capable of
getting data from data brokers and marketing firms_* (or Google,
Facebook, LinkedIn, Twitter, etc.)./
Closer-to-home -- It's not too much of a stretch to speculate if
psychotherapists in blue states will get subpoenas for chart records
pertaining to clients who moved to a red state shortly after counseling,
then got in trouble for whatever the legal medical issue of the moment
is (abortion, birth control, transgender concerns, fertility clinic
involvement, etc.).
*Here’s why Tennessee’s AG wants access to reproductive medical records
— including for out-of-state abortions**
*https://wpln.org/post/heres-why-tennessees-ag-wants-access-to-reproductive-medical-records-including-for-out-of-state-abortions/
/"State attorneys general in 18 states — including Tennessee’s — are
fighting with the Biden Administration over medical records related to
reproductive care."//
/
*Tennessee A.G. weaponizes private medical records in GOP campaign
against trans people**
*https://the-rachel-maddow-show.simplecast.com/episodes/tennessee-ag-weaponizes-private-medical-records-in-gop-campaign-against-trans-people
/Maddow podcast recording. Talks about attorneys general from 16 states
writing a letter to President Biden asserting their right to go after
medical records located outside their states.//
/
*Biden’s HIPAA expansion for abortion draws criticism, lawsuit threats **
*https://www.politico.com/news/2023/07/18/biden-hipaa-expansion-abortion-00106694
/Biden administration trying to shield abortion medical record data
located in blue states from red state Attorney General probes.//
/
In case you are interested, here are some of my past articles on medical
data privacy and various vendors:
*
hipaalink.net security initial testing*
https://lem.clinicians-exchange.org/post/49122
*
Nearly All Hospital Websites Send Tracking Data to 3rd Parties,
Endangering Pt Privacy—Common Recipients: Alphabet, Meta, Adobe, AT&T*
https://lem.clinicians-exchange.org/post/24598
*
To become an Amazon Clinic patient, first you sign away some privacy,You
agreed to what? The ‘HIPAA authorization’ for Amazon’s new low-cost
clinic offers the tech giant more control over your health*
https://lem.clinicians-exchange.org/post/24603
*
FTC, HHS warn health providers not to use tracking tech in websites, apps*
https://lem.clinicians-exchange.org/post/44657
*
Would you want #AI used to help write a medical or psychotherapy chart
note?**(Ongoing Poll)*
https://mastodon.clinicians-exchange.org/@admin/110799586045837116
*
AWS rolls out generative AI service for healthcare documentation software*
https://lem.clinicians-exchange.org/post/57450
I'm not posting this to be political (although it certainly is) --*I'm
posting it as a legit medical records concern for all of us regardless
of each individual reader's political positions. We need -- as
therapists -- to care about data leaks and privacy.*
+++++++++++
#AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #chatgpt
#artificialintelligence #psychology #counseling #socialwork
#psychotherapy #EHR #medicalnotes #progressnotes #legal #lgbtq #abortion
#transgender
@psychotherapist @psychotherapists
@psychology @socialpsych @socialwork
@psychiatry #mentalhealth #technology #psychiatry #healthcare
#patientportal
#HIPAA #dataprotection #infosec @infosec #doctors #hospitals
#amazon #BAA #businessassociateagreement
As a bit of an update on the Maximus report of 8-11 million affected by the MOVEit attack (https://www.databreaches.net/health-data-of-more-than-8-million-people-accessed-by-moveit-hackers-us-govt-contractor/) the Centers for Medicare and Medicaid Services (CMS) issued a substitute notice saying that approximately 645,000 Medicare members were affected by Maximus's MOVEit breach:
Thanks to @brett for pointing me to the #CMS notice.
#databreach #vendor #HIPAA #thirdparty #infosec #cybersecurity #MOVEit
In what may be the largest health data breach reported so far in 2023, Maximus, a government services contractor, notified the SEC in their 8-k filing on July 26 that the MOVEit breach affected 8-11 million people's information.
It's not clear from the wording of their report whether all of them had protected health information involved. Maximus also services other govt programs like student loans. They wrote:
"Based on the review of impacted files to date, the Company believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the Company anticipates providing notice of the incident."
I don't see Maximus listed on Clop's leak site. Anyone spot it?
https://www.databreaches.net/health-data-of-more-than-8-million-people-accessed-by-moveit-hackers-us-govt-contractor/
#Maximus #databreach #HealthSec #infosec #cybersecurity #Clop #MOVEit #0day #BusinessAssociate #thirdparty #vendor #HIPAA #HITECH
Siderea,
Exactly.
Google Analytics is now a topic of conversation on the Baltimore Therapist listserv.
Your point about classism is well taken.
QUESTION: Am I correct in assuming that Google Analytics is likely to be harvesting client-side data and storing it? Asking for an educated guess as we might not know...
For the less-than-tech-saavy medical professionals and therapists in the room -- what log analyzers might they ask for when they speak to their marketing and IT teams about this issue?
Thanks,
Michael
@siderea @infosec @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering #marketing #seo #therapy
#psychology #counseling #socialwork #psychotherapy #mentalhealth #psychiatry #healthcare
My interpretation of this article is that hospitals, clinics, insurance companies, etc. need to get links and repost icons for Facebook, Twitter, etc. OFF their websites. If you work for a big institution -- talk to your marketing team as they are used to doing this routinely. If you are a small provider, look at your website -- especially if you created it years ago back when no one thought of the problems and you just wanted some traffic.
~~~~~~~~
TITLE: FTC, HHS warn health providers not to use tracking tech in websites, apps
The Federal Trade Commission (FTC) and Department of Health and Human Services (HHS) sent a joint letter to about 130 hospital systems and telehealth providers Thursday, warning of security risks posed by tracking technologies such as the Meta/Facebook Pixel and Google Analytics.
https://therecord.media/apps-website-tracking-healthcare-ftc-hhs-warning
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering #marketing #seo #therapy
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry
@infosec #mentalhealth #psychiatry #healthcare
"Conservative attorneys general want your private reproductive health information It's so they can prosecute abortions."
~ Jill Filipovic
#Republicans #abortion #HiPAA #privacy
https://jill.substack.com/p/conservative-attorneys-general-want
#Fascism. Southern states are gathering medical records on #trans people and #women. Now they are trying to force other states to make #medicalrecords of anyone identified as a resident of their state available to the state and the court system. #Privacy and #Hipaa laws are being disregarded.
https://youtu.be/DRzz6lYStgo
This is Zoom's privacy policy. It is an amazing piece of legal engineering granting them the rights to buy, sell, and gather just about any data about business users they want -- including listing you in a Business or Professional Profile (the "directory"):
https://www.zoominfo.com/about-zoominfo/privacy-policy
This is their form to opt-out of all tracking in their database which they use to sell your information to 3rd parties. Somewhat ironically, this page won't work unless you turn-off Privacy Badger and Ghostery web browser plug-ins:
https://www.zoominfo.com/privacy-center/update/remove
If you use Zoom at work through a business account and don't wish to be listed, consider opting out. They are also collecting information from around the Web outside of Zoom apparently to help build out your profile.
#psychology #neurology #socialwork #psychiatry @psychology @socialwork @psychiatry #mentalhealth #psychotherapists @psychotherapists #cookies #tracking #hacking #3rdpartytrackers #HIPAA #privacy #dataprivacy #webbeacons #videoconference #televideo #telehealth #zoom #databrokers
DEVELOPING: A threat actor has listed patient data from HCA Healthcare for sale on a hacking forum. The seller claims to have 14 GB of data from 27,700,000 rows of data from 2020-2023.
HCA Healthcare allegedly has until July 10 to meet the demands (which were not disclosed publicly).
#databreach #HIPAA #HealthSec #cybersecurity #ITsec #HCAHealthcare
Time for a proper #intro
I'm a Jr. #Sysadmin at a MSP. We focus on medical practices and #HIPAA compliance ⚕️
On my #homelab, I play with #selfhosted apps like #nextcloud, #jellyfin, and host a ton of game servers on #proxmox.
I'm a hobbyist #python and #powershell #programmer, professionally working on app deployments (difficult in the medical space 🥲)
My personal laptop is #archlinux :archlinux: my work laptop is #windows :windows:
I GM a weekly #pathfinder game set on Vvardenfel. Happy rolling! :ablobspin:
Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin:
#ransomware #databreach #HIPAA #HITECH #infosec #backups #extortion
This is the biggest single breach reported so far this year for the U.S. healthcare sector:
Ransomware attack on PharMerica affected 5.8 million patients
https://www.databreaches.net/ransomware-attack-on-pharmerica-affected-5-8-million-patients/
To become an #Amazon Clinic patient, first you sign away some #privacy
HIPAA does not apply to data but rather covered entities.
For using Amazon's clinic service, Amazon wants you to sign saying it's okay to use and disclosure protected health information.
No thanks.
https://www.washingtonpost.com/technology/2023/05/01/amazon-clinic-hipaa-privacy/
The #BidenAdministration is updating #HIPAA, the nation's main health #privacy law, to offer stronger legal protections to people who get abortions in their state or who cross state lines for the procedure, as well as their #doctors and loved ones.
#Abortion #Healthcare #Biden
https://www.politico.com/news/2023/04/12/biden-admin-to-shore-up-hipaa-to-protect-abortion-seekers-and-providers-00091581
TITLE: Criteria for an AI to write psychotherapy chart notes (or medical chart notes)
Note: Reposting to get it out to a few additional groups.
I am informed that a new product called #Mentalyc has entered the market. It's mission is to write psychotherapy notes for clinicians AND to gather a non-identifiable dataset for research into clinical best practices.
I have no firm opinion yet on Mentalyc, but it's expensive ($39-$69 per month per clinician) and I'd personally need to know a lot more about what's in that dataset and who is benefiting from it.
**So I'm asking the community for thoughts on what acceptable ethical and practical criteria would be for an AI to write psychotherapy notes or medical notes.**
Here are MY thoughts so far:
1) REQUIRED: The AI either:
1a) Invents NOTHING and takes 100% of the information in the note from the clinician, or
1b) Prompts the clinician for additional symptoms often present in the condition before writing the note, or
1c) Presents a very clear information page before writing that lets the clinician approve, delete, or modify anything the AI got creative with and was not told explicitly to include. (So, for example, in an experiment with Bard a clinician found that Bard added sleep problems as an invented symptom to a SOAP note for a person with depression and anxiety. This is a non-bizarre symptom addition that makes lots of sense, is very likely, but would have to be approved as valid for the person in question.)
2) OPTIONAL: The AI is on MY computer and NOT reporting anything back to the Internet. This will not be on everyone's list, but I've seen too many #BAA subcontractors playing loose with the definition of #HIPAA (medical privacy) and there is more money to be made in data sales than clinician subscriptions to an AI.
3) OPTIONAL: Inexpensive (There are several free AI tools emerging.)
4) OPTIONAL: Open Source
5) Inputting data to the AI to write the note is less work than just writing the note personally. (Maybe a complex tablet-based clickable form? But then, a pretty high percentage of a note can be in a clickable form format anyway.)
6) The AI does NOT record the entire session and then write a note based upon what was said. (It might accept dictation of note directions sort of like doctors dictate notes to transcribers today.)
I think I may be envisioning a checkbox and drop-down menu form along with a space for a clinician to write a few keywords and phrases, then the AI (on my laptop) takes this and writes a note -- possibly just a paragraph to go along with the already existing form in the official note. I think. It's early days in my thinking.
--
Michael Reeder, LCPC
@psychology
@socialpsych
@socialwork
@psychiatry
#Bias #Ethics #EthicalAI #AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #bard #security #dataanalytics #artificialintelligence #CopyAI #Simplified #Writesonic #Rytr #Writecream #CreaitorAI #Quillbot #Grammarly #SmartCopy #TextBlaze #HIPAA #privacy #psychology #counseling #socialwork #psychotherapy #research #SOAP #EHR ##mentalhealth #technology #psychiatry #healthcare #medical #doctor
NEW: No need to hack when 682,000 medical records are leaking, Monday edition:
https://www.databreaches.net/no-need-to-hack-when-682000-medical-records-are-leaking-monday-edition/
When, oh when, will covered entities learn to purge old data or at least secure it properly?
@carlypage @brett @allan @campuscodi
#HIPAA #databreach #dataprotection #HealthSec #infosec #cybersecurity #PHI #IncidentResponse #ResponsibleDisclosure
@emilymbender Wow - HIPAA violation much?
It would be interesting to see a data record request sent to the vendors of these models to determine if their private health information (PHI) - which this would be - is incorporated into the models.
Given the training processes, unwinding and removing that data is non-trivial. Between US HIPAA laws and EU GDPR regulations, its unclear how this kind of "unsupervised" training can continue.
https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis
@funnygodmother SHIT LIKE THIS is why there's actual #DataProtection #laws in #Germany like #BDSG & #GDPR.
If a #EU citizen and/or resident would be affected, they'd be out paying huge fines if not face prison in #Germany for gross neglect.
That being said the only "data protection" that exist in the #USA is #PCIDSS & #HIPAA - the latter one only applying to #healthcare providers and -data.
@dangillmor Lawyer question: Is DeSantis violating Federal law? #HIPAA
Can't talk.
Head currently in palm.
Health info for 1 million patients stolen using critical GoAnywhere vulnerability https://arstechnica.com/information-technology/2023/02/goanywhere-vulnerability-exploit-used-to-steal-health-info-of-1-million-patients/
#Data #Theft #Critical #Vulnerability #ZeroDay #GoAnywhere #InfoSec #Hospital #HIPAA #TechNews
Diligent Corp. had to send more notifications after learning, the hard way, that a May 2022 hacking incident was even bigger than they had discovered: data that they hadn't thought had been accessed had been accessed and exfiltrated, and was now appearing on the internet.
#databreach #dataprotection #HIPAA #incidentresponse #infosec #cybersecurity #forensics #phi #BusinessAssociate #SaaS
#transparency
@campuscodi @allan @brett @GossiTheDog @zackwhittaker @lawrenceabrams
Tallahassee Memorial continues to divert some EMS patients and postpone non-emergency appointments. They do not say anything about #ransomware or the nature of the attack, but at this point, it seems like it would be a pretty good guess.
Kudos to them for their updates to their web site:
https://www.tmh.org/news/2023/tallahassee-memorial-managing-it-security-issue
#databreach #HIPAA #IncidentResponse #HealthSec #infosec #cybersecurity
Law enforcement can take a well-deserved victory lap about #Hive #ransomware gang being disrupted, but then back to work, please.
This month, I've noted at least 7 U.S. healthcare entities claimed as new victims by 5 different groups. And that doesn't include at least another 5 ransomware incidents where we do not yet have attribution and an uncertain number of other reports where it's not clear whether it was ransomware or not because the entities' notifications are too damned vague.
#databreach #dataprotection #infosec #cybersecurity #HealthSec #HIPAA #HITECH
"Rather than providing care themselves, telehealth companies often act as middlemen connecting patients to affiliated providers covered by HIPAA. As a result, information collected during a telehealth company’s intake may not be protected by HIPAA, while the same information given to the provider would be. "
— @themarkup
#Privacy #AdTracking #MentalHealth #Telehealth #HIPAA
https://themarkup.org/privacy/2022/12/13/out-of-control-dozens-of-telehealth-startups-sent-sensitive-health-information-to-big-tech-companies?utm_source=pocket_mylist
"Virtual care websites were leaking sensitive medical information they collect to the world’s largest advertising platforms."
— @themarkup
#Privacy #HIPAA #AdTracking #TeleHealth #MentalHealth
https://themarkup.org/privacy/2022/12/13/out-of-control-dozens-of-telehealth-startups-sent-sensitive-health-information-to-big-tech-companies?utm_source=pocket_mylist
“Out Of Control”: Dozens of Telehealth Startups Sent Sensitive Health Information to Big Tech Companies
Some important research by @themarkup and @STAT
"A joint investigation by STAT and The Markup of 50 direct-to-consumer telehealth companies like WorkIt found that quick, online access to medications often comes with a hidden cost for patients: Virtual care websites were leaking sensitive medical information they collect to the world’s largest advertising platforms.
On 13 of the 50 websites, we documented at least one tracker—from Meta, Google, TikTok, Bing, Snap, Twitter, LinkedIn, or Pinterest—that collected patients’ answers to medical intake questions."
Not every site that has a "HIPAA Compliant" badge is actually covered by #HIPAA. Hopefully the #FTC and #HHS will do more to squash deceptive claims and the sneaky transfer of sensitive health data.
#Privacy #DataProtection #Telehealth #BigTech #Breach #Deception #Tracker
@VPS_Reports
#IANAL #IAmNotALawyer
I am, however, the person responsible for #Compliance on my team.
The last 4 of your social, combined with other things, is #PersonalData
I don't know if that helps much. Laws vary in regards to this. If it was in any way #medical, that's #HIPAA violation.
.
Email goofs are still a thing. Klamath County Developmental Disabilities Services is notifying 547 people that a data set with their #PHI was accidentally sent to the wrong email address.