HIPAA

ALERT!!! Sonicwall, the manufacturer of a security product many practices rely on has just had a data breach. Sonicwall responded by recommending that ALL CUSTOMERS who use a MySonicWall account reset their passwords immediately. If you have a MySonicWall account, please do this now. The data exposed can provide a hacker with full access to your network and your patient data.

Syracuse ASC, also known as Specialty Surgery Center of Central New York, has been fined $250,000 to resolve violations of the HIPAA Security Law and Breach Notification Law. OCR was able to confirm that the incident was a ransomware attack using the PYSA variant. The data breach dates back to March 2021 where unauthorized access to ePHI of a reported 24,891 patients. The threat potentially stole names, birth dates, Social Security numbers, financial data, and clinical information. The breach was not reported to the affected individuals until October 2021.

The Minneapolis Veterans Affairs Medical Center has experienced two distinct and significant data breaches within a seven-month period, revealing multifaceted vulnerabilities in its data protection protocols.

The approaching end-of-life (EOL) date for Windows 10, set for October 14, 2025, represents a critical juncture for organizations worldwide. The UK's National Cyber Security Centre (NCSC) has issued an urgent advisory that this is strategic and imperative for long-term cybersecurity. Migration to a supported and more secure platform like Windows 11 prior to the date above is essential to mitigate significant, foreseeable risks.

Settlement Marks OCR’s 13th Ransomware Enforcement Action and 9th Enforcement Action in OCR’s Risk Analysis Initiative

In 2024, the most common HIPAA compliance issue, according to the Office for Civil Rights (OCR), remains the impermissible use and disclosure of protected health information (PHI). When violations are identified, the OCR frequently refers cases to the Department of Justice (DOJ) for further action. As of 2024, 2,419 referrals have been made to the DOJ for criminal investigation.

Time’s Running Out: Prepare for the End of Windows 10 Support

A Cybersecurity Advisory was issued related to the LummaC2 malware. This alert highlights the growing industry of Cyberhacking as a service. Looking at this malware product is a good lesion in good cybersecurity. You want to read this entire article.

Cyberattacks :  This is getting very real and very scary for your practice Esse Health, a healthcare provider in the Greater St. Louis area in Missouri, experienced a cyberattack that impacted its healthcare operations This event hit major network news in St Louis  https://www.firstalert4.com/2025/05/07/cyberattack-puts-healthcare-hold-hundreds-st-louis-metro/

Under the HIPAA privacy rule, patients have a Right to an account of Disclosures. This gives patients the right to receive a record of certain disclosure of the protected health information (PHI) made by a covered entity or its business associate.