HIPAA Journal – Scam Risk Assessment Warnings
Highlights From The HIPAA Journal
From the August 10th Newsletter
Warning issued on phishing scam regarding HIPAA risk assessment
- The department of Health and Human Services’ Office for Civil Rights issued a warning that a phishing scam is targeting compliance officers into visiting a website.
- Mass amount of postcards have been sent out by these hackers that are issued to the compliance officer. The postcards claim to have been sent by the Secretary of Compliance of the HIPAA Compliance Division – a position that does not exist – and have a Washington D.C. return address.
Flaws found in CEM and XenMobile Server
- Two flaws were found in Citrix endpoint Management (CEM) and XenMobile Server. Without action, a hacker can gain access to the server and access all critical information in the environment of the Organization.
- Immediate patching is highly recommended as Citrix has just released the updated versions.
Recent cyber/ransomware attacks related to the Healthcare industry
- Muskingum Valley Health Centers (OH) had incurred a ransomware attack that affected over 7,400 patients.
- 41 healthcare providers reported ransomware attacks in the first half of 2020. Around 1 in 10 ransomware attacks now involve data theft.
- Over 129,000 patients were potentially affected by a malware attack that happened to Behavioral Health Network (BHN) of Western Massachusetts. Their staff were unable to reach files in May of 2020 as an unauthorized user gained access to their network.
- Ashley County Medical Center discovered that a former employee had access their medical records of 722 patients without authorization.
- University of Maryland Faculty Physicians Inc. incurred a phishing attack that had an unauthorized user gain access to an email account. Potentially over 33,800 individuals were affected by this attack.
- Highpoint Foot & Ankle Center in Chalfont, PA had discovered an authorized individual gain access to their systems containing over 25,500 patient records.