Do you feel like cyberattacks are the world’s worst game of whack-a-mole? No matter how many you smack down, ten more pop up— and there’s no sign of it slowing anytime soon and neither is the confusion over who’s responsible when your data gets caught in the crossfire. If your supply chain and your own security safeguards aren’t locked down, you might as well be rolling out the red carpet for hackers. Tune in as we break down the latest mess, and yes, it’s as frustrating as it sounds!
In this episode:
You Have Been Warned – Ep 476
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
HIPAA Say What!?!
[03:50]HHS OCR Drops Appeal of Court’s Web Tracker Ruling
applies only to the collection and disclosure of IP addresses in conjunction with visits to public-facing websites.
You Have Been Warned
[09:48]Radiology IT Vendor Hack Hits 4 Practices, 411,000 People
Specialty Networks Notice of Data Security Incident
Specialty Networks provides radiology information systems, digital transcription services, and Enterprise Practice Management solutions for medical facilities. They are located in Chattanooga, TN.
They alerted 411,037 people of a hack discovered last December (2023) involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
The breach was reported to HHS Aug 15, 2024.
The incident affected several clients, including Prime Imaging; Diagnostic Radiology Consultants, P.A.; Allied Mobile; and Videre Diagnostics.
Dec. 18, 2023 – spotted unusual activity “immediately took steps to secure the network and engage a digital forensics and incident response firm to conduct an investigation”
Around Dec. 11, a threat actor acquired some data stored within Specialty Networks’ systems.
May 31 determined that some personal and protected health information may have been affected.
June 24 coordinated its notification efforts with them and verified the information and mailing addresses for people affected by the breach.
Information potentially compromised in the incident includes name, birthdate, driver’s license number, Social Security number, medical record number, treatment and condition information, diagnoses, medications and health insurance information.
In the last two weeks, at least four proposed class action lawsuits have been filed against Specialty Networks in a federal Tennessee court.
The 471 major breaches reported so far to HHS’ Office of Civil Rights this year affected more than 54.1 million individuals.
Of those, 159 breaches – including the Specialty Networks hack – were linked to business associates, according to HHS OCR’s HIPAA Breach Reporting Tool website. Those business associate breaches affected nearly 22.8 million individuals.
About 34% of all large breaches reported as linked to BAs so far this year. But those 159 breaches accounted for almost 50% of all the individuals involved in all breaches.
Supply chain breaches continue to be a major issue and it doesn’t appear to be subsiding.
It isn’t just supply chain though
[31:53] Supply chains are significant in breach stats but by no means are they the primary source. There are a lot of notices being made recently about breaches. There are also a lot of notices about ransomware gangs and other adversaries upping their game.Nothing to Smile About: Hacks on Dental Practices Swell
Discussion about dentists getting hit a lot lately. Recommends doing CPGs but we know there are many problems going back a long time in this particular specialty.
Annual warning
We always warn you about the holidays being a high attack time. This year we have to add in the election as another reason to wreak havoc and you have a perfect storm for cyber attacks.
Cyber threats aren’t going anywhere, and your supply chain might just be the weakest link. Whether it’s delayed notifications, breaches from months ago, or organizations that aren’t taking privacy and security seriously, the digital landscape is as tricky as ever. The lesson? Stay vigilant, stay prepared, and maybe start questioning if your partners and providers are as committed to your security as they claim. After all, in this cyber battle, ignorance definitely isn’t bliss.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
