NYLXS - Free Software Events

Fri Apr 19 04:46:38 2024

EVENTS

FREE
SOFTWARE
INSTITUTE

POLITICS

JOBS

MEMBERS'
CORNER

MAILING
LIST

NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2019-07-01

HANGOUT

2024-04-19 | 2024-03-19 | 2024-02-19 | 2024-01-19 | 2023-12-19 | 2023-11-19 | 2023-10-19 | 2023-09-19 | 2023-08-19 | 2023-07-19 | 2023-06-19 | 2023-05-19 | 2023-04-19 | 2023-03-19 | 2023-02-19 | 2023-01-19 | 2022-12-19 | 2022-11-19 | 2022-10-19 | 2022-09-19 | 2022-08-19 | 2022-07-19 | 2022-06-19 | 2022-05-19 | 2022-04-19 | 2022-03-19 | 2022-02-19 | 2022-01-19 | 2021-12-19 | 2021-11-19 | 2021-10-19 | 2021-09-19 | 2021-08-19 | 2021-07-19 | 2021-06-19 | 2021-05-19 | 2021-04-19 | 2021-03-19 | 2021-02-19 | 2021-01-19 | 2020-12-19 | 2020-11-19 | 2020-10-19 | 2020-09-19 | 2020-08-19 | 2020-07-19 | 2020-06-19 | 2020-05-19 | 2020-04-19 | 2020-03-19 | 2020-02-19 | 2020-01-19 | 2019-12-19 | 2019-11-19 | 2019-10-19 | 2019-09-19 | 2019-08-19 | 2019-07-19 | 2019-06-19 | 2019-05-19 | 2019-04-19 | 2019-03-19 | 2019-02-19 | 2019-01-19 | 2018-12-19 | 2018-11-19 | 2018-10-19 | 2018-09-19 | 2018-08-19 | 2018-07-19 | 2018-06-19 | 2018-05-19 | 2018-04-19 | 2018-03-19 | 2018-02-19 | 2018-01-19 | 2017-12-19 | 2017-11-19 | 2017-10-19 | 2017-09-19 | 2017-08-19 | 2017-07-19 | 2017-06-19 | 2017-05-19 | 2017-04-19 | 2017-03-19 | 2017-02-19 | 2017-01-19 | 2016-12-19 | 2016-11-19 | 2016-10-19 | 2016-09-19 | 2016-08-19 | 2016-07-19 | 2016-06-19 | 2016-05-19 | 2016-04-19 | 2016-03-19 | 2016-02-19 | 2016-01-19 | 2015-12-19 | 2015-11-19 | 2015-10-19 | 2015-09-19 | 2015-08-19 | 2015-07-19 | 2015-06-19 | 2015-05-19 | 2015-04-19 | 2015-03-19 | 2015-02-19 | 2015-01-19 | 2014-12-19 | 2014-11-19 | 2014-10-19 | 2014-09-19 | 2014-08-19 | 2014-07-19 | 2014-06-19 | 2014-05-19 | 2014-04-19 | 2014-03-19 | 2014-02-19 | 2014-01-19 | 2013-12-19 | 2013-11-19 | 2013-10-19 | 2013-09-19 | 2013-08-19 | 2013-07-19 | 2013-06-19 | 2013-05-19 | 2013-04-19 | 2013-03-19 | 2013-02-19 | 2013-01-19 | 2012-12-19 | 2012-11-19 | 2012-10-19 | 2012-09-19 | 2012-08-19 | 2012-07-19 | 2012-06-19 | 2012-05-19 | 2012-04-19 | 2012-03-19 | 2012-02-19 | 2012-01-19 | 2011-12-19 | 2011-11-19 | 2011-10-19 | 2011-09-19 | 2011-08-19 | 2011-07-19 | 2011-06-19 | 2011-05-19 | 2011-04-19 | 2011-03-19 | 2011-02-19 | 2011-01-19 | 2010-12-19 | 2010-11-19 | 2010-10-19 | 2010-09-19 | 2010-08-19 | 2010-07-19 | 2010-06-19 | 2010-05-19 | 2010-04-19 | 2010-03-19 | 2010-02-19 | 2010-01-19 | 2009-12-19 | 2009-11-19 | 2009-10-19 | 2009-09-19 | 2009-08-19 | 2009-07-19 | 2009-06-19 | 2009-05-19 | 2009-04-19 | 2009-03-19 | 2009-02-19 | 2009-01-19 | 2008-12-19 | 2008-11-19 | 2008-10-19 | 2008-09-19 | 2008-08-19 | 2008-07-19 | 2008-06-19 | 2008-05-19 | 2008-04-19 | 2008-03-19 | 2008-02-19 | 2008-01-19 | 2007-12-19 | 2007-11-19 | 2007-10-19 | 2007-09-19 | 2007-08-19 | 2007-07-19 | 2007-06-19 | 2007-05-19 | 2007-04-19 | 2007-03-19 | 2007-02-19 | 2007-01-19 | 2006-12-19 | 2006-11-19 | 2006-10-19 | 2006-09-19 | 2006-08-19 | 2006-07-19 | 2006-06-19 | 2006-05-19 | 2006-04-19 | 2006-03-19 | 2006-02-19 | 2006-01-19 | 2005-12-19 | 2005-11-19 | 2005-10-19 | 2005-09-19 | 2005-08-19 | 2005-07-19 | 2005-06-19 | 2005-05-19 | 2005-04-19 | 2005-03-19 | 2005-02-19 | 2005-01-19 | 2004-12-19 | 2004-11-19 | 2004-10-19 | 2004-09-19 | 2004-08-19 | 2004-07-19 | 2004-06-19 | 2004-05-19 | 2004-04-19 | 2004-03-19 | 2004-02-19 | 2004-01-19 | 2003-12-19 | 2003-11-19 | 2003-10-19 | 2003-09-19 | 2003-08-19 | 2003-07-19 | 2003-06-19 | 2003-05-19 | 2003-04-19 | 2003-03-19 | 2003-02-19 | 2003-01-19 | 2002-12-19 | 2002-11-19 | 2002-10-19 | 2002-09-19 | 2002-08-19 | 2002-07-19 | 2002-06-19 | 2002-05-19 | 2002-04-19 | 2002-03-19 | 2002-02-19 | 2002-01-19 | 2001-12-19 | 2001-11-19 | 2001-10-19 | 2001-09-19 | 2001-08-19 | 2001-07-19 | 2001-06-19 | 2001-05-19 | 2001-04-19 | 2001-03-19 | 2001-02-19 | 2001-01-19 | 2000-12-19 | 2000-11-19 | 2000-10-19 | 2000-09-19 | 2000-08-19 | 2000-07-19 | 2000-06-19 | 2000-05-19 | 2000-04-19 | 2000-03-19 | 2000-02-19 | 2000-01-19 | 1999-12-19

Key: Value:

MESSAGE

DATE

2019-07-05

FROM

Healthcare Update News Service

SUBJECT

Subject: [Hangout - NYLXS] HHS Finds HIPAA Breaches Cost $6.2 Billion

From hangout-bounces-at-nylxs.com Sun Jul 7 05:31:01 2019
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 185AE16113A;
Sun, 7 Jul 2019 05:31:01 -0400 (EDT)
X-Original-To: hangout-at-www2.mrbrklyn.com
Delivered-To: hangout-at-www2.mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 1000)
id EA2E3161134; Sun, 7 Jul 2019 05:30:57 -0400 (EDT)
Resent-From: Ruben Safir
Resent-Date: Sun, 7 Jul 2019 05:30:57 -0400
Resent-Message-ID: <20190707093057.GA15153-at-www2.mrbrklyn.com>
Resent-To: hangout-at-mrbrklyn.com
X-Original-To: ruben-at-mrbrklyn.com
Delivered-To: ruben-at-mrbrklyn.com
Received: from ccm30.constantcontact.com (ccm30.constantcontact.com
[208.75.123.226]) by mrbrklyn.com (Postfix) with ESMTP id 375A8161132
for ; Fri, 5 Jul 2019 11:59:11 -0400 (EDT)
Received: from [10.252.0.102] ([10.252.0.102:55404]
helo=p2-jbemailsyndicator23.ctct.net) by 10.249.250.10 (envelope-from

)
(ecelerity 4.2.1.52273 r(Core:4.2.1.11)) with ESMTP
id 4B/07-37831-0C37F1D5; Fri, 05 Jul 2019 11:58:56 -0400
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=1000073432;
d=auth.ccsend.com;
h=date:mime-version:subject:X-Feedback-ID:message-id:from:reply-to:list-unsubscribe:list-unsubscribe-post:to;
bh=n4VaRfmm9jKMBIzmxlr/gHAM+JXigznxwA+fQDQyqLI=;
b=N6CLGRl+vJv1pYVanAuYBwXi569nzZWyN/A3eDquWluD9rgFrYeC9Cy049AKCcqEmGpDYBBDeQb6tiRTFyvwHHFGzCwYCvZ579RxedoV8+4nOokzsjyA8zBBsoRQDJr+rg5B/jrB8GNW+kDFuK+cTWQ45SMspC1bCKFErdwoDz8=
Message-ID: <1132904508863.1011106855444.177939.0.1231157JL.2002-at-scheduler.constantcontact.com>
Date: Fri, 5 Jul 2019 11:58:56 -0400 (EDT)
From: Healthcare Update News Service
To: ruben-at-mrbrklyn.com
MIME-Version: 1.0
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Campaign-Activity-ID: 59a11dd1-98b3-49a4-b8e4-1859b2fb7740
X-Channel-ID: 7de38df0-cc28-11e3-a7fa-d4ae529ce48a
X-Mailer: Roving Constant Contact 2012 (http://www.constantcontact.com)
X-Return-Path-Hint: AWaEd0ZizSaS45BhZsvt3QA==_1011106855444_feON8MwoEeOn+tSuUpzkig==-at-in.constantcontact.com
X-Roving-Campaignid: 1132904508863
X-Roving-Id: 1011106855444.177939
X-Feedback-ID: 7de38df0-cc28-11e3-a7fa-d4ae529ce48a:59a11dd1-98b3-49a4-b8e4-1859b2fb7740:1011106855444:CTCT
X-CTCT-ID: 7cec0e90-cc28-11e3-a7dd-d4ae529ce48a
Subject: [Hangout - NYLXS] HHS Finds HIPAA Breaches Cost $6.2 Billion
Annually & Hospitals $408 Per Record;
Save the Date for Nat'l HIPAA Summit XXIX
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: admin-at-healthcareupdatenewsservice.com
List-Id: NYLXS Tech Talk and Politics
List-Unsubscribe: ,

List-Post:
List-Help:
List-Subscribe: ,

Content-Type: multipart/mixed; boundary="===============0022548775=="
Errors-To: hangout-bounces-at-nylxs.com
Sender: "Hangout"

--===============0022548775==
Content-Type: multipart/alternative;
boundary="----=_Part_954580197_1212621282.1562342336150"

------=_Part_954580197_1212621282.1562342336150
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408 Per Re=
cord; Save the Date for Nat'l HIPAA Summit XXIX=20

-- A Hybrid Conference and Internet Event=20
-- March 3 - 5, 2020=20
-- Media Partners: Harvard Health Policy Review and Health Affairs=20
-- Onsite at the Hyatt Regency Crystal City, Arlington, VA=20
-- Online in Your Own Office or Home Live via the Internet with 24/7 Acce=
ss for Six Months=20
-- www.HIPAASummit.com

FOR MORE INFORMATION
Phone: 800-503-7417
Email: registration-at-hcconferences.com
Website: www.HIPAASummit.com

FEATURING KEYNOTE ADDRESS BY=20
Roger Severino, JD, Director, Office for Civil Rights, US DHHS, Former Dire=
ctor, DeVos Center for Religion and Civil Society, Institute for Family, Co=
mmunity, and Opportunity, Heritage Foundation, Former Trial Attorney, Civil=
Rights Division, US DOJ, Washington, DC=20

SPEAKER PRESENTATION PROPOSALS=20
Speaker/Presentation Proposals for the HIPAA Summit may be submitted throug=
h our online form.
- Click Here - https://www.ehcca.com/proposals/presentations/?id=3D10

HHS FINDS THAT DATA BREACHES COST THE US HEALTH CARE SYSTEM
$6.2 BILLION ANNUALLY AND HOSPITALS $408 PER RECORD=20
The U.S. healthcare system lost $6.2 billion in 2016 due to data breaches, =
with the average data breach costing healthcare organizations' $2.2 million=
, and an average cost to hospitals $408 per record according to an HHS repo=
rt, which includes data between 2016 and 2018.

THE 10 MOST COMMON HIPAA BREACHES=20
Below are the 10 most common HIPAA violations, according to the HIPAA Journ=
al. - https://www.hipaajournal.com/common-hipaa-violations/
1. Snooping on healthcare records.=20
2. Failure to perform an organization-wide risk analysis.=20
3. Failure to manage security risks/Lack of a risk management process.=20
4. Failure to enter into a HIPAA-compliant business associate agreement.=20
5. Insufficient ePHI access controls.=20
6. Failure to use encryption or an equivalent measure to safeguard ePHI on =
portable devices.=20
7. Exceeding the 60-day deadline for issuing breach notifications.=20
8. Impermissible disclosure of protected health information.=20
9. Improper disposal of PHI.=20
10. Denying patient access to health records/exceeding timescale for provid=
ing access.

79 HEALTHCARE PRIVACY INCIDENTS IN 2019=20
June
Quest Diagnostics notified 11.9 million patients of a data breach that happ=
ened at one of its billing collections vendors.=20
Medical testing company Laboratory Corp. of America learned 7.7 million of =
its patients may have had their data exposed in the same vendor breach as Q=
uest Diagnostics.=20
Nine employees within Oregon's Department of Human Services opened a phishi=
ng email on Jan. 8 that may have exposed around 645,000 people.=20
Cancer Treatment Centers of America learned that an email account of an emp=
loyee at its Atlanta-based Southeastern Regional Medical Center was the tar=
get in a phishing attack that may have exposed 16,819 patients.=20
Forsyth, Ga.-based Monroe County Hospital mailed letters to 10,970 patients=
to alert them that their personal health information may have been exposed=
.=20
Humana has notified 5,569 members of a security incident that may have expo=
sed members' personal information.=20
UMass Memorial Health Care's behavior health service in Worcester sent lett=
ers to 4,598 patients notifying them of an April 18 data breach.=20
Crown Point, Ind.-based Franciscan Health sent letters to 2,200 patients th=
at an employee had viewed their records "without a business reason."=20
Grand Rapids, Mich.-based Mercy Health notified approximately 1,000 patient=
s on May 24 about a data breach that may have exposed patient data.=20
Vision and dental insurer Dominion National notified an unknown number of m=
embers of a data security incident that may have caused personal informatio=
n to be exposed.=20
Meditab, an EMR and practice management software provider, has notified two=
healthcare providers in Maryland that their patients' personal health info=
rmation may have been exposed.=20
Both Olean (N.Y.) Medical Group and Seneca Nation Health System in Salamanc=
a, N.Y., lost access to their computer and EHR systems following recent cyb=
erattacks on the organizations.=20
Lake City, Fla., officials agreed to pay cybercriminals $426,000 on June 24=
after a ransomware attack locked them out of systems.=20
A Boardman, Ohio-based urology program was cyberattacked on June 10, with h=
ackers demanding $75,000 in bitcoin for the encrypted files.=20
Kingman (Ariz.) Regional Medical Center notified patients of a potential se=
curity incident that affected its website.=20
Opko Health was the third healthcare company to learn its patients were aff=
ected in the American Medical Collection Agency data breach.=20
Some personal information from University of Chicago Medicine patients and =
donors was mistakenly exposed on June 3.

May
Inmediata Health Group, a healthcare clearinghouse company, has notified it=
s customers of a data breach that may have exposed the personal information=
of more than 1.5 million people.=20
Gulfport (Miss.) Anesthesia Services sent letters to 14,000 patients alerti=
ng them that their files had gone missing from the practice's storage facil=
ity.=20
An employee at Independent Health emailed the information of 7,600 members =
on March 19 to an unauthorized individual.=20
Centennial, Colo.-based Centura Health began notifying 7,515 patients in Ma=
y that their information may have been exposed due to a phishing attack.=20
Cincinnati-based TriHealth has alerted 2,433 patients that their data may h=
ave been shared with a student mentee in June 2018.=20
Seattle-based Bloodworks, Northwest is notifying 1,893 patients of a March =
data breach that may have exposed patients' personal information.=20
St. Joseph, Mich.-based Spectrum Health Lakeland is notifying 1,100 patient=
s about a data breach at its billing services vendor that may have put pati=
ents' personal information at risk.=20
Philadelphia-based Penn Medicine alerted around 900 patients that their inf=
ormation may have been improperly viewed by a former medical assistant at t=
he hospital.=20
Houston-based Memorial Hermann Health System is notifying more than 600 pat=
ients that their financial information may have been exposed.=20
An employee at Toledo, Ohio-based ProMedica stole patient data between Apri=
l 2017 and March 2019, the U.S. Secret Service alleges.=20
Columbus (Wis.) Community Hospital began notifying patients May 24 that a p=
hishing attack at one of its vendors may have exposed their data.=20
Microsoft is alerting users of its operating systems that a bug, which it h=
as since released patches for, could be used as a cyber-weapon similar to t=
he WannaCry worm.=20
Hackers stole more than $40 million worth of bitcoin on May 4 from one of t=
he world's largest cryptocurrency exchanges.=20
A Paramus, N.J.-based orthopedic surgeon is alerting patients that their pe=
rsonal information may have been exposed due to a ransomware attack in Janu=
ary at his practice.=20
A phishing attack on an employee's email account at Oregon State Hospital m=
ay have exposed patients' protected health information.=20
The Department of Homeland Security and Philips issued an alert that the in=
formation technology vendor's EMR system Tasy has a cross-site scripting vu=
lnerability that could put patient information at risk.=20
Security researchers uncovered two vulnerabilities in Cisco enterprise rout=
ers that could allow hackers to remotely and fully compromise a router's ne=
twork without alerting the user.

April
A cyberattack last July on Macon, Ga.-based Navicent Health's employee emai=
l account system may have affected 278,016 patients' personal information.=
=20
Ontario, Calif.-based Centrelake Medical Group is alerting 197,661 patients=
that their personal health information may have been exposed because of a =
computer virus.=20
Personally identifiable data for approximately 145,000 patients at the Levi=
ttown, Pa.-based Steps to Recovery addiction treatment facility and the Ohi=
o Addiction Recovery Center in Columbus was exposed in a searchable online =
database.=20
Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targe=
ted in a phishing attack that may have put the information of 23,000 patien=
ts at risk.=20
Springfield, Mass.-based Baystate Health notified about 12,000 patients of =
a Feb. 7 phishing attack.=20
Blue Cross of Idaho is notifying 5,600 members of a March 21 data breach th=
at allowed an unauthorized user to gain access to the organization's online=
provider portal.=20
AltaMed Health Services Corp. has sent letters to 5,500 patients about a se=
curity breach that may have impacted their personal health information.=20
The Veterans Health Administration is notifying 4,882 veterans who were tre=
ated at the Martinsburg (W.Va.) VA Medical Center that their personal healt=
h information may have been mailed out in letters to other patients.=20
Humana told 522 members that a limited amount of their personal data may ha=
ve been exposed during a data security incident at the beginning of 2019.
Bangor, Maine-based Northern Light Acadia Hospital mistakenly emailed the n=
ames of 300 patients who had prescriptions for Suboxone.=20
Physician staffing company EmCare is alerting patients, employees and contr=
actors about a Feb. 19 data breach that exposed their personal data.=20
Microsoft emailed an unknown number of users April 12 across its Outlook, M=
SN and Hotmail platforms alerting them of a data breach that occurred betwe=
en Jan. 1 and March 28.=20
A Cleveland-based University Hospitals Rainbow Babies and Children's Hospit=
al employee emailed a message to a group of patients, inadvertently allowin=
g the recipients to see each other's email addresses.=20
Anchorage-based University of Alaska is alerting individuals about a comput=
er data breach that may have affected email accounts.

March
The Oregon Department of Human Services reported an email phishing attack o=
n 2 million agency emails that may have exposed the medical information of =
more than 350,000 people.=20
Medical device and software developer Zoll has notified 277,319 patients of=
a security incident that put their personal and medical information at ris=
k from Nov. 8 to Dec. 28, 2018.=20
Health Alliance Plan and Blue Cross Blue Shield of Michigan have alerted ne=
arly 270,000 members combined that their personal information may have been=
compromised after a data breach at the payers' mailing service vendor in S=
eptember 2018.=20
Chicago-based Rush University Medical Center sent letters to as many as 45,=
000 patients notifying them of a potential data security incident in May 20=
18.=20
A security breach at the former medical center of Greenville, S.C.-based St=
. Francis Physician Services may have compromised data from more than 32,00=
0 patients.=20
Elizabeth City, N.C.-based Pasquotank-Camden Emergency Medical Services pos=
ted a notice about a February cybersecurity incident that may have affected=
20,420 people.=20
A ransomware attack on a Grand Haven, Mich.-based North Ottawa Community He=
alth System's vendor may have compromised data from about 15,000 patients.=
=20
Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerti=
ng them of a May 2018 cybersecurity attack that may have affected their inf=
ormation.=20
Officials within Arizona's Medicaid program reportedly sent personal health=
information of 3,146 patients to incorrect home addresses.=20
A fax server error within Meditab, a company that develops software for EHR=
s, left thousands of physicians=C2=92 notes and patient information vulnera=
ble for anyone to access.

February
Seattle-based UW Medicine sent letters to 974,000 patients notifying them o=
f a Dec. 4, 2018, data error that allowed patient information to come up in=
internet searches.=20
Farmington-based University of Connecticut Health sent letters to up to 326=
,000 patients notifying them of a recent data security incident. UConn Heal=
th discovered several employee email accounts were attacked on Dec. 24, 201=
8.=20
Springs, Fla.-based AdventHealth notified 42,161 patients about an August 2=
017 data breach that may have exposed personal information.=20
Memorial Hospital at Gulfport (Miss.) sent letters to roughly 30,000 patien=
ts Feb. 15 notifying them of a data breach. The hospital discovered an empl=
oyee's email account was victim to a phishing attack Dec. 17, 2018.=20
Nearly 24,000 patients may have had their protected health information brea=
ched in a recent hacking incident at Dr. DeLuca & Dr. Marciano Eye Associat=
es, the Prospect, Conn.-based optometry practice.=20
Pawnee City, Neb.-based Pawnee Country Memorial Hospital notified 7,175 pat=
ients that some of their protected health information may have been exposed=
when a hospital employee was tricked by a phishing email in November 2018.=
=20
Blue Earth, Minn.-based United Hospital District notified 2,143 patients ab=
out a June 2018 phishing scheme. A hospital employee's email account was co=
mpromised in a phishing attack June 10-27, 2018.=20
Colorado Springs, Colo.-based Rocky Mountain Health Care Services sent lett=
ers to 971 patients alerting them that an employee's laptop was stolen May =
15, 2018.=20
Chicago-based Rush University Medical Center inadvertently exposed the name=
s of 908 patients in a paper mailing announcing the retirement of a certifi=
ed nurse practitioner at its Epilepsy Center.=20
Rutland (Vt.) Regional Medical Center said it planned to mail letters to an=
undisclosed number of affected patients notifying them of a recent data br=
each. The hospital discovered the breach after an employee noticed an incre=
ased number of spam emails being sent from his or her account Dec. 21, 2018=
.=20
Box Elder, Mont.-based Rocky Boy Health Center posted a security breach not=
ice on its website, alerting patients of a Jan. 14 incident that may have p=
ut medical records at risk.=20
Roper St. Francis Healthcare in Charleston, S.C., posted a notice to its we=
bsite Jan. 29, warning patients about a potential compromise of their prote=
cted health information that resulted from a November 2018 data breach.=20
Valley Professionals Community Health Center, a federally qualified health =
center headquartered in Cayuga, Ind., notified patients of a potential Octo=
ber 2018 data breach involving their protected health information.

January
Alaskan officials upped their tally of individuals likely affected in a Jun=
e 2018 data breach at the state's health department from 501 victims to 700=
,000.=20
Two separate data breaches disclosed in December 2018 exposed the protected=
health information of 31,876 plan members of Managed Health Services, whic=
h runs Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid progr=
ams.=20
Critical Care, Pulmonary and Sleep Associates in Lakewood, Colo., notified =
23,377 patients about a potential exposure of their protected health inform=
ation after an unauthorized individual gained access to an employee's email=
account.=20
Integrity House, a nonprofit substance use disorder treatment facility in N=
ewark, N.J., notified 7,206 of its patients of a data security incident aft=
er a number of business computers and tablets were stolen from its offices =
in November.=20
An employee at Lebanon (Pa.) VA Medical Center emailed a veteran's family m=
ember a document that contained the protected health information of up to 1=
,002 elderly patients.=20
Sacred Heart Rehabilitation Center, a drug and alcohol addiction treatment =
facility in Richmond, Mich., notified "a limited number of patients" after =
a phishing scheme compromised an employee's email account in April.=20
Officials at the Delaware Department of Insurance said five health insurers=
and about 650 of their members were affected by a data breach at a third-p=
arty administrator in October.=20
Verity Health System, a six-hospital system in Redwood City, Calif., notifi=
ed an undisclosed number of individuals about a potential exposure of their=
protected health information stemming from three incidents.

WASHINGTON DC USA -- HEALTHCARE UPDATE NEWS SERVICE -- JULY 5, 2019: The Tw=
enty-Ninth National HIPAA Summit, www.HIPAASummit.com, will be held March 3=
- 5, 2020 at the Hyatt Regency Crystal City, Arlington, VA. The Summit wil=
l be offered both onsite and live and archived for 6 months over the Intern=
et.

KEYNOTE SPEAKERS=20
Deven McGraw, JD
General Counsel & Chief Regulatory Officer, Ciitizen Corporation, Former De=
puty Director, Health Information Privacy, OCR, Former Director, Health Pri=
vacy Project, Center for Democracy & Technology, Redwood City, CA

Roger Severino, JD
Director, Office for Civil Rights, US DHHS, Former Director, DeVos Center f=
or Religion and Civil Society, Institute for Family, Community, and Opportu=
nity, Heritage Foundation, Former Trial Attorney, Civil Rights Division, US=
DOJ, Washington, DC

Daniel J. Solove, JD
John Marshall Harlan Research Professor of Law, George Washington Universit=
y Law School, Founder, TeachPrivacy, Author, Understanding Privacy; Informa=
tion Privacy Law; The Future of Reputation: Gossip, Rumor, and Privacy on t=
he Internet; and The Digital Person: Technology and Privacy in the Informat=
ion Age, Washington, DC=20

CO CHAIRS=20
Adam Greene, JD, MPH
Partner and Co-chair, Health Information & HIPAA Practice, Davis Wright Tre=
maine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior H=
ealth Information Technology and Privacy Specialist, Office for Civil Right=
s, HHS, Washington, DC

Kirk J. Nahra, Esq.
Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale=
, Washington, DC

John C. Parmigiani
President, John C. Parmigiani and Associates, LLC, HIPAA Summit Distinguish=
ed Service Award Winner, Former Director of Enterprise Standards, HCFA, Ell=
icott City, MD=20

Iliana Peters, JD, LLM
Shareholder, Polsinelli, Former Acting Deputy Director, Health Information =
Privacy, Office for Civil Rights, US Department of Health and Human Service=
s, Washington, DC

Robert M. Tennant, MA
Director, HIT Policy, Medical Group Management Association, Washington, DC=
=20

TUITION SCHOLARSHIPS=20
The HIPAA Summit is now offering a limited number of partial and full Tuiti=
on Scholarships to qualifying representatives of local, state and federal g=
overnment, consumer advocate organizations, safety net providers, academics=
, students and health services research organizations.
Click here for more information. - https://hipaasummit.com/scholarships/

STAY CONNECTED=20
LinkedIn - http://www.linkedin.com/groups/3781543/
Twitter - https://twitter.com/hipaasummit
Tweet using #HIPAASummit=20

TWENTY-NINTH NATIONAL HIPAA SUMMIT
March 3 - 5, 2020
ATTEND ONSITE
Hyatt Regency Crystal City
Arlington, VA

OR WEBCAST PARTICIPATION
In your own office or home live via the Internet with 24/7 access for six m=
onths

PARTICIPATION OPTIONS=20

TRADITIONAL ONSITE ATTENDANCE=20
Simply register, travel to the conference city and attend in person.=20
Pros: subject matter immersion; professional networking opportunities; facu=
lty interaction

LIVE AND ARCHIVED WEBCAST ATTENDANCE=20
Watch the conference in live streaming video of plenary sessions and listen=
to audio of preconference and track sessions over the Internet and at your=
convenience at any time 24/7 for six months following the event.=20
The archived conference includes speaker Video and Audio and coordinated Po=
werPoint presentations.
Pros: Live digital feed and 24/7 Internet access for the next six months; a=
ccessible in the office, at home or anywhere worldwide with Internet access=
; avoid travel expense and hassle; no time away from the office.

WEBCAST INTERFACE SAMPLE
Click here for a sample stream - http://hipaasummitportal.com/#/media/3165/=
globalaccess

SUMMIT REGISTRATION=20
For Summit registration information, visit www.HIPAASummit.com/registration=
/, email registration-at-hcconferences.com, or call 800-503-7417.

SUMMIT EXHIBIT & SPONSORSHIP INFORMATION=20
For sponsorship and exhibit information, visit www.HIPAASummit.com/promotio=
nal-opportunities/, or contact Justin Sorensen, Exhibit Manager, at 206-452=
-0609 phone, 206-319-5303 fax, or exhibits-at-hcconferences.com.

FOR E-MAIL ADDRESS CHANGE, ADD OR DELETE REQUESTS=20
For changes or additions, please email your request to: listmgr-at-HealthCareU=
pdateNewsService.com.
For removal of your e-mail address, please click the link below for "SafeUn=
subscribe" to automatically remove your address from the list.

Forward email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=3Duqoukvn6&m=3D1011106855444&=
ea=3Dadmin%40healthcareupdatenewsservice.com&a=3D1132904508863

This email was sent to ruben-at-mrbrklyn.com by admin-at-healthcareupdatenewsserv=
ice.com.

Update Profile/Email Address
https://visitor.constantcontact.com/do?p=3Doo&m=3D001Y1iZsuw4_GkroA-1I7qnXw=
%3D%3D&ch=3D7de38df0-cc28-11e3-a7fa-d4ae529ce48a&ca=3D59a11dd1-98b3-49a4-b8=
e4-1859b2fb7740

Instant removal with SafeUnsubscribe(TM)
https://visitor.constantcontact.com/do?p=3Dun&m=3D001Y1iZsuw4_GkroA-1I7qnXw=
%3D%3D&ch=3D7de38df0-cc28-11e3-a7fa-d4ae529ce48a&ca=3D59a11dd1-98b3-49a4-b8=
e4-1859b2fb7740

Privacy Policy:
http://www.constantcontact.com/legal/service-provider?cc=3Dabout-service-pr=
ovider

HIPAA Summit | 12330 NE 8th Street | Suite 101 | Bellevue | WA | 98005-3187

------=_Part_954580197_1212621282.1562342336150
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408=<BR> Per Record; Save the Date for Nat'l HIPAA Summit XXIX<BR>
=3D"#000033" > 3D"

a=3D1011106855444&r=3D3&c=3D7cec0e90-cc28-11e3-a7dd-d4ae529ce48a&d=3D113290=
4508863&ch=3D7de38df0-cc28-11e3-a7fa-d4ae529ce48a&ca=3D59a11dd1-98b3-49a4-b=
8e4-1859b2fb7740&o=3Dhttps://imgssl.constantcontact.com/ui/images1/s.gif" w=
idth=3D"1"/>

=09

0.gif" border=3D"0">

=09

=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doL29RXU-W_mtteRXZ=
__aICTzCy9JHMNaLActqO352kCu0r6q1Ie1PywFhti7MbOPEyBUe5_cJ2p8SFDO-uDySgknsZUf=
92YzrKHDFeunEGWpuub9uOQIP2vVlBWJU90i2w=3D=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8C=
fh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx=
_W2wUjCrFpVjCVyB0Qw=3D=3D">

PAA-2020-Blast-Header.jpg" border=3D"0">

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408 Per Re=
cord; Save the Date for Nat'l HIPAA Summit XXIX

A Hybrid Conference=
and Internet Event
March 3 - 5, 2020
Media Partners: =
Harvard Health Policy Review and Health Affairs
Onsite at the Hyatt=
Regency Crystal City, Arlington, VA
Online in Your Own =
Office or Home Live via the Internet with 24/7 Access for Six Months
.HIPAASummit.com" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6=
fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doAu0dq_g5d--yx__v0_8ZbXlDB94sCWLdVSRoPt=
-z21OTpxv6p2DTJWOPqA5IYwVbbziu39L9m0dmXBpf16kwOffoF6MfgpwLbIR6qAXy8Vev7oPJP=
_w0ko=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&c=
h=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">www.HIPAA=
Summit.com

=20

FOR MORE INFORMATION

Phone: 800-503-7417

Email: registration-at-hccon=
ferences.com

Website: n.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doAu0dq_g5d=
--yx__v0_8ZbXlDB94sCWLdVSRoPt-z21OTpxv6p2DTJWOPqA5IYwVbbziu39L9m0dmXBpf16kw=
OffoF6MfgpwLbIR6qAXy8Vev7oPJP_w0ko=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UG=
y-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjC=
rFpVjCVyB0Qw=3D=3D">www.HIPAASummit.com

=09
=09
=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

FEATURING KEYNOTE ADDRESS BY
lass=3D"aligncenter size-medium wp-image-50" src=3D"https://hipaasummit.com= /wp-content/themes/hipaa/faculty/severino_100.jpg" alt=3D"" width=3D"100" h= eight=3D"90" />	Roger Severino, JD, Director, Office for Civil Rights, US DHHS, Form= er Director, DeVos Center for Religion and Civil Society, Institute for Fam= ily, Community, and Opportunity, Heritage Foundation, Former Trial Attorney= , Civil Rights Division, US DOJ, Washington, DC

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

SPEAKER PRESENTATION PROPOSALS

Speaker/Presentation Proposals for the HIPAA Summit may be submitted throug=
h our online form.

- "http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23=
RBB9rXmgL5doB75sWVLZ4b3wpa10z0AVjEWm4Fu6MBvnMUp0yArp5nDEJOD4CpoauRMJn_DU3xX=
bAmjZKO8L740xfZ6hG0pwy7uOPmzY5xs9DdcpHRCm8wMpAzL-83rKwzO4ba3LElm2A_io3na1UH=
7o4ZYMq3QL4EWbusJRrQKOH0Jue4Cw9fK&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mj=
FB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpV=
jCVyB0Qw=3D=3D">Click Here -

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

HHS FINDS THAT DATA BREACHES COST THE US HEALTH CARE SYSTEM

=09$6.2 BILLION ANNUALLY AND HOSPITALS $408 PER RECORD

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

The U.S. healthcare system lost $6.2 billion in 2016 due to data breaches, =
with the average data breach costing healthcare organizations' $2.2 million=
, and an average cost to hospitals $408 per record according to an =3D"https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.=
pdf" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0Nnre=
oJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTOT0HH5rFU_HS4Gn_GoMFZkcOVVaZS0URVfX0fyz5=
7DBCf0On9APxS5dm5Y57B-3Y5LeBtQJsayHtvoEmaCzaXty1NjXrMX1NFQZSRx2HOrjKxmdvYwu=
7N-AhFdtJB7qhWaHVznzqXqiZmcd5b7fBdLfJKnREN8iRxGkXw0KXixnz3PVs0UPHSG80-OVrb5=
X1&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3Div=
AeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">HHS report,=
which includes data between 2016 and 2018.

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

THE 10 MOST COMMON HIPAA BREACHES

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

Below are the 10 most common HIPAA violations, according to the ttps://www.hipaajournal.com/common-hipaa-violations/" href=3D"http://r20.rs=
6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJy=
Ap8OuUNWTGFcrUmaTRRE8Wib-qm2rxGLQd-NshH2Oi7kxq61SVIgEd9lXLCBP2dH4U5m7EuvET4=
bRS8k8FJdpQiKLSi9Isre-mLQHhDT8UvxL65GFaBeUoUWkkZh5wkL8Mmj4vla2oe0AcidiCZz0p=
pKpYrXN3w=3D=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=
=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D"><=
I>HIPAA Journal.

Snooping on healthc=
are records.

Failure to perform =
an organization-wide risk analysis.

Failure to manage s=
ecurity risks/Lack of a risk management process.

Failure to enter in=
to a HIPAA-compliant business associate agreement.

Insufficient ePHI a=
ccess controls.

Failure to use encr=
yption or an equivalent measure to safeguard ePHI on portable devices.

Exceeding the 60-da=
y deadline for issuing breach notifications.

Impermissible discl=
osure of protected health information.

Improper disposal o=
f PHI.

Denying patient acc=
ess to health records/exceeding timescale for providing access.

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

79 HEALTHCARE PRIVACY INCIDENTS IN 2019

=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

June

Quest Diagnostics <=
a alt=3D"https://www.beckershospitalreview.com/cybersecurity/quest-diagnost=
ics-vendor-data-breach-exposes-11-9-million-patients-5-things-to-know.html"=
href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe=
-Yh57G23RBB9rXmgL5doJyAp8OuUNWTp0G0Y5gdhy26OEbrI05xD3_3cHml86fJHOYgcXRsge59=
SpoOdd7fVtOTBiLmjwcfKOnUrQBaOMDDaN8ggDrsYixjKfFoU38MDyEXnmh8ZywO76_AB5_cRBg=
SJlHhPeVg3vA8olHR39mwKEmdmI9G90m0tDvZl6FoWxmUVbFjNSwDnGxundoTspzX9rYw6es_dz=
n3l5mFCRlSz75nJgWUl3tSKuPPqCCAfxUz9G6SdHhSCn12iKngpexmf_svyMm9PUcPESq7ulc=
=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3Di=
vAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">notified 1=
1.9 million patients of a data breach that happened at one of its billing c=
ollections vendors.

Medical testing com=
pany Laboratory Corp. of America w.com/cybersecurity/7-7-million-labcorp-patients-exposed-in-same-vendor-dat=
a-breach-as-quest-diagnostics.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D0=
01xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTFwcrg2gUe=
uyFv9L5bp0yy0qNtim_iPE-EW9ayvt9FTkJUzMmH5j0iwk2x2uSTqicj9kLGq9-B-TRjl4YVH3l=
qf52DDk2BA7DkSRxqfhg84jP11AJVMrhCc42FFcgzng0Azf8KUOCXpA2GjUEsUt-1BxuG6vICaL=
8fVk4TZjuS62YxzNBSpMRuuXuDw6z9rIUJVdDeLnXoufSHj471rUZhP6WMoPa69P18YG52abksK=
haEIqsznccng4SV1TZo1prT3zF94G7VII=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy=
-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCr=
FpVjCVyB0Qw=3D=3D">learned 7.7 million of its patients may have had the=
ir data exposed in the same vendor breach as Quest Diagnostics.

Nine employees with=
in Oregon's Department of Human Services talreview.com/cybersecurity/phishing-attack-on-oregon-human-services-depart=
ment-may-have-exposed-645-000-people.html" href=3D"http://r20.rs6.net/tn.js=
p?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTB3=
3C50d_s2krFBfmjn2Wdu0-y_VjNdc-14peaqsXAcch1e727A-2modVBYOGjQROe5soBusWTFffv=
ay0dO6Wce4-Zga3KF67heQfHqPCfrIc84LlUylitDy3RGq8lJHH4IZfQUu8-JDiDZ9rNhGGquC0=
i2YoYYiVzh5ARZ9enz-UiCSB6Tju1_tiQDWvW12UqWVvQRrD_Nf4D6Di-TsTEGsmj2x5dkLARg9=
TXJvA2GnfldDToE3ztu-qXAIoE-buyM34etzrVok=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cf=
h_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_=
W2wUjCrFpVjCVyB0Qw=3D=3D">opened a phishing email on Jan. 8 that may ha=
ve exposed around 645,000 people.

Cancer Treatment Ce=
nters of America ity/cancer-treatment-centers-of-america-notifies-16-800-patients-of-another=
-phishing-attack.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9=
JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTEg2BoKkR9a2yOvLSxbDjQW=
tiSAwmFRwD68kEqQ0p4_YrDm4eSRX2zEGY1oVe8eDSSQVnnlAAyYZST3ro6M0ddK894sTbAk1fh=
o4GeQfZVHsybXezgUo9knu8D9xDbcx_yn-cdCjal3CZkiamKRmuSU9JMF9MzZo-fsdp8tXqXkJz=
iD-gW7vveGtduCgGlmHREgJRbPGk6A4CriPEZgLLmQyaZhknWKRIfqgtUAbP6G354O4JJnVj80b=
lszZaX9xDTkjzf5T2BxoFh78cS6zUwQ=3D=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UG=
y-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjC=
rFpVjCVyB0Qw=3D=3D">learned that an email account of an employee at its=
Atlanta-based Southeastern Regional Medical Center was the target in a phi=
shing attack that may have exposed 16,819 patients.

Forsyth, Ga.-based =
Monroe County Hospital rsecurity/georgia-hospital-alerts-10-970-patients-of-data-breach.html" href=
=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57=
G23RBB9rXmgL5doJyAp8OuUNWTH5GxXtNqXVd764AbTm8Uon5AD0tHYk9_NTlJFeaDbTLBerpjJ=
VGEu0gQCbvCHGTVxDQX_H4wBWRo-oXSf0l8WcgS6_hUXtaTYYMLhRfY8VzE52-bwuruntGzVIXJ=
v2Iwlon-Ls1CfrVJGRcJcjcN5U-Q9dj_2wWaKs-ANwqMUrB3CV916MnqOmfGWLRB4676ERso1M8=
xy9YRkENRcVm4UjW11yTvoTOR&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKK=
CMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=
=3D=3D">mailed letters to 10,970 patients to alert them that their pers=
onal health information may have been exposed.

Humana tps://www.beckershospitalreview.com/cybersecurity/humana-alerts-5-500-membe=
rs-after-hackers-posed-as-physicians-and-exposed-patient-data.html" href=3D=
"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23=
RBB9rXmgL5doJyAp8OuUNWTJfZF06PdmR83_EQxyWtpv5X8hB0ffisTctbCb8WeMoyYCf9YPalb=
WK2xk_Dn6OC7QHw2oTfJVTkt3yFhvdawuoq0lIU-t5w-3SlOjmYALzBVYUtuISWpDLHHxfid_Qr=
r4IEwVU794YIhhSX5IbKHQCrDQ8MSrKYIYk2UkU-NLRhys1vSzq09YTjxQftWyAEcKTSIvsn9iR=
k2_cNhBVwQrr7y5DUzxnoQzvcWDsquLC_FtGHsHF38MHjEcrVzVRidPfDOJD07_RQ=3D&c=3Dfd=
y6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl=
9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">has notified 5,569 m=
embers of a security incident that may have exposed members' personal infor=
mation.

UMass Memorial Heal=
th Care's behavior health service in Worcester shospitalreview.com/cybersecurity/umass-memorial-health-care-alerts-4-600-p=
atients-of-phishing-attack.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001x=
yzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTvykAOq4LE3TX=
fUqwBAX_xEOILYe-M6SpRlXgQKYCNTgGdwjzriR-KXlftACW58ArXsXDZ6_K8eoHtvK7M0F68oP=
5AqFUcd4X_Xh2cdD0fUwCV7APzgd1euxZw3WmPLYSkeLJ9SAaxNYDnd57BdSU_hb4p7m4pSPzHW=
PaugJZin3FEBlrZ_uuibiLWtulJJyKS48fzAmWsRsvCqJ7z1jD3kZNQn8VFxdARKh7T1ZLWSLQX=
pfT9LLk8g=3D=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=
=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">s=
ent letters to 4,598 patients notifying them of an April 18 data breach=
.

Crown Point, Ind.-b=
ased Franciscan Health rsecurity/franciscan-health-employee-wrongly-viewed-2-200-patient-records.h=
tml" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0Nnre=
oJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTsEBqgiT8Psixh7WjOkPsTjI9pBPJK-VZyVYvqMgV=
nBczEe89yy_f7f6s0aGK3VzbT0GB-8Se9qwg8iSPIqpTfquHexakezvEaysINEoZ16wuIEqEFW-=
Bjit-MR33ELyDM_2XNabDOfkqPdfeFC0d-DptaNMeL7eomqB_TYgWPVIctPxTES99gqZPCwzB7a=
XZ92c3EDusodFBIe0miS3gl_tFtZ2o_45kRifaaF4gggbt38UNOChYzg=3D=3D&c=3Dfdy6YRRg=
H9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1r=
epe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">sent letters to 2,200 pati=
ents that an employee had viewed their records "without a business reason."

Grand Rapids, Mich.=
-based Mercy Health curity/michigan-hospital-alerts-1-000-patients-of-data-breach.html" href=3D=
"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23=
RBB9rXmgL5doJyAp8OuUNWTO43CGPc0_SepCTHXM9jtL8JUIu8EUghnMaFCenIUZy5aIrytMZRk=
GzfM3RsJgnMxOYgFPIK_wXHzYQaoODR4m0cpJLDubOghM-J1q6ySR9RkJ14mwozvzQEW322jiH7=
WH4J0zOO_-eGN1JU_V6xOP9MmcSIQaED779wNANBvmwWpa3nkJpj_U7pmyGU3gVlp3YntLD32JA=
4bXbWnM_xcjFcBM3xqxac7&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMc=
QXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=
=3D">notified approximately 1,000 patients on May 24 about a data breac=
h that may have exposed patient data.

Vision and dental i=
nsurer Dominion National bersecurity/dominion-national-alerts-members-of-9-year-data-breach.html" hr=
ef=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh=
57G23RBB9rXmgL5doJyAp8OuUNWTsRDn-lA9e5Vla375g3QW98j95mprDcmPJma1eB8-QGNGA6T=
v9ev2tzgcEbPMddtUcpm71UxB45cxwMZWn6LVlW5YYkDetdWniiQeNnFEwyTVK08pfv_MIt-4l6=
F16L8Ur6HmMOoSl21ocHyz1NnfaJw69iDtaIXpqAE7eijXZWS594LoXjrUTsiL9TE3yryS00BYK=
s14Dxj2kJZOkIdpUNM7EyWibkc9&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lsz=
KKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0=
Qw=3D=3D">notified an unknown number of members of a data security inci=
dent that may have caused personal information to be exposed.

Meditab, an EMR and=
practice management software provider, alreview.com/cybersecurity/emr-provider-alerts-2-maryland-medical-groups-of=
-data-breach-that-may-have-affected-3-000-patients.html" href=3D"http://r20=
.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5d=
oJyAp8OuUNWTqkRSmvnoUCW1aDvdDHo2BAqG7Cekj2ftl58QsyPXCLzizX9AWiAfXeenzBWMv-a=
p38Yj1GmMfdwzFTLyg3vFDdjPRNwuXuLvWJlZSPTWLemBv794q8HLV7sZjy6YjVq-N_LFJ-rx4E=
WAr0NrsPNTtSaA4UBEd_jtcqvrWW1_wpc6djOLT_EE-ENKSqExmtFCqtIyYZP8IkcA_GS_jK3NA=
d5SxaSVyXqznik4zlAoSXZBpIfC1MiTQ_SpCP8ixrE4NQtxQsLXi29WxDyB77R0sv8NNWfyHwmK=
&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAe=
uQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">has notified =
two healthcare providers in Maryland that their patients' personal health i=
nformation may have been exposed.

Both Olean (N.Y.) M=
edical Group and Seneca Nation Health System in Salamanca, N.Y., https://www.beckershospitalreview.com/cybersecurity/2-new-york-healthcare-p=
roviders-lose-ehr-access-following-ransomware-attacks.html" href=3D"http://=
r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmg=
L5doJyAp8OuUNWT-sWWMx6bES8DHC4T6ef4NzbuZFxHi34y6vYhJdEx26ghyOK6LPcaIA1Ap-yY=
FbkxCwhPPeimIR9Yy2iHnUfjuKs8tXHFyzF6FAby0FSWzVhzJIcedUrkTA2Q2xMNKLaOMc9jTui=
B1OONDX22WVvXmmo0MnUIPs9B6xwSbZ7EvT9HHYahelxAYD6wXy-jl7msSVVmuhJkz3VY0uXb5i=
x-JOqE4Dlmhc18FTma69Evdrl_4ATJ5i_Iiw1RLwlvKnQF&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN=
8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTg=
wx_W2wUjCrFpVjCVyB0Qw=3D=3D">lost access to their computer and EHR syst=
ems following recent cyberattacks on the organizations.

Lake City, Fla., of=
ficials mware-hackers-target-another-florida-city-where-officials-agree-to-pay.html=
" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJR=
e-Yh57G23RBB9rXmgL5doJyAp8OuUNWTRE40H78xHeqw0alca4X6tSb7zy7bIiCkiR7oPThWyOV=
kTajzVKL49Viu2mKoT4Q9OZTNlsi6devtY_bM4wFb0k3hZ4egrBqC9QXjCOJz2KJyHpV9DhYOIx=
inlG3MiIuG2LBbGLSH6TlD4ixaJ1eGKRzrJMlEPgxPUcuK8MDTOAvLhTZxEyV14SrXNh4IfUuHF=
8Kh76KD0XT56qY9lw30MxnJVSzEKojJSe4XSfpODt7b_voDPLyh4JpgFPGEylvU&c=3Dfdy6YRR=
gH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1=
repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">agreed to pay cybercrimin=
als $426,000 on June 24 after a ransomware attack locked them out of system=
s.

A Boardman, Ohio-ba=
sed urology program curity/ohio-urology-practice-told-to-pay-75k-in-cyberattack.html" href=3D"h=
ttp://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RB=
B9rXmgL5doJyAp8OuUNWTCg-8-sPId-GsNwdvw_THHd3tHXLRsnVDMUsg601in73vXiGO-GqAob=
CsMDnsG_-NC9oWanFHNMb8MK8tMwW6x9_PY0rEI5oAu57ks3rNQC2xCvsgiU_pOIzZSTyTw_Ie8=
wlm7u37KqQHXRu07w8N2iXqXyX0kSE6sNLdVhH1FqHwbKljqYdRhgqfAN2exfFuCPTjfcsFl9wB=
J7ENFGl2Gg-qh-CT-xPk&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQX=
UB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=
=3D">was cyberattacked on June 10, with hackers demanding $75,000 in bi=
tcoin for the encrypted files.

Kingman (Ariz.) Reg=
ional Medical Center ecurity/arizona-hospital-s-website-down-for-2-months-due-to-security-incide=
nt.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0=
NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTahtYbqlZieh5RnNQCFyu0UMCVZ_eQqXp4-z4=
mNLEvHdjxckkVhQzj0LgGB4kV1UO9pd3qZk5CJ-uvEoctMOfkVm4PSzWNTL-SPUXf3g8w66bPm4=
vAiivex8dCo2F4H2S0_Fz0kKJSIdDrkwuwliT4L7__Bx80U5QcKbh0NpL5Yasy5OAzqGpdguiKj=
kdBFdeAZBEzgl7bxX84OdtOqqV7TctQpAsQqXHjM8hGnfgpLmd5CX0hPWoeA=3D=3D&c=3Dfdy6=
YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9U=
RJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">notified patients of a=
potential security incident that affected its website.

Opko Health =3D"https://www.beckershospitalreview.com/cybersecurity/opko-health-alerts-=
422-600-patients-of-data-breach.html" href=3D"http://r20.rs6.net/tn.jsp?f=
=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWT697BR=
2aEN21rIm4NgFpXUtq6Ugg6OtVoH4rZ-0JhCPln-kvwHBTa9EXUQfSfKKpkOfGZ0Xp8NuJik9e6=
B-Ss1Lt0t0B0vKJMUzwmXfRletjPqwmLXXthw8udmxIYaoljlvRVuRtN0wdcWiBI74OcYPbGbsP=
aC_poNhKWOjSP3IOxPl-XW4POp80M39-wxjRQKrno_VxMQfMUnKkGbmizzmDhCykaA5nJ&c=3Df=
dy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nR=
l9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">was the third healt=
hcare company to learn its patients were affected in the American Medical C=
ollection Agency data breach.

Some personal infor=
mation from University of Chicago Medicine patients and donors tps://www.beckershospitalreview.com/cybersecurity/patient-data-at-u-of-chic=
ago-medicine-mistakenly-exposed.html" href=3D"http://r20.rs6.net/tn.jsp?f=
=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWThQOud=
H9EJoY4eLRz4Q7Y0JhXn6hMojDOiIAGsOQ8Oif6FPwlYOkyGBeoVoF2M4NrcQ0D0auyem7yi8vB=
ISjaifcN9-F006N3C6fcKCQ6UV9G2bz67yF2eQSzciiPFoH11dedPKR3ptezCjK6lTCjdSRUpGf=
93NKS1TR1TUTPf-lFgySFhSA_yvQNdPnruRofDIlD31WQHlBHIwat7ZFU8JO6qpq3ivD3C8K-Gu=
kMS8E=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&c=
h=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">was mista=
kenly exposed on June 3.

May

Inmediata Health Gr=
oup, a healthcare clearinghouse company, talreview.com/cybersecurity/healthcare-clearinghouse-alerts-1-5m-people-of-=
data-breach.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6=
fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTu6oRTYRm__-2HyZ24jrwyjuBFT7=
WJEcK2wBB8NiN2s59bqhDkSnLJkKRHjrIOLJXhnOOmnjNrBtsJc6XTnxw4Iy8IxsAk9p5Fgji5y=
GDlMF5H0Dh-Qb96-pw0h717wclmXooLAU8rkzma4hGxjY3CPtT1iRvMQbgnSD6KTQf1fIcbuyJy=
SVwcrFQCUa9RVK-PKiqn3lH4jcmdYo7BandyU-nUByttHNkcrSqypgSBrA=3D&c=3Dfdy6YRRgH=
9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1re=
pe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">has notified its customers =
of a data breach that may have exposed the personal information of more tha=
n 1.5 million people.

Gulfport (Miss.) An=
esthesia Services rity/14-000-patient-files-stolen-from-mississippi-physician-practice.html" =
href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-=
Yh57G23RBB9rXmgL5doJyAp8OuUNWTNgwfoAASg2Jb_Blbm1L1fOZfoH79kKkje2rfNVOE4QiYN=
g9QjD9OV7q6AoKFPR5ycxtOKdcmyzo-Bo5OSRbc0ApUwSn9-6EqRvbtFjcJlv9my_pO89n0PJ-u=
4fisfQ-CdJvqFovQKxXRirTgR50j776EdbB2g7DIv6PjsLEQQa1cEZCMA5JdrFfJdv0sXfNm17i=
GMwB-sI7DrhDeFjg-0OM0x0N-ABEhDEbppyeDBvaAQe1OiTEnDA=3D=3D&c=3Dfdy6YRRgH9nVj=
Cqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0m=
fxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">sent letters to 14,000 patients=
alerting them that their files had gone missing from the practice's storag=
e facility.

An employee at Inde=
pendent Health y/new-york-insurer-alerts-7-600-members-of-data-breach.html" href=3D"http:/=
/r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXm=
gL5doJyAp8OuUNWTZrSRRhxmquJ6VpN-r_nlUDQg2ztRuq6KSzVoTMqyMNfDIUGPreEYqh8Wprf=
RDOa9draaFKIK0R_vEWUEWEQ5ibj-KnMn4GT43RZdnMg4RpcM6rP6XQ1nWPbDtrtXwzZ7lPqkuh=
xYkebdwJmnNO2r8-3uid3lwZhjoAZ-2eD9SOcnIkt05XKHPql8qOizxEo_qHBYuTAo_DAg4RMob=
0sm0-vg5cwXqxM4&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=
=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">e=
mailed the information of 7,600 members on March 19 to an unauthorized =
individual.

Centennial, Colo.-b=
ased Centura Health curity/centura-health-phishing-attack-exposes-7-500-patients.html" href=3D"=
http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23R=
BB9rXmgL5doJyAp8OuUNWTrgtkuHBCuavSq3tmdTWLCtKchv_KtiNRJEhiFz-7eQLt95FP58En5=
gVWh69jZeZ4OdbPvkwLdTR_GmTHKAouiUQ2badSN6wan3MDjNdlYwYv0UFwGc5F0pqFvCuU7wk6=
ahwaJrOPsfBel6kF4B5qoDfxGiXYg1qAwoDSfsYEIms6OBEZV0MelCjmvm1D6mojcM3Fh_cuKMH=
pWFsZZb_VmbreuPN9fT1a&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQ=
XUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=
=3D">began notifying 7,515 patients in May that their information may h=
ave been exposed due to a phishing attack.

Cincinnati-based Tr=
iHealth alth-notifies-2-400-patients-of-data-breach.html" href=3D"http://r20.rs6.ne=
t/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8O=
uUNWTBdFE67B1vJue9qBn_3pdH2AHoOJSP1tMt2Oz-rAkDSkGiqXGH7AKpAytMUwK8_J_XYNagI=
Dnl6NjB8j_R8WxTF7RDbvgs6OnBZ0nIfwWhdfEepvC7tRPaX1syrZpE_Z-7XsH_WH3XeZK8i-9p=
Ec5mxQaDJh6V1oUl5z-yysLrz6ARibxN63CSQzeXz6Jus53F16DJxZnp17xWewT1l9al2QMm5Tj=
Gdvi&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3D=
ivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">has alerteda> 2,433 patients that their data may have been shared with a student mente=
e in June 2018.

Seattle-based Blood=
works, Northwest ity/seattle-blood-bank-alerts-1-800-patients-of-data-breach.html" href=3D"h=
ttp://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RB=
B9rXmgL5doJyAp8OuUNWTrXI4IzceazPy3qLnimzbP94fHLB4EIGEc08td65nicYxZwfOE-WQK7=
B9UUtOFFxgrFWuG-0o6xwvU_9GGjfNArRg3hwXg5ZylOcT1byaPh_EkZpJegzoAEiw_7svGOqvO=
FzgXz7B4eAl06ACUxM_pTXeDfdi8dyB-5jTO43pubtBJSYaSEPxsjeLNupBu4I2FfFyIkCbPzpM=
c9IDT6mXPoOcO4QJgynL6xcuXEC3dSE=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-m=
jFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFp=
VjCVyB0Qw=3D=3D">is notifying 1,893 patients of a March data breach tha=
t may have exposed patients' personal information.

St. Joseph, Mich.-b=
ased Spectrum Health Lakeland om/cybersecurity/spectrum-health-lakeland-alerts-1-100-patients-of-data-bre=
ach.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa=
0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTqpDjHQ4bYYEJBq9-qaXDAS1oje1sSygsz76=
yJtwIZym2XN5zh7QlLVh1FSnAXAZW9fpznunjxLrcjDLqBabh_KhUyyi5wLjaMTfRti6saeNzpS=
cBE1ODTCWdUL3j49EYL6dUXYZAB4Xm9lthAQdmKswSbAieoMQZhKODnnRSqcIm4aINSYFnA9W5j=
QTLaqReh5SOBLVmsVRAh2524FeBaxqvVYQ8J6_z8aqn2ALsm-Q=3D&c=3Dfdy6YRRgH9nVjCqd7=
LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAU=
aYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">is notifying 1,100 patients about a=
data breach at its billing services vendor that may have put patients' per=
sonal information at risk.

Philadelphia-based =
Penn Medicine /penn-medicine-employee-misused-a-patient-s-information-hospital-privacy-ch=
ief-says.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTa=
VsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTVLRRZ-DS1saZGPe4DT1YL4eJeF7G-P=
TBmuIbdiYULjvDD_0AdJ3VUetGooNzcDwTmxSuqIFkYawWAZ56WSWq9GoLL_XqL9J1qUzQ-0Pc1=
SHkb8o2VbV469CGCsHczc-e89H6X8vgdoMZcQGY0LAKsKmmDsdv5y6zGwaGBYxEa45UoyJKaAjw=
4BLaIwWJFlEAS1Caz1RBD0jxlxbT5wd2sYnOz2KfR-VnTTLukuK78YhPmwhasBKxbXNHmJUbFxM=
tGLLfry2TheI=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=
=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">a=
lerted around 900 patients that their information may have been imprope=
rly viewed by a former medical assistant at the hospital.

Houston-based Memor=
ial Hermann Health System ybersecurity/memorial-hermann-employee-improperly-used-patients-credit-card=
-info.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsD=
Ba0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTMeb0g8T2QZViCsAvGWm3QzCRgSGvk1o4R=
XEB-GigqPKTGw7hGTnUl1OOtpGx1LFhy_iLy4OC_U_6iW-0ySlKxD43Ew6lQSrOoaakI6HPlRMM=
NCQ9cbl3CMXXnvdbrzQyVg6nyaR0mh0GGzKtAwVvzRoMVDpP3k_0hFlRXOpkA4Xsbglc5QOAAXz=
INUo0TZ_14Km5ITN_i-zLOxo5kH1rIBPZwTCwykw7Yvf3UHjmH2V8oLSgkBt9Cw=3D=3D&c=3Df=
dy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nR=
l9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">is notifying more t=
han 600 patients that their financial information may have been exposed.

An employee at Tole=
do, Ohio-based ProMedica bersecurity/promedica-employee-stole-patient-information-secret-service-all=
eges.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDB=
a0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTBRuXZzz6iX-0l5TGXd_pNa2MTPvMwuZ_eV=
k7wqN24zUxjl3U_A4NWJFeMCJI5fF1Wbia7XLuMdCDqNUJX2D5VheyWRBRMolRxHc8_WuutnsVy=
xuNYesPLlzrWuzDNjnvC4Z_aL3ImXH6cWUpjY53iFa2GSa26CuzsTuRljWdd1-NJVJHh8aKAUmG=
gnp5ToDETH7n0CL83Jyi5kdDpeV78FG9zYe4514H-dzra6Low_THLEdNuaEdgA=3D=3D&c=3Dfd=
y6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl=
9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">stole patient data b=
etween April 2017 and March 2019, the U.S. Secret Service alleges.

Columbus (Wis.) Com=
munity Hospital ty/wisconsin-hospital-alerts-patients-of-vendor-phishing-attack.html" href=
=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57=
G23RBB9rXmgL5doJyAp8OuUNWTfqjywOGwRrFfdqRn92bDNpYxjlFh5VLNwKg7yz9o_EQou6zso=
00LUFodgshZQY28qYKr7rII2qfNvtNJFh9zjYv_FSDiIf-drkp2tfzd0lVHcQqx-UkUxsAKcm3Z=
BZnY4dQX5xb6mmPt_buEcq9NUx3fpA_EliS5ZFtjqZZpggbBNMmbnYBotQ4QTkjH2iYr5mkfEji=
OEV_Qf1fu8-pbnurshN0o15dvEpvE-INCGMA=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3=
UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wU=
jCrFpVjCVyB0Qw=3D=3D">began notifying patients May 24 that a phishing a=
ttack at one of its vendors may have exposed their data.

Microsoft "https://www.beckershospitalreview.com/cybersecurity/microsoft-warns-users-=
of-system-vulnerability-that-may-be-used-like-wannacry-worm.html" href=3D"h=
ttp://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RB=
B9rXmgL5doJyAp8OuUNWTS6QgZZ4whA88Or0MqB2kKLQ4nn9acT_YoUoY1S_YVmVhoygSdI8wDJ=
2FGGwsIUTKqWAujZnEZ8BpXxuYthh46qhqicIWjzQHXsAnwuWRjh9tNfWxKC8ZKjqBXIY-188xP=
CEDEhD_KhLWFomeV2y1-X-qnaxCPsdor3_Ex1COJNdBPJVaedixPxmCsOn5qQrI6JPxDmGSSFMQ=
UQEeq08g4SVY4BEzPxBJO_LtG_PfaxNETHKaRpS7VjtO5sD-JNigxD2u7JoPuRo=3D&c=3Dfdy6=
YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9U=
RJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">is alerting users of i=
ts operating systems that a bug, which it has since released patches for, c=
ould be used as a cyber-weapon similar to the WannaCry worm.

Hackers ttps://www.beckershospitalreview.com/cybersecurity/hackers-steal-40m-in-bit=
coin.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDB=
a0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTjbB1yXnQMRNa8oRd2Mx_EM-DzocV0g1mXq=
-xwuVN50ppLX57nWT7SX6TuwM9iAIZasF4SbRJi6yk1vmBd5V88OaBGcaJrik_5wHkDWOhrL2de=
bDoAw7Ai4I0plm2ylzdNFIYPEmQMZxdwY5b-No2XM_cUKoLzk_M5t0cmiA2o8YlqgNC8_bOY_Di=
PNlCMi1T&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&c=
h=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">stole=
more than $40 million worth of bitcoin on May 4 from one of the world's la=
rgest cryptocurrency exchanges.

A Paramus, N.J.-bas=
ed orthopedic surgeon security/new-jersey-orthopedic-surgery-practice-infected-with-ransomware.ht=
ml" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0Nnreo=
JRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTFlMH648to31v7hKsSM_-UxK7PPLG-eiL2P6hGiAWm=
yk3BaTfXuSjV5_S5vpxGl2oW5DeE1jUgr2B04QoYyCdHI0xyGZV60qSCA7uCYpQxlhSkBy904Cn=
HTmCw9DvaQmd-MmjFUhq03iH6axqpesz7vuwYDfhY_PHtYB1YCfDCNDzusLFxCdf_PlmOj0N0Tt=
57SncYzKlgemXjtwObBUS594xowmNTti_voFf1_Rn5F7llIEV3QTgtA=3D=3D&c=3Dfdy6YRRgH=
9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1re=
pe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">is alerting patients that t=
heir personal information may have been exposed due to a ransomware attack =
in January at his practice.

A phishing attack o=
n an employee's email account at Oregon State Hospital w.beckershospitalreview.com/cybersecurity/oregon-state-hospital-alerts-pati=
ents-of-phishing-attack.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn=
0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTlkMDCahfmlbUqOS=
t2M1aopUE7bDzI3ryGBHh_QgLYny1K85OjmNqKeHTDiWvIXqVNYVYmLwjvq5Ip5t-fupyCaICfF=
xakje-Y5X1zugMyGlQO0pim9ybpyrJwEyZUw3YGCP6sOBXJY4Rdo4igBbWGJAZZ4zx_F_6iWe1n=
DFVjal7OB0nHJk0kGRuqF2CLYadRQADeuThJeTpHCg7PGcNXNwbT9lHBzE_GYNNchJE-ho=3D&c=
=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQ=
g6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">may have exposed> patients' protected health information.

The Department of H=
omeland Security and Philips m/cybersecurity/vulnerability-found-in-philips-emr-puts-patient-data-at-ris=
k.html" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0N=
nreoJRe-Yh57G23RBB9rXmgL5doJyAp8OuUNWTuYmbIobo8DWjdKsf8_piXnktN0T2WTjxXLJY6=
3pIOWj2q-IskoSTD_ziTIsVriO2N2TlqZTuzHeCcN5vOD8yKdkAQTHbtohDRTBVc10Yq1cVbfJ9=
8WayY3z4ayznAe6JY4dj0NdIa4uqxw6l57aqf6fBYrvp_kXv1cHRzxf6kM8mPklr-pqSAI1o7d9=
VN2uSJSEaAKGO6J8V_LPt3yNJ1RkyJCMBsNV03uNTp8dPGhY=3D&c=3Dfdy6YRRgH9nVjCqd7LS=
Kw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaY=
bqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">issued an alert that the information =
technology vendor's EMR system Tasy has a cross-site scripting vulnerabilit=
y that could put patient information at risk.

Security researcher=
s -find-vulnerabilities-that-put-all-cisco-networks-at-risk.html" href=3D"htt=
p://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh57G23RBB9=
rXmgL5doJyAp8OuUNWTctYbQj8mvz28jzSoNonRHZhpVCtUuxmsZ4jXcBCn-WYfkfYVd9Pb8J4b=
Q9QP1OHLvJ3WmLZ2OExk6ly-EPCWdaL6awlT-QU2V1KPGHMl6Un9yIsWElixoevzRu5H7N6ddgg=
JIbZVYec48-g2EewgOl0W6uuc5iXO_DYnj5IZXsAA98LVGrr5dUt0sJpJfK4_z9dtfLNAfzMJ9k=
aa8-lY0PU34jQeOyoXAk-RC-SDEbsQH94fcSaCBw=3D=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN=
8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&ch=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTg=
wx_W2wUjCrFpVjCVyB0Qw=3D=3D">uncovered two vulnerabilities in Cisco ent=
erprise routers that could allow hackers to remotely and fully compromise a=
router's network without alerting the user.

April

A cyberattack last =
July on Macon, Ga.-based Navicent Health's employee email account system ma=
y have -data-breach-exposes-278-000-navicent-health-patients-information.html" hre=
f=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6fTaVsDBa0NnreoJRe-Yh5=
7G23RBB9rXmgL5doJyAp8OuUNWTGlCjMDjAZuyTE87d1wmE41tBFRMOxvJExMFrtvDUk4JdjpFa=
8H4slVVBh8h0LIbyd9R0A0ExNoZJvO4-SwVu9LGFCwG8PNPIP-jjevl3DDh9Ta5TcP_kEcp4PV5=
Pr_pURchD62-ULz7--===============0022548775==
Content-Type: multipart/alternative;
boundary="----=_Part_954580197_1212621282.1562342336150"

------=_Part_954580197_1212621282.1562342336150
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408 Per Re=
cord; Save the Date for Nat'l HIPAA Summit XXIX=20

-- A Hybrid Conference and Internet Event=20
-- March 3 - 5, 2020=20
-- Media Partners: Harvard Health Policy Review and Health Affairs=20
-- Onsite at the Hyatt Regency Crystal City, Arlington, VA=20
-- Online in Your Own Office or Home Live via the Internet with 24/7 Acce=
ss for Six Months=20
-- www.HIPAASummit.com

FOR MORE INFORMATION
Phone: 800-503-7417
Email: registration-at-hcconferences.com
Website: www.HIPAASummit.com

FEATURING KEYNOTE ADDRESS BY=20
Roger Severino, JD, Director, Office for Civil Rights, US DHHS, Former Dire=
ctor, DeVos Center for Religion and Civil Society, Institute for Family, Co=
mmunity, and Opportunity, Heritage Foundation, Former Trial Attorney, Civil=
Rights Division, US DOJ, Washington, DC=20

SPEAKER PRESENTATION PROPOSALS=20
Speaker/Presentation Proposals for the HIPAA Summit may be submitted throug=
h our online form.
- Click Here - https://www.ehcca.com/proposals/presentations/?id=3D10

HHS FINDS THAT DATA BREACHES COST THE US HEALTH CARE SYSTEM
$6.2 BILLION ANNUALLY AND HOSPITALS $408 PER RECORD=20
The U.S. healthcare system lost $6.2 billion in 2016 due to data breaches, =
with the average data breach costing healthcare organizations' $2.2 million=
, and an average cost to hospitals $408 per record according to an HHS repo=
rt, which includes data between 2016 and 2018.

THE 10 MOST COMMON HIPAA BREACHES=20
Below are the 10 most common HIPAA violations, according to the HIPAA Journ=
al. - https://www.hipaajournal.com/common-hipaa-violations/
1. Snooping on healthcare records.=20
2. Failure to perform an organization-wide risk analysis.=20
3. Failure to manage security risks/Lack of a risk management process.=20
4. Failure to enter into a HIPAA-compliant business associate agreement.=20
5. Insufficient ePHI access controls.=20
6. Failure to use encryption or an equivalent measure to safeguard ePHI on =
portable devices.=20
7. Exceeding the 60-day deadline for issuing breach notifications.=20
8. Impermissible disclosure of protected health information.=20
9. Improper disposal of PHI.=20
10. Denying patient access to health records/exceeding timescale for provid=
ing access.

79 HEALTHCARE PRIVACY INCIDENTS IN 2019=20
June
Quest Diagnostics notified 11.9 million patients of a data breach that happ=
ened at one of its billing collections vendors.=20
Medical testing company Laboratory Corp. of America learned 7.7 million of =
its patients may have had their data exposed in the same vendor breach as Q=
uest Diagnostics.=20
Nine employees within Oregon's Department of Human Services opened a phishi=
ng email on Jan. 8 that may have exposed around 645,000 people.=20
Cancer Treatment Centers of America learned that an email account of an emp=
loyee at its Atlanta-based Southeastern Regional Medical Center was the tar=
get in a phishing attack that may have exposed 16,819 patients.=20
Forsyth, Ga.-based Monroe County Hospital mailed letters to 10,970 patients=
to alert them that their personal health information may have been exposed=
.=20
Humana has notified 5,569 members of a security incident that may have expo=
sed members' personal information.=20
UMass Memorial Health Care's behavior health service in Worcester sent lett=
ers to 4,598 patients notifying them of an April 18 data breach.=20
Crown Point, Ind.-based Franciscan Health sent letters to 2,200 patients th=
at an employee had viewed their records "without a business reason."=20
Grand Rapids, Mich.-based Mercy Health notified approximately 1,000 patient=
s on May 24 about a data breach that may have exposed patient data.=20
Vision and dental insurer Dominion National notified an unknown number of m=
embers of a data security incident that may have caused personal informatio=
n to be exposed.=20
Meditab, an EMR and practice management software provider, has notified two=
healthcare providers in Maryland that their patients' personal health info=
rmation may have been exposed.=20
Both Olean (N.Y.) Medical Group and Seneca Nation Health System in Salamanc=
a, N.Y., lost access to their computer and EHR systems following recent cyb=
erattacks on the organizations.=20
Lake City, Fla., officials agreed to pay cybercriminals $426,000 on June 24=
after a ransomware attack locked them out of systems.=20
A Boardman, Ohio-based urology program was cyberattacked on June 10, with h=
ackers demanding $75,000 in bitcoin for the encrypted files.=20
Kingman (Ariz.) Regional Medical Center notified patients of a potential se=
curity incident that affected its website.=20
Opko Health was the third healthcare company to learn its patients were aff=
ected in the American Medical Collection Agency data breach.=20
Some personal information from University of Chicago Medicine patients and =
donors was mistakenly exposed on June 3.

May
Inmediata Health Group, a healthcare clearinghouse company, has notified it=
s customers of a data breach that may have exposed the personal information=
of more than 1.5 million people.=20
Gulfport (Miss.) Anesthesia Services sent letters to 14,000 patients alerti=
ng them that their files had gone missing from the practice's storage facil=
ity.=20
An employee at Independent Health emailed the information of 7,600 members =
on March 19 to an unauthorized individual.=20
Centennial, Colo.-based Centura Health began notifying 7,515 patients in Ma=
y that their information may have been exposed due to a phishing attack.=20
Cincinnati-based TriHealth has alerted 2,433 patients that their data may h=
ave been shared with a student mentee in June 2018.=20
Seattle-based Bloodworks, Northwest is notifying 1,893 patients of a March =
data breach that may have exposed patients' personal information.=20
St. Joseph, Mich.-based Spectrum Health Lakeland is notifying 1,100 patient=
s about a data breach at its billing services vendor that may have put pati=
ents' personal information at risk.=20
Philadelphia-based Penn Medicine alerted around 900 patients that their inf=
ormation may have been improperly viewed by a former medical assistant at t=
he hospital.=20
Houston-based Memorial Hermann Health System is notifying more than 600 pat=
ients that their financial information may have been exposed.=20
An employee at Toledo, Ohio-based ProMedica stole patient data between Apri=
l 2017 and March 2019, the U.S. Secret Service alleges.=20
Columbus (Wis.) Community Hospital began notifying patients May 24 that a p=
hishing attack at one of its vendors may have exposed their data.=20
Microsoft is alerting users of its operating systems that a bug, which it h=
as since released patches for, could be used as a cyber-weapon similar to t=
he WannaCry worm.=20
Hackers stole more than $40 million worth of bitcoin on May 4 from one of t=
he world's largest cryptocurrency exchanges.=20
A Paramus, N.J.-based orthopedic surgeon is alerting patients that their pe=
rsonal information may have been exposed due to a ransomware attack in Janu=
ary at his practice.=20
A phishing attack on an employee's email account at Oregon State Hospital m=
ay have exposed patients' protected health information.=20
The Department of Homeland Security and Philips issued an alert that the in=
formation technology vendor's EMR system Tasy has a cross-site scripting vu=
lnerability that could put patient information at risk.=20
Security researchers uncovered two vulnerabilities in Cisco enterprise rout=
ers that could allow hackers to remotely and fully compromise a router's ne=
twork without alerting the user.

April
A cyberattack last July on Macon, Ga.-based Navicent Health's employee emai=
l account system may have affected 278,016 patients' personal information.=
=20
Ontario, Calif.-based Centrelake Medical Group is alerting 197,661 patients=
that their personal health information may have been exposed because of a =
computer virus.=20
Personally identifiable data for approximately 145,000 patients at the Levi=
ttown, Pa.-based Steps to Recovery addiction treatment facility and the Ohi=
o Addiction Recovery Center in Columbus was exposed in a searchable online =
database.=20
Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targe=
ted in a phishing attack that may have put the information of 23,000 patien=
ts at risk.=20
Springfield, Mass.-based Baystate Health notified about 12,000 patients of =
a Feb. 7 phishing attack.=20
Blue Cross of Idaho is notifying 5,600 members of a March 21 data breach th=
at allowed an unauthorized user to gain access to the organization's online=
provider portal.=20
AltaMed Health Services Corp. has sent letters to 5,500 patients about a se=
curity breach that may have impacted their personal health information.=20
The Veterans Health Administration is notifying 4,882 veterans who were tre=
ated at the Martinsburg (W.Va.) VA Medical Center that their personal healt=
h information may have been mailed out in letters to other patients.=20
Humana told 522 members that a limited amount of their personal data may ha=
ve been exposed during a data security incident at the beginning of 2019.
Bangor, Maine-based Northern Light Acadia Hospital mistakenly emailed the n=
ames of 300 patients who had prescriptions for Suboxone.=20
Physician staffing company EmCare is alerting patients, employees and contr=
actors about a Feb. 19 data breach that exposed their personal data.=20
Microsoft emailed an unknown number of users April 12 across its Outlook, M=
SN and Hotmail platforms alerting them of a data breach that occurred betwe=
en Jan. 1 and March 28.=20
A Cleveland-based University Hospitals Rainbow Babies and Children's Hospit=
al employee emailed a message to a group of patients, inadvertently allowin=
g the recipients to see each other's email addresses.=20
Anchorage-based University of Alaska is alerting individuals about a comput=
er data breach that may have affected email accounts.

March
The Oregon Department of Human Services reported an email phishing attack o=
n 2 million agency emails that may have exposed the medical information of =
more than 350,000 people.=20
Medical device and software developer Zoll has notified 277,319 patients of=
a security incident that put their personal and medical information at ris=
k from Nov. 8 to Dec. 28, 2018.=20
Health Alliance Plan and Blue Cross Blue Shield of Michigan have alerted ne=
arly 270,000 members combined that their personal information may have been=
compromised after a data breach at the payers' mailing service vendor in S=
eptember 2018.=20
Chicago-based Rush University Medical Center sent letters to as many as 45,=
000 patients notifying them of a potential data security incident in May 20=
18.=20
A security breach at the former medical center of Greenville, S.C.-based St=
. Francis Physician Services may have compromised data from more than 32,00=
0 patients.=20
Elizabeth City, N.C.-based Pasquotank-Camden Emergency Medical Services pos=
ted a notice about a February cybersecurity incident that may have affected=
20,420 people.=20
A ransomware attack on a Grand Haven, Mich.-based North Ottawa Community He=
alth System's vendor may have compromised data from about 15,000 patients.=
=20
Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerti=
ng them of a May 2018 cybersecurity attack that may have affected their inf=
ormation.=20
Officials within Arizona's Medicaid program reportedly sent personal health=
information of 3,146 patients to incorrect home addresses.=20
A fax server error within Meditab, a company that develops software for EHR=
s, left thousands of physicians=C2=92 notes and patient information vulnera=
ble for anyone to access.

February
Seattle-based UW Medicine sent letters to 974,000 patients notifying them o=
f a Dec. 4, 2018, data error that allowed patient information to come up in=
internet searches.=20
Farmington-based University of Connecticut Health sent letters to up to 326=
,000 patients notifying them of a recent data security incident. UConn Heal=
th discovered several employee email accounts were attacked on Dec. 24, 201=
8.=20
Springs, Fla.-based AdventHealth notified 42,161 patients about an August 2=
017 data breach that may have exposed personal information.=20
Memorial Hospital at Gulfport (Miss.) sent letters to roughly 30,000 patien=
ts Feb. 15 notifying them of a data breach. The hospital discovered an empl=
oyee's email account was victim to a phishing attack Dec. 17, 2018.=20
Nearly 24,000 patients may have had their protected health information brea=
ched in a recent hacking incident at Dr. DeLuca & Dr. Marciano Eye Associat=
es, the Prospect, Conn.-based optometry practice.=20
Pawnee City, Neb.-based Pawnee Country Memorial Hospital notified 7,175 pat=
ients that some of their protected health information may have been exposed=
when a hospital employee was tricked by a phishing email in November 2018.=
=20
Blue Earth, Minn.-based United Hospital District notified 2,143 patients ab=
out a June 2018 phishing scheme. A hospital employee's email account was co=
mpromised in a phishing attack June 10-27, 2018.=20
Colorado Springs, Colo.-based Rocky Mountain Health Care Services sent lett=
ers to 971 patients alerting them that an employee's laptop was stolen May =
15, 2018.=20
Chicago-based Rush University Medical Center inadvertently exposed the name=
s of 908 patients in a paper mailing announcing the retirement of a certifi=
ed nurse practitioner at its Epilepsy Center.=20
Rutland (Vt.) Regional Medical Center said it planned to mail letters to an=
undisclosed number of affected patients notifying them of a recent data br=
each. The hospital discovered the breach after an employee noticed an incre=
ased number of spam emails being sent from his or her account Dec. 21, 2018=
.=20
Box Elder, Mont.-based Rocky Boy Health Center posted a security breach not=
ice on its website, alerting patients of a Jan. 14 incident that may have p=
ut medical records at risk.=20
Roper St. Francis Healthcare in Charleston, S.C., posted a notice to its we=
bsite Jan. 29, warning patients about a potential compromise of their prote=
cted health information that resulted from a November 2018 data breach.=20
Valley Professionals Community Health Center, a federally qualified health =
center headquartered in Cayuga, Ind., notified patients of a potential Octo=
ber 2018 data breach involving their protected health information.

January
Alaskan officials upped their tally of individuals likely affected in a Jun=
e 2018 data breach at the state's health department from 501 victims to 700=
,000.=20
Two separate data breaches disclosed in December 2018 exposed the protected=
health information of 31,876 plan members of Managed Health Services, whic=
h runs Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid progr=
ams.=20
Critical Care, Pulmonary and Sleep Associates in Lakewood, Colo., notified =
23,377 patients about a potential exposure of their protected health inform=
ation after an unauthorized individual gained access to an employee's email=
account.=20
Integrity House, a nonprofit substance use disorder treatment facility in N=
ewark, N.J., notified 7,206 of its patients of a data security incident aft=
er a number of business computers and tablets were stolen from its offices =
in November.=20
An employee at Lebanon (Pa.) VA Medical Center emailed a veteran's family m=
ember a document that contained the protected health information of up to 1=
,002 elderly patients.=20
Sacred Heart Rehabilitation Center, a drug and alcohol addiction treatment =
facility in Richmond, Mich., notified "a limited number of patients" after =
a phishing scheme compromised an employee's email account in April.=20
Officials at the Delaware Department of Insurance said five health insurers=
and about 650 of their members were affected by a data breach at a third-p=
arty administrator in October.=20
Verity Health System, a six-hospital system in Redwood City, Calif., notifi=
ed an undisclosed number of individuals about a potential exposure of their=
protected health information stemming from three incidents.

WASHINGTON DC USA -- HEALTHCARE UPDATE NEWS SERVICE -- JULY 5, 2019: The Tw=
enty-Ninth National HIPAA Summit, www.HIPAASummit.com, will be held March 3=
- 5, 2020 at the Hyatt Regency Crystal City, Arlington, VA. The Summit wil=
l be offered both onsite and live and archived for 6 months over the Intern=
et.

KEYNOTE SPEAKERS=20
Deven McGraw, JD
General Counsel & Chief Regulatory Officer, Ciitizen Corporation, Former De=
puty Director, Health Information Privacy, OCR, Former Director, Health Pri=
vacy Project, Center for Democracy & Technology, Redwood City, CA

Roger Severino, JD
Director, Office for Civil Rights, US DHHS, Former Director, DeVos Center f=
or Religion and Civil Society, Institute for Family, Community, and Opportu=
nity, Heritage Foundation, Former Trial Attorney, Civil Rights Division, US=
DOJ, Washington, DC

Daniel J. Solove, JD
John Marshall Harlan Research Professor of Law, George Washington Universit=
y Law School, Founder, TeachPrivacy, Author, Understanding Privacy; Informa=
tion Privacy Law; The Future of Reputation: Gossip, Rumor, and Privacy on t=
he Internet; and The Digital Person: Technology and Privacy in the Informat=
ion Age, Washington, DC=20

CO CHAIRS=20
Adam Greene, JD, MPH
Partner and Co-chair, Health Information & HIPAA Practice, Davis Wright Tre=
maine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior H=
ealth Information Technology and Privacy Specialist, Office for Civil Right=
s, HHS, Washington, DC

Kirk J. Nahra, Esq.
Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale=
, Washington, DC

John C. Parmigiani
President, John C. Parmigiani and Associates, LLC, HIPAA Summit Distinguish=
ed Service Award Winner, Former Director of Enterprise Standards, HCFA, Ell=
icott City, MD=20

Iliana Peters, JD, LLM
Shareholder, Polsinelli, Former Acting Deputy Director, Health Information =
Privacy, Office for Civil Rights, US Department of Health and Human Service=
s, Washington, DC

Robert M. Tennant, MA
Director, HIT Policy, Medical Group Management Association, Washington, DC=
=20

TUITION SCHOLARSHIPS=20
The HIPAA Summit is now offering a limited number of partial and full Tuiti=
on Scholarships to qualifying representatives of local, state and federal g=
overnment, consumer advocate organizations, safety net providers, academics=
, students and health services research organizations.
Click here for more information. - https://hipaasummit.com/scholarships/

STAY CONNECTED=20
LinkedIn - http://www.linkedin.com/groups/3781543/
Twitter - https://twitter.com/hipaasummit
Tweet using #HIPAASummit=20

TWENTY-NINTH NATIONAL HIPAA SUMMIT
March 3 - 5, 2020
ATTEND ONSITE
Hyatt Regency Crystal City
Arlington, VA

OR WEBCAST PARTICIPATION
In your own office or home live via the Internet with 24/7 access for six m=
onths

PARTICIPATION OPTIONS=20

TRADITIONAL ONSITE ATTENDANCE=20
Simply register, travel to the conference city and attend in person.=20
Pros: subject matter immersion; professional networking opportunities; facu=
lty interaction

LIVE AND ARCHIVED WEBCAST ATTENDANCE=20
Watch the conference in live streaming video of plenary sessions and listen=
to audio of preconference and track sessions over the Internet and at your=
convenience at any time 24/7 for six months following the event.=20
The archived conference includes speaker Video and Audio and coordinated Po=
werPoint presentations.
Pros: Live digital feed and 24/7 Internet access for the next six months; a=
ccessible in the office, at home or anywhere worldwide with Internet access=
; avoid travel expense and hassle; no time away from the office.

WEBCAST INTERFACE SAMPLE
Click here for a sample stream - http://hipaasummitportal.com/#/media/3165/=
globalaccess

SUMMIT REGISTRATION=20
For Summit registration information, visit www.HIPAASummit.com/registration=
/, email registration-at-hcconferences.com, or call 800-503-7417.

SUMMIT EXHIBIT & SPONSORSHIP INFORMATION=20
For sponsorship and exhibit information, visit www.HIPAASummit.com/promotio=
nal-opportunities/, or contact Justin Sorensen, Exhibit Manager, at 206-452=
-0609 phone, 206-319-5303 fax, or exhibits-at-hcconferences.com.

FOR E-MAIL ADDRESS CHANGE, ADD OR DELETE REQUESTS=20
For changes or additions, please email your request to: listmgr-at-HealthCareU=
pdateNewsService.com.
For removal of your e-mail address, please click the link below for "SafeUn=
subscribe" to automatically remove your address from the list.

Forward email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=3Duqoukvn6&m=3D1011106855444&=
ea=3Dadmin%40healthcareupdatenewsservice.com&a=3D1132904508863

This email was sent to ruben-at-mrbrklyn.com by admin-at-healthcareupdatenewsserv=
ice.com.

Update Profile/Email Address
https://visitor.constantcontact.com/do?p=3Doo&m=3D001Y1iZsuw4_GkroA-1I7qnXw=
%3D%3D&ch=3D7de38df0-cc28-11e3-a7fa-d4ae529ce48a&ca=3D59a11dd1-98b3-49a4-b8=
e4-1859b2fb7740

Instant removal with SafeUnsubscribe(TM)
https://visitor.constantcontact.com/do?p=3Dun&m=3D001Y1iZsuw4_GkroA-1I7qnXw=
%3D%3D&ch=3D7de38df0-cc28-11e3-a7fa-d4ae529ce48a&ca=3D59a11dd1-98b3-49a4-b8=
e4-1859b2fb7740

Privacy Policy:
http://www.constantcontact.com/legal/service-provider?cc=3Dabout-service-pr=
ovider

HIPAA Summit | 12330 NE 8th Street | Suite 101 | Bellevue | WA | 98005-3187

------=_Part_954580197_1212621282.1562342336150
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408=<BR> Per Record; Save the Date for Nat'l HIPAA Summit XXIX<BR>
=3D"#000033" > 3D"

0.gif" border=3D"0">

=09

PAA-2020-Blast-Header.jpg" border=3D"0">

HHS Finds HIPAA Breaches Cost $6.2 Billion Annually & Hospitals $408 Per Re=
cord; Save the Date for Nat'l HIPAA Summit XXIX

A Hybrid Conference=
and Internet Event
March 3 - 5, 2020
Media Partners: =
Harvard Health Policy Review and Health Affairs
Onsite at the Hyatt=
Regency Crystal City, Arlington, VA
Online in Your Own =
Office or Home Live via the Internet with 24/7 Access for Six Months
.HIPAASummit.com" href=3D"http://r20.rs6.net/tn.jsp?f=3D001xyzn0TJroX9JsUi6=
fTaVsDBa0NnreoJRe-Yh57G23RBB9rXmgL5doAu0dq_g5d--yx__v0_8ZbXlDB94sCWLdVSRoPt=
-z21OTpxv6p2DTJWOPqA5IYwVbbziu39L9m0dmXBpf16kwOffoF6MfgpwLbIR6qAXy8Vev7oPJP=
_w0ko=3D&c=3Dfdy6YRRgH9nVjCqd7LSKw1WN8Cfh_E3UGy-mjFB4lszKKCMcQXUB3A=3D=3D&c=
h=3DivAeuQg6nRl9URJ1repe0mfxAUaYbqjTgwx_W2wUjCrFpVjCVyB0Qw=3D=3D">www.HIPAA=
Summit.com

=09
=09
=3D0 MARGINHEIGHT=3D0 LEFTMARGIN=3D0 TOPMARGIN=3D0>

FEATURING KEYNOTE ADDRESS BY
lass=3D"aligncenter size-medium wp-image-50" src=3D"https://hipaasummit.com= /wp-content/themes/hipaa/faculty/severino_100.jpg" alt=3D"" width=3D"100" h= eight=3D"90" />	Roger Severino, JD, Director, Office for Civil Rights, US DHHS, Form= er Director, DeVos Center for Religion and Civil Society, Institute for Fam= ily, Community, and Opportunity, Heritage Foundation, Former Trial Attorney= , Civil Rights Division, US DOJ, Washington, DC