Category:

A payment vendor was hit with a ransomware attack back in February that may have exposed patient data from more than 600 healthcare providers and organizations...Professional Finance Company...detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems...During an ongoing investigation, it was determined that hackers accessed files containing certain individuals' personal information...the company is one of the nation’s leading debt recovery agencies, and its client list includes many healthcare providers, retailers, financial organizations and government agencies...The ransomware attack hit company computer systems that held data from clients such as Banner Health, Lifestance Health, Renown Health, DispatchHealth and hundreds of other provider customers...READ MORE

University Medical Center acknowledged...that it had experienced a criminal data breach after a notorious hacker group began posting personal information purportedly obtained in the cyberattack...Images of Nevada driver’s licenses, passports and Social Security cards of around half a dozen alleged victims were posted late Monday on the hacker group’s website...The statement said there is no evidence that any clinical systems were accessed in the attack but that patients and employees would be notified that their personal information may be at risk...READ MORE

Sharing of threat information across stakeholders helps create situational awareness – not just for individual organizations but for the healthcare industry as a whole, says one expert...When it comes to building cybersecurity defenses against bad actors in healthcare, generally speaking each provider organization, payer or pharmaceutical company relies on its own self-developed strategies and self-selected technologies...But what if there was a more concerted effort by all of these players to work together to thwart hackers and other cyber criminals? That would be a better way of going about cybersecurity...READ MORE

The state of Nevada’s government website has potentially exposed the personal data on over 11,700 applicants for dispensing medical marijuana in the state...each application, eight pages in length, includes the person’s full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant’s citizenship, their driving license number, and social security number...A Google search done by a man in Dallas led to the discovery of the problem. Justin Shafer said he discovered the breach Tuesday night while he was looking to see if any government websites had errantly posted social security numbers online. Shafer said he noticed one of the completed applications pop up in the search results with a social security number in plain view...Many of the people affected are employed by members of the Nevada Dispensary Association…Riana Durrett, executive director of Nevada Dispensary Association...says she's been assured the state is focusing all of its efforts to fix the breach...The state disabled the website...as a precaution...

In December, a ransomware attack struck Ultimate Kronos Group, a vendor that Pfizer uses to track work time and pay out hourly staffers...Employees were under- and overpaid as a result...Now, the drug behemoth is repaying those who were shortchanged—but it’s also asking overpaid staffers to return their surplus cash...Pfizer isn’t the only corporation dealing with the fallout of last year’s cyberattack. Tesla and PepsiCo have filed a class-action lawsuit that contends Ultimate Kronos Group owes damages because it was negligent in guarding against an attack...READ MORE

The U.S. Department of Health and Human Services' Office for Civil Rights leveraged $1,000,000 in fines against Aetna Life Insurance Company and $202,400 against the city of New Haven, Connecticut, to settle potential HIPAA violations...The fines are just the latest moves on the part of OCR to enforce HIPAA regulations around protected health information..."When individuals contract for health insurance, they expect plans to keep their medical information safe from public exposure. Unfortunately, Aetna's failure to follow the HIPAA Rules resulted in three breaches in a six-month period, leading to this million dollar settlement," said OCR Director Roger Severino in a statement...READ MORE

The Food and Drug Administration issued a warning to consumers...about potentially serious cybersecurity flaws in some medical devices that could allow hackers to take control of them remotely...Medical devices that use third-party, decades-old software called IPnet are at risk, the FDA said. The regulator said it’s not sure how many or even which specific devices, such as insulin pumps or pacemakers, are vulnerable to getting hacked...Researchers have identified 11 vulnerabilities that may allow “anyone to remotely take control of the medical device and change its function, cause denial of service, or cause information leaks or logical flaws, which may prevent device function.”...READ MORE

University Medical Center is notifying patients of a data breach that occurred in mid-June, and offering free identity protection services for those who were affected...The data breach was "by a well-known group of cybercriminals that seek to use the information for commercial gain," according to UMC...Letters received this week in the Las Vegas valley indicate that the breach occurred in June 14 and was shut down the following day, according to UMC officials...READ MORE

...the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”...It involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient..Independent security experts say the ransomware, called Ryuk, has already impacted at least five U.S. hospitals this week and could potentially affect hundreds more. Four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon...READ MORE

From a healthcare fraud enforcement perspective, 2016 was nothing short of a dynamic year...It was punctuated by the arrival of several important trends within the addiction treatment, post-acute care and compound pharmaceutical industries…It also featured a Supreme Court ruling on a False Claims Act legal theory, and a changing enforcement landscape in the aftermath of the Yates memo...As 2016 comes to a close, let's look back at some of the fraud trends that emerged—or in some cases intensified—over the last 12 months.

• Impact of the Yates memo
• Government targets post-acute care providers
• Big healthcare fraud busts continue
• Compound pharmacies under fire
• OxyContin marketing concerns revisited
• Addiction treatment gains ground, raises concerns
• Data continues to influence fraud detection
• EpiPen price hikes lead to overpayment settlement
• Medicare Advantage overbilling resurgence
• Supreme Court rules on implied certification