On January 9, DataBreaches noticed that Aviacode had been added to the leak site for 0mega. Aviacode, which is part of GeBBS Healthcare Solutions, offers medical coding services, medical coding audits, coding denial management, clinical documentation improvement, and revenue cycle management for billings and claims. As such, it is often a business associate for HIPAA-covered…
Category: U.S.
Lehigh Valley Health Network reveals attack by BlackCat
The Morning Call reports: The Lehigh Valley Health Network has been the target of a cyberattack from a suspected Russian ransomware group. In a statement issued Monday morning, LVHN President and CEO Brian A. Nester said, “Lehigh Valley Health Network has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat,…
Mscripts notifies 66,372 patients whose prescription information was in unsecured cloud storage for two years
“Thousands of pharmacies & millions of people use mscripts,” the mscripts website claims. “We provide a digital communication platform to help patients stay on track with their healthcare by delivering targeted messages through a mobile and web platform tied directly to the pharmacy dispensing system,” the California firm explains. mscripts is Cardinal Health’s mobile pharmacy…
Edgepark Medical Supplies notifies patients of Rise Interactive Media & Analytics data breach
RGH Enterprises, Inc. d/b/a Edgepark Medical Supplies (“Edgepark”) is an Ohio medical supplies provider that ships products directly to patients and bills their insurance for them. Rise Interactive Media & Analytics, LLC (“Rise”) is an Illinois firm that provides digital marketing services for Edgepark as a business associate. They also provide analytics and other services…
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…
Oops! ‘Phishing’ scam cost small Ohio city $219,000, finance director his job
Dean Narciso reports: Phishing-scam training has become a commonplace requirement in many workplaces these days. But not everyone is adhering to its lessons. When emails from a fake paving company landed in the inbox of an accounting assistant working for a small Ohio city last month, the assistant was hooked. The author pretended to be an existing vendor and persuaded…