HIPAA

In 2024, the most common HIPAA compliance issue, according to the Office for Civil Rights (OCR), remains the impermissible use and disclosure of protected health information (PHI). When violations are identified, the OCR frequently refers cases to the Department of Justice (DOJ) for further action. As of 2024, 2,419 referrals have been made to the DOJ for criminal investigation.

Time’s Running Out: Prepare for the End of Windows 10 Support

A Cybersecurity Advisory was issued related to the LummaC2 malware. This alert highlights the growing industry of Cyberhacking as a service. Looking at this malware product is a good lesion in good cybersecurity. You want to read this entire article.

Cyberattacks :  This is getting very real and very scary for your practice Esse Health, a healthcare provider in the Greater St. Louis area in Missouri, experienced a cyberattack that impacted its healthcare operations This event hit major network news in St Louis  https://www.firstalert4.com/2025/05/07/cyberattack-puts-healthcare-hold-hundreds-st-louis-metro/

Under the HIPAA privacy rule, patients have a Right to an account of Disclosures. This gives patients the right to receive a record of certain disclosure of the protected health information (PHI) made by a covered entity or its business associate.

A New York City Neurology Practice, Comprehensive Neurology PC has settled an alleged HIPAA violation for $25,000

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a settlement with Health Fitness Corporation following a HIPAA violation involving the unauthorized online exposure of electronic protected health information (ePHI). The breach occurred due to a software misconfiguration, making sensitive health data accessible online. This violation highlights the importance of maintaining proper security controls and conducting regular risk assessments to prevent unauthorized data exposure.

FDA Recalls April 2, 2025 - April 7, 2025

Phishing attacks remain a major cybersecurity threat, particularly in healthcare, where sensitive data is at risk. Your practice must take proactive measures to protect against phishing.

by Michael Brody, DPM, CEO TLD Systems